03d49844e5c32e5d92c886951822a05e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

03d49844e5c32e5d92c886951822a05e_JaffaCakes118
Size

61KB
MD5

03d49844e5c32e5d92c886951822a05e
SHA1

1ca86be6f9c8e4e293a878b7b0f6c2b6ec8be27e
SHA256

1de9768dbbdad017f4a585f56fe165c48de32f778469696ba32d31be7a580287
SHA512

fba5985919ff68fda658a4ad8ba3c589d4ae1c7c8622088f33684663b18b05b0f5255e96c7d7d0559efa9f52d5ed0f92cc2b3fee0cfe065a5e3877cfc9aa1b28
SSDEEP

1536:zQ77InPh3uNb01+UKmU/haNpzc+0KTfIpHdBD0:w6h3uNMsMHg+rfYF0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03d49844e5c32e5d92c886951822a05e_JaffaCakes118

Files

03d49844e5c32e5d92c886951822a05e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c2c55dcce184d312f06123a9b242aa03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CloseWindowStation
GetIconInfo
GetKeyboardState
ExitWindowsEx
GetWindowThreadProcessId
CloseDesktop
GetDlgItem
FindWindowExA
SendMessageA
GetClassNameA
DispatchMessageA
GetDlgItemTextA
CharLowerBuffA
PeekMessageA
GetWindowTextA

kernel32

GetModuleHandleA
VirtualAlloc
GetSystemTimeAsFileTime
GetDiskFreeSpaceW
GetSystemTime
CreateThread
GetFileSizeEx
VirtualProtect
ResetEvent
lstrlenA
GetAtomNameW
Sleep
FindClose
lstrcatW
TryEnterCriticalSection
GlobalLock
GetLastError
lstrcatA
GetUserDefaultUILanguage
SetFileTime
GetEnvironmentVariableW

shlwapi

StrStrW
wnsprintfA
PathCombineW
PathFindFileNameW
StrCmpNIW
wnsprintfW
SHDeleteKeyA
wvnsprintfA
wvnsprintfW
StrCmpNIA
PathMatchSpecW

advapi32

DuplicateTokenEx
CryptHashData
RegCloseKey
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
RegSetValueExA
CryptAcquireContextW
RegCreateKeyExA
GetUserNameW

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE