defbe40fec27363b7182f46bbea5d9c2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

defbe40fec27363b7182f46bbea5d9c2_JaffaCakes118
Size

65KB
MD5

defbe40fec27363b7182f46bbea5d9c2
SHA1

bc3d0a13eac592561ebfe447bae3dc06caf5fc71
SHA256

e7fff1b2b9e4911a25ad5eb7d1fb41dd4b16bd3d0855c715b0d81c503826cbb4
SHA512

c7e3990c2b2a44ec18f6380589a2c5b0379d9ef7b3929a3d7524c5eaecf65633b6ecfbeebf1e4f90571d3a9c44c113a0bb4cbc0a59c4c0ac7d69eaf950bfb292
SSDEEP

1536:Hr85EOtEZqiEf7RDxXC3514PBdR1Yvfx0xkfqLMoAmbf+9iHfh:Hr85EOeZqDf3L1WfXfq4iffh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
defbe40fec27363b7182f46bbea5d9c2_JaffaCakes118

Files

defbe40fec27363b7182f46bbea5d9c2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bd46e0a3db77d05390ce61bc315fb868

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleA
GetModuleFileNameW
lstrlenA
HeapFree
LeaveCriticalSection
FindNextFileW
lstrcpyA
GetFileSizeEx
CloseHandle
VirtualProtect
lstrcmpiW
GetTimeZoneInformation
SetEvent
GlobalLock
Sleep
lstrcpynW
WideCharToMultiByte
SetFileTime

user32

GetWindowTextA
GetKeyboardState
OpenWindowStationA
EndDialog
PeekMessageA
SetThreadDesktop
LoadCursorA
SetProcessWindowStation
GetForegroundWindow
GetIconInfo
FindWindowExA
SendMessageA
GetCursorPos
GetWindowLongA
DrawIcon
ToUnicode
CloseWindowStation
ExitWindowsEx
GetClipboardData

shlwapi

wnsprintfW
SHDeleteKeyA
PathMatchSpecW
wnsprintfA
PathFileExistsW
wvnsprintfW
wvnsprintfA
PathCombineW
StrCmpNIW
PathFindFileNameW
StrCmpNIA

advapi32

GetUserNameW
CryptCreateHash
RegDeleteValueA
CryptReleaseContext
RegSetValueExA
RegCloseKey
CryptDestroyHash
RegEnumKeyExA
CryptGetHashParam

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE