dca58e685dc3f44321d64a45ea937708_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dca58e685dc3f44321d64a45ea937708_JaffaCakes118
Size

280KB
MD5

dca58e685dc3f44321d64a45ea937708
SHA1

eda0021fdb6f93e0a7ff2031bdc0f4d1c249102e
SHA256

a580c814a045a64826d68c9b08558c315a3874597b43895ae4bc23b13a09d5e7
SHA512

14b2a63c3cb51cf8c657cb44834a338b97de2bccdc531aac09276389c633a15b6f8d7ecbeb2e95cee1cfc4770493777fc239cabf299d129b2de3ac79e5507cdb
SSDEEP

6144:/6O5DmvQAzPPtpVUv8KhphiIf5btcXZQXrC4uMrqhibu89b5:/6O56v53av8QpAqDcCeqNB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dca58e685dc3f44321d64a45ea937708_JaffaCakes118

Files

dca58e685dc3f44321d64a45ea937708_JaffaCakes118
.exe windows:4 windows x86 arch:x86

80bad4b4bdda15ebe23b642769a74005

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
FindNextFileW
GetModuleFileNameW
lstrcmpiW
lstrcmpiA
GlobalLock
lstrcpynW
HeapFree
SetEvent
GetFileTime
VirtualAlloc
EnterCriticalSection
InitializeCriticalSection
VirtualProtect
lstrcatA
GetFileSizeEx
GetModuleFileNameA
SetFileTime
LeaveCriticalSection
WideCharToMultiByte
GetFileSize
HeapReAlloc
SetFilePointer

shlwapi

wnsprintfW
PathFileExistsW
wvnsprintfW
SHDeleteKeyA
wvnsprintfA
PathCombineW
StrStrW
PathMatchSpecW
StrCmpNIW
PathFindFileNameW
PathRemoveFileSpecW

advapi32

CryptAcquireContextW
DuplicateTokenEx
RegSetValueExA
CryptDestroyHash
RegDeleteValueA
CryptGetHashParam
CryptReleaseContext
RegCloseKey
RegCreateKeyExA
CryptCreateHash
RegQueryValueExA
GetUserNameW

user32

GetWindowThreadProcessId
SetThreadDesktop
GetForegroundWindow
GetCursorPos
GetKeyboardState
SendMessageA
CloseWindowStation
GetIconInfo
GetDlgItemTextA

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE