dddf4a3b277460142e550f7a8f03b249_JaffaCakes118 | Triage

Sharing

General

Target

dddf4a3b277460142e550f7a8f03b249_JaffaCakes118
Size

61KB
MD5

dddf4a3b277460142e550f7a8f03b249
SHA1

83da791d7fd1afa76c31fdd628ba6667d5c5559f
SHA256

f5b44d76655612ce025a2cabb42760cffc0e8590a1694c5334cb5c7aa1ba2841
SHA512

61b8e410d138ee24e273dbb3ffb182e82158bba47538f881c9d92c646e411e32c963f58f5511e3eb03c79ffd884cf38aa8fe354e51f9364af69eb14c693f37d2
SSDEEP

1536:GeDxxOPsmbEtaFhpwQGNQOQKXtUOVQpH/hwzFeM3/kn:GixMEV8wQAQOQKX+4QpmFtsn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dddf4a3b277460142e550f7a8f03b249_JaffaCakes118

Files

dddf4a3b277460142e550f7a8f03b249_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a843905a241de6b0caed03511d8f4f59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowLongA
GetKeyState
SendMessageA
GetMessageA
ToUnicode
OpenDesktopA
GetCursorPos
SetProcessWindowStation
DrawIcon
EndDialog
DispatchMessageA
CloseWindowStation
GetWindowThreadProcessId
CloseDesktop
CharLowerBuffA
PeekMessageA
GetWindowTextA
GetForegroundWindow
GetIconInfo
ExitWindowsEx

advapi32

RegCloseKey
CryptCreateHash
RegDeleteValueA
RegSetValueExA
CryptDestroyHash
CryptHashData
RegCreateKeyExA
CryptReleaseContext
RegEnumKeyExA
CryptGetHashParam

shlwapi

wvnsprintfW
PathFindFileNameW
SHDeleteKeyA
wvnsprintfA
PathFileExistsW
PathRemoveFileSpecW
StrCmpNIW
PathMatchSpecW
PathCombineW
wnsprintfA
wnsprintfW
StrStrW

kernel32

GetVersionExW
SetEvent
GetFileAttributesW
lstrcatW
ReleaseMutex
LeaveCriticalSection
GetLocalTime
VirtualProtect
SystemTimeToFileTime
MultiByteToWideChar
VirtualAlloc
OpenMutexW
CreateThread
WideCharToMultiByte
GetLastError
lstrcpynW
CreateProcessW
GlobalUnlock
Sleep
GetModuleFileNameW
WaitForSingleObject
lstrlenA

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE