fb6ce3267286cab57b7a0c62d93a47db_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb6ce3267286cab57b7a0c62d93a47db_JaffaCakes118
Size

63KB
MD5

fb6ce3267286cab57b7a0c62d93a47db
SHA1

63b4783bf2cc87d5e2f44e96106c61e7502c7e9a
SHA256

0f0ff4983cf7bb68b1e8b17b61f47d9ad4d32c7a5edf942161e79bf63d1fdcf7
SHA512

b2ffddd3a80c85efa495e36a12d6c1e4ce578ed4882f5a9583a7b2c7f342f7282ddbc4fe03efac5db647391b320f0acd78e37a73bc79413e61588f478f375853
SSDEEP

1536:Th+OkII4y6ohY4/0k8lJQdXPXvz9pP//8VRnailWq:Th+Ok6oe4/0RlaDZqR3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb6ce3267286cab57b7a0c62d93a47db_JaffaCakes118

Files

fb6ce3267286cab57b7a0c62d93a47db_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cde521d31dbaf4eef063d70fe5a3288d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
StrCmpNIW
PathFileExistsW
wvnsprintfW
PathMatchSpecW
PathCombineW
SHDeleteKeyA
StrStrW

user32

GetDlgItem
GetCursorPos
GetClipboardData
GetKeyboardState
PeekMessageA
GetWindowThreadProcessId
GetWindowLongA
ToUnicode
LoadCursorA
ExitWindowsEx
GetForegroundWindow
OpenWindowStationA
GetMessageA
GetClassNameA
CharLowerBuffA
CloseDesktop

kernel32

GetModuleHandleA
GetTimeZoneInformation
LoadLibraryA
FindNextFileW
MulDiv
lstrlenW
lstrcpynW
VirtualProtect
VirtualAlloc
CreateProcessW
GetUserDefaultUILanguage
GlobalLock
WideCharToMultiByte
lstrcpyA
lstrcatW
lstrcpyW
CreateFileA
SetFilePointer
GetLocalTime
lstrcmpiA
lstrcatA
SetEvent
GetSystemTimeAsFileTime
GetFileAttributesW
CopyFileW
GetEnvironmentVariableW
Sleep

advapi32

CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
GetUserNameW
DuplicateTokenEx
CryptHashData
RegDeleteValueA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
CryptDestroyHash
RegCloseKey

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE