eaa651ba1c4cb35ad612d1c4bf647f53_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eaa651ba1c4cb35ad612d1c4bf647f53_JaffaCakes118
Size

65KB
MD5

eaa651ba1c4cb35ad612d1c4bf647f53
SHA1

85f89b78d6c121872e373aad64416ba796784a2f
SHA256

4c585b72c8814c26f387e8da3c8a4f63d7b416a3f486bc9e48ae4c5dd8c64537
SHA512

8eb3b972f275e751e3a288ce68bf07389c5e55ba6a1be92ecf8fc5e5199de2a7e0fdf50ea8dca4bb5c31d7c1c2c7458724880a6ca27c333d02d2a147e4b0c12e
SSDEEP

1536:SUQEX+OkngEwmPGNTNAp2hNUm6v8OSAjbmb3v6RcyN8:bVEwmPGNTGAzUm6vrNmLvUcyN8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eaa651ba1c4cb35ad612d1c4bf647f53_JaffaCakes118

Files

eaa651ba1c4cb35ad612d1c4bf647f53_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6baa2780066024f6f7fefdc7d623bbae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageA
GetClassNameA
FindWindowExA
ToUnicode
CloseWindowStation
GetKeyState
GetWindowLongA
GetMessageA
LoadCursorA
OpenWindowStationA
GetWindowTextA
GetForegroundWindow
PeekMessageA
GetCursorPos
SetThreadDesktop
CharLowerBuffA
EndDialog

advapi32

CryptHashData
DuplicateTokenEx
CryptGetHashParam
RegEnumKeyExA
CryptAcquireContextW
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
CryptCreateHash
GetUserNameW
CryptReleaseContext
RegCloseKey

kernel32

HeapAlloc
EnterCriticalSection
VirtualAlloc
CreateEventW
MulDiv
GetFileAttributesA
LeaveCriticalSection
InitializeCriticalSection
SetEvent
GetTimeZoneInformation
VirtualProtect
lstrlenA
FindFirstFileW
GetModuleFileNameA
CreateThread
GetModuleFileNameW
CreateFileA
WideCharToMultiByte
HeapFree

shlwapi

StrStrW
PathRemoveFileSpecW
wvnsprintfA
StrCmpNIA
PathFileExistsW
PathFindFileNameW
PathMatchSpecW
StrCmpNIW
SHDeleteKeyA
wnsprintfW
wvnsprintfW
wnsprintfA

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE