fac8dd2c1f69f5f3079b7185e2aa9556_JaffaCakes118 | Triage

Sharing

General

Target

fac8dd2c1f69f5f3079b7185e2aa9556_JaffaCakes118
Size

61KB
MD5

fac8dd2c1f69f5f3079b7185e2aa9556
SHA1

d473e77ae19b984a3bc1e03589078127085a2604
SHA256

f6b21e00e2ed85a92f9a14dbb28f2048ef6997739e7f79252fbd74ecee8689cd
SHA512

9b02aeff822c495193b0e85bc3513c71c5f75d3dcbd597b3632dd80e3eaea842fd0be05836708b055a65b51e420b503c3b31368e698f9daa9c868d9ec664133d
SSDEEP

1536:9Ty+P8B2/55euzwM5epHR9oQpabrZLPTkkuLiif8:9TyIjeUxMpHRKSa3ZLP4kciY8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fac8dd2c1f69f5f3079b7185e2aa9556_JaffaCakes118

Files

fac8dd2c1f69f5f3079b7185e2aa9556_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dfa8b8ce606a142643353c17572b8a57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptDestroyHash
DuplicateTokenEx
CryptHashData
CryptAcquireContextW
RegSetValueExA
RegDeleteValueA
GetUserNameW
CryptCreateHash
CryptGetHashParam
RegCreateKeyExA
RegEnumKeyExA

kernel32

EnterCriticalSection
LeaveCriticalSection
HeapAlloc
FindResourceW
GetFileAttributesW
GetUserDefaultUILanguage
VirtualProtect
GetSystemTime
VirtualAlloc
GetTimeZoneInformation
GetModuleFileNameW
HeapReAlloc
InitializeCriticalSection
lstrcmpiW
lstrcatA
GetLastError
GetModuleHandleA
GlobalUnlock
ResetEvent
MultiByteToWideChar
GetFileTime
lstrcmpiA
ExpandEnvironmentStringsW

shlwapi

PathMatchSpecW
wnsprintfA
wvnsprintfW
wnsprintfW
SHDeleteKeyA
PathCombineW
StrCmpNIA
PathFindFileNameW
PathFileExistsW
wvnsprintfA

user32

SetProcessWindowStation
MsgWaitForMultipleObjects
GetWindowLongA
ExitWindowsEx
CloseDesktop
GetDlgItemTextA
GetIconInfo
GetWindowTextA
OpenWindowStationA

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE