dd41de0b537078233a71e737c136e58a_JaffaCakes118 | Triage

Sharing

General

Target

dd41de0b537078233a71e737c136e58a_JaffaCakes118
Size

61KB
MD5

dd41de0b537078233a71e737c136e58a
SHA1

9060d71fbe69558c69dd629a7648becb47ef29d0
SHA256

ea5aaf916ab7d0219a148d0a88b7acc870f0e9650a7c80aa1f4080d23035a9d3
SHA512

43453a9d6150e43242a80a284ae8278727833d530e538c021a94d20046813b542d25ed8e27604851078d2a15b8cea821c7e288439aa683d6b8117994684c99d4
SSDEEP

768:MVkQTxXkkTvKNhKISmk+FjV9cZ02aJSgIQlrh1t146zrFuZp6Idhh5pSe7TlB5C9:UTpk1YmQZaRlrh1t16p6spSe7TlB569

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd41de0b537078233a71e737c136e58a_JaffaCakes118

Files

dd41de0b537078233a71e737c136e58a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ffd576e69c9f18d8640aafb144588881

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

wnsprintfA
wvnsprintfW
PathMatchSpecW
StrStrW
StrCmpNIW
wvnsprintfA
wnsprintfW
PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW

kernel32

MulDiv
VirtualProtect
lstrcpyW
lstrcmpiW
GetModuleHandleA
ReleaseMutex
CreateEventW
VirtualAlloc
lstrcmpiA
GlobalLock
FindClose
GetLastError
GetProcAddress
CreateFileA
Sleep
CloseHandle
HeapReAlloc
lstrlenW
GetSystemTime

user32

GetCursorPos
SetThreadDesktop
CloseWindowStation
DispatchMessageA
CharLowerBuffA
DrawIcon
GetIconInfo
SendMessageA
GetKeyboardState
OpenWindowStationA
CloseDesktop
MsgWaitForMultipleObjects
PeekMessageA
EndDialog
GetDlgItemTextA

advapi32

RegSetValueExA
CryptReleaseContext
RegCreateKeyExA
CryptDestroyHash
RegQueryValueExA
CryptAcquireContextW
CryptGetHashParam
CryptHashData
RegEnumKeyExA
GetUserNameW

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE