03c1b242db1b50d4211297916ed80c2b_JaffaCakes118

General

Target

03c1b242db1b50d4211297916ed80c2b_JaffaCakes118
Size

61KB
MD5

03c1b242db1b50d4211297916ed80c2b
SHA1

9395a3e0a20816c59e4928e6bca53731d7c4e61e
SHA256

de5e6e3295e1b5c015a676b2a5d8fc8fe7307aa04dc44b1bbae31448133113cc
SHA512

1020dfd8049061803bf1a97968d18222ea3be5f4a3edf2cfc73d45f6b5d777cd719d927d85a7b5766d11d309d3ce8f01101720c630075146bd3a95d6c2922902
SSDEEP

1536:TO5P6kVo7OeVQeQt1AsolDsA8+pEPgGDu42D0t3:askVfeVQH1Asbl0Y5u0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03c1b242db1b50d4211297916ed80c2b_JaffaCakes118

Files

03c1b242db1b50d4211297916ed80c2b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

80990b9bde5b07f89ec5bd612ad1dd9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathCombineW
PathRemoveFileSpecW
wnsprintfA
PathMatchSpecW
wnsprintfW
SHDeleteKeyA
wvnsprintfA
StrStrW
PathFindFileNameW
PathFileExistsW
wvnsprintfW
StrCmpNIW
StrCmpNIA

user32

CloseDesktop
GetWindowLongA
GetForegroundWindow
OpenWindowStationA
CloseWindowStation
FindWindowExA
ToUnicode
SetProcessWindowStation
OpenDesktopA
EndDialog
GetWindowThreadProcessId
PeekMessageA
SendMessageA
GetClassNameA
GetCursorPos

advapi32

RegDeleteValueA
CryptReleaseContext
CryptAcquireContextW
RegCloseKey
DuplicateTokenEx
RegEnumKeyExA
GetUserNameW
CryptHashData
RegSetValueExA
RegCreateKeyExA

kernel32

lstrcpyW
VirtualAlloc
GetLastError
GetCurrentThreadId
GetSystemTimeAsFileTime
LoadLibraryA
GetModuleFileNameA
MultiByteToWideChar
VirtualProtect
lstrcmpiW
GetProcAddress
CreateEventW
GetDiskFreeSpaceW
GetTickCount
GetModuleHandleA
GetFileTime
GetCommandLineA
lstrcatW
LeaveCriticalSection
GetLocalTime
lstrlenA
WideCharToMultiByte
HeapFree
HeapReAlloc
Sleep
GetFileSize

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

80990b9bde5b07f89ec5bd612ad1dd9a

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

user32

advapi32

kernel32

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: - Virtual size: 20KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: - Virtual size: 20KB