f5c3494138e4c946002de867ec721510_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f5c3494138e4c946002de867ec721510_JaffaCakes118
Size

62KB
MD5

f5c3494138e4c946002de867ec721510
SHA1

f2553cd492e39b8e33ba5ab3f2771c77c759e2bb
SHA256

f7bc67bc8434244fe8372f04d34761206032c560ecfbd60d523153d9985ecb42
SHA512

d57b8d0a2d4ef2d94375661785aafb4f8b07511a4e72b9f36b904888477394a85c96f907a431c2f14ada2ff2183db925a14cede071900b047f593a038a38ccea
SSDEEP

1536:5oWehYVOIhFi8PdH0/V2e1/nBytPC6UUl:Ph7ioWV//nBT6Vl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5c3494138e4c946002de867ec721510_JaffaCakes118

Files

f5c3494138e4c946002de867ec721510_JaffaCakes118
.exe windows:4 windows x86 arch:x86

64848beb3fc60ff66d8adc701fdd5674

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptGetHashParam
RegSetValueExA
CryptReleaseContext
DuplicateTokenEx
RegDeleteValueA
CryptCreateHash
RegEnumKeyExA
CryptHashData
CryptDestroyHash
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
GetUserNameW

kernel32

GetProcAddress
CreateMutexW
SetEvent
VirtualAlloc
GetFileTime
GetFileAttributesA
lstrcpynW
lstrlenW
GetFileAttributesW
CreateEventW
GetTimeZoneInformation
GetFileSize
VirtualProtect
lstrcpyA
HeapAlloc
GlobalLock
GetModuleHandleA
GetTickCount
GetModuleFileNameA
MultiByteToWideChar
FindFirstFileW
Sleep
GetVersionExW
CloseHandle

user32

SendMessageA
GetClassNameA
GetClipboardData
GetKeyboardState
CloseWindowStation
GetCursorPos
GetKeyState
ToUnicode
GetWindowThreadProcessId
GetDlgItem
PeekMessageA
CloseDesktop
DrawIcon
MsgWaitForMultipleObjects
GetForegroundWindow
GetWindowLongA

shlwapi

wnsprintfA
PathRemoveFileSpecW
SHDeleteKeyA
PathMatchSpecW
PathFileExistsW
wnsprintfW
PathFindFileNameW
wvnsprintfW
StrStrW
wvnsprintfA
PathCombineW

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE