0289b22292ee6f77abb1872c2a569846_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0289b22292ee6f77abb1872c2a569846_JaffaCakes118
Size

490KB
MD5

0289b22292ee6f77abb1872c2a569846
SHA1

4c6764e050e7af2635673d89e4f6c5431f852ee0
SHA256

f29685ab8b0ac90921a01167794d46b43776625cb9cf1f021c6d3a04482691bd
SHA512

27ed782758b935578ac5b74d94cf37e315bd9574ac7225d688430b750611732b43fa825369cb602cbea0ee3869c3812b673a87a19965643d2387f67021ca6577
SSDEEP

12288:GcQV57jagfqR8zpUnTUhD2pqa/IoPKUOC:8v/1fqRAU4C4abb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0289b22292ee6f77abb1872c2a569846_JaffaCakes118

Files

0289b22292ee6f77abb1872c2a569846_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d70a015118baf2e9d3663bd160e21b29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetKeyState
CloseWindowStation
GetWindowLongA
GetIconInfo
CloseDesktop
SendMessageA
GetForegroundWindow
EndDialog

kernel32

MulDiv
VirtualProtect
VirtualAlloc
GetCommandLineA
GetModuleHandleA
lstrcpyW
CreateThread
CreateMutexW
GetEnvironmentVariableW
GetSystemTime
GetFileAttributesA
GetModuleFileNameW
LeaveCriticalSection
FindResourceW
LoadLibraryA
GetFileSizeEx
GetTimeZoneInformation

advapi32

RegEnumKeyExA
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
CryptGetHashParam
CryptCreateHash
RegCloseKey
GetUserNameW

shlwapi

SHDeleteKeyA
wnsprintfW
PathFileExistsW
StrCmpNIW
PathCombineW
PathMatchSpecW

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE