f9f8ef2d592492bce1fdccd62bbbfdfe_JaffaCakes118 | Triage

Sharing

General

Target

f9f8ef2d592492bce1fdccd62bbbfdfe_JaffaCakes118
Size

59KB
MD5

f9f8ef2d592492bce1fdccd62bbbfdfe
SHA1

97676117ce7aca520ba39b463d200a9a3db91b77
SHA256

5f994f3de7379a6f63d8379287b8bdd53a0b7c14a9bb86855945d09dad1d4ef1
SHA512

fa4e888f839c3a81538bd5ad1abdcd470a0fb29f0e44ed642fc0e952094b273834cf64042f50fd5f735dd65890cd67ec453f66553d75e89f0dd910cfbe4df709
SSDEEP

1536:VIR+8N2ruWwBeBLaGCje+alXBV3FG15ENgS1S9:2sKWRaGSPalXLFGH2gSM9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9f8ef2d592492bce1fdccd62bbbfdfe_JaffaCakes118

Files

f9f8ef2d592492bce1fdccd62bbbfdfe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

83e9327e74569d2ce37a43f8a67e6b3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EndDialog
GetWindowTextA
CharLowerBuffA
CloseWindowStation
CloseDesktop
GetIconInfo
SetProcessWindowStation
SendMessageA
LoadCursorA
SetThreadDesktop
GetDlgItemTextA
ExitWindowsEx
OpenWindowStationA
ToUnicode
GetCursorPos
OpenDesktopA
PeekMessageA
DrawIcon
GetMessageA

kernel32

SetFilePointer
VirtualProtect
GetSystemTimeAsFileTime
GlobalLock
VirtualAlloc
EnterCriticalSection
CreateMutexW
ExpandEnvironmentStringsW
GetFileAttributesW
InitializeCriticalSection
GetFileTime
lstrcatW
WideCharToMultiByte
HeapFree
GetTimeZoneInformation
FindFirstFileW
SystemTimeToFileTime
GlobalUnlock

advapi32

CryptHashData
CryptAcquireContextW
RegDeleteValueA
RegQueryValueExA
RegEnumKeyExA
CryptCreateHash
RegSetValueExA
GetUserNameW
DuplicateTokenEx
CryptDestroyHash
RegCreateKeyExA
CryptReleaseContext

shlwapi

PathRemoveFileSpecW
PathCombineW
wnsprintfA
PathMatchSpecW
wvnsprintfW
StrCmpNIA
StrCmpNIW
wvnsprintfA
PathFindFileNameW
PathFileExistsW
wnsprintfW
SHDeleteKeyA

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE