fcd3b4855039e3b882d1f6be8e72279e_JaffaCakes118 | Triage

Sharing

General

Target

fcd3b4855039e3b882d1f6be8e72279e_JaffaCakes118
Size

463KB
MD5

fcd3b4855039e3b882d1f6be8e72279e
SHA1

144162a851860f353a46493c6adb145660821a26
SHA256

5bcbc87234a5aa312167b90ce0b24620f45a582ef4cfda460159cda52e51033f
SHA512

0843258c1e1ced040635e2e27887eed17616fa8056b6f45d956c52225a5688602a2b005c56e7726ef702795fd28e66629552bdce6cec0f7f6bab664247cb6ee6
SSDEEP

12288:rk8NlyiAifIV2RyVCuoYmRLinrpitQS9kRSe60yHRiiGGDrzG8VS8:5lzfluCfHsiCYkRU0s/Q8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcd3b4855039e3b882d1f6be8e72279e_JaffaCakes118

Files

fcd3b4855039e3b882d1f6be8e72279e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

650f55d9c78e602bdd3529bdaed17658

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExA
CryptCreateHash
RegEnumKeyExA
CryptAcquireContextW
DuplicateTokenEx

kernel32

LoadLibraryA
VirtualProtect
VirtualAlloc
GetModuleHandleA
Sleep
ReleaseMutex
CreateEventW
CreateProcessW

shlwapi

wvnsprintfA
wnsprintfA
StrCmpNIA

user32

DispatchMessageA
SetThreadDesktop
GetDlgItemTextA
GetDlgItem

Sections

.test
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE