fa5bc24705d00f99b364b7aee64d0c3e_JaffaCakes118

General

Target

fa5bc24705d00f99b364b7aee64d0c3e_JaffaCakes118
Size

57KB
MD5

fa5bc24705d00f99b364b7aee64d0c3e
SHA1

a939714cd9bd9a00b2a527853bcb5bad26eee2ea
SHA256

0fca14280536cfd27564d44703fbd63afdcf2ff5bddb67de170c0375fa9c480c
SHA512

3f008d84d204704a0cfa6b1d0939cbfe7d05ef1eea431dcbe0d31d91e35f090673984aee833865fce89bc051f9a8ad63a07f81661ff64312f3b031c71d507d47
SSDEEP

1536:ZgWTyRxoaXoJbk6I6HuBYtwmjrNKiL0mYmMoP:7WRxoaXoV3dt1NKJmJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa5bc24705d00f99b364b7aee64d0c3e_JaffaCakes118

Files

fa5bc24705d00f99b364b7aee64d0c3e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

12ca1a4279867d42109f0a88fa748a40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetIconInfo
FindWindowExA
EndDialog
GetWindowThreadProcessId
GetDlgItem
CloseWindowStation
GetKeyboardState
GetWindowTextA
GetWindowLongA
OpenDesktopA
ToUnicode
ExitWindowsEx
OpenWindowStationA

shlwapi

PathFileExistsW
PathRemoveFileSpecW
wnsprintfA
PathCombineW
PathMatchSpecW
wnsprintfW
StrCmpNIW
PathFindFileNameW
wvnsprintfW
StrCmpNIA
StrStrW

kernel32

SetFileTime
CreateFileA
SystemTimeToFileTime
InitializeCriticalSection
MultiByteToWideChar
EnterCriticalSection
VirtualProtect
VirtualAlloc
CopyFileW
GetEnvironmentVariableW
Sleep
TryEnterCriticalSection
GetModuleHandleA
ExpandEnvironmentStringsW
GetFileAttributesA
lstrlenA
HeapReAlloc
LoadLibraryA
CreateThread
SetEvent
CloseHandle
CreateEventW
GetVersionExW
ResetEvent

advapi32

RegCloseKey
CryptAcquireContextW
RegSetValueExA
RegQueryValueExA
CryptGetHashParam
CryptCreateHash
RegCreateKeyExA
CryptHashData
CryptDestroyHash
GetUserNameW
RegDeleteValueA

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 223B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

12ca1a4279867d42109f0a88fa748a40

Headers

DLL Characteristics

File Characteristics

Imports

user32

shlwapi

kernel32

advapi32

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 512B - Virtual size: 223B

.data Size: 512B - Virtual size: 24KB

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 512B - Virtual size: 223B

.data
Size: 512B - Virtual size: 24KB