df2eaf3870cf40c54f0171f399dea3e4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df2eaf3870cf40c54f0171f399dea3e4_JaffaCakes118
Size

65KB
MD5

df2eaf3870cf40c54f0171f399dea3e4
SHA1

b9d2192a4fcdf7e7df755e635ed47a6441d08f26
SHA256

7606429327ef727ce1afefc86833f50ffce38badcf91fa310bd1b49dd42911f1
SHA512

3fb5dee7bae87c10dc11f46cfa5e55330bb759d83dfdb26cf3c568350957f3400596ad785f32e7571ed58f8ebaa2421448441128ffc935d36834a8a23dd474de
SSDEEP

1536:goTPIF+JpCX18blj6M3K5qZ75fnJRVVzuuNP5WhdqS:80gSUU5fnJRVVzRNhRS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df2eaf3870cf40c54f0171f399dea3e4_JaffaCakes118

Files

df2eaf3870cf40c54f0171f399dea3e4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

283e7dcd71282cff782748d5286b4325

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
VirtualAlloc
GetFileAttributesA
GetModuleFileNameA
HeapAlloc
VirtualProtect
lstrcmpiA
GetTickCount
ResetEvent
GlobalUnlock
GetFileTime
FindFirstFileW
GetSystemTime
CreateMutexW
lstrcmpiW
CreateThread
FindClose
CreateProcessW
GetFileSize
HeapFree
GetUserDefaultUILanguage

user32

GetKeyState
CloseDesktop
FindWindowExA
DrawIcon
MsgWaitForMultipleObjects
GetClassNameA
CharLowerBuffA
EndDialog
ExitWindowsEx
GetWindowLongA
GetClipboardData
GetForegroundWindow
GetWindowThreadProcessId
GetIconInfo

advapi32

CryptAcquireContextW
CryptCreateHash
CryptGetHashParam
GetUserNameW
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
DuplicateTokenEx
CryptHashData
RegEnumKeyExA
RegQueryValueExA

shlwapi

PathCombineW
PathFindFileNameW
PathRemoveFileSpecW
StrStrW
wvnsprintfW
wvnsprintfA
StrCmpNIA
PathFileExistsW

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE