06285ee044e41f43f750a8eaddaf7370_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06285ee044e41f43f750a8eaddaf7370_JaffaCakes118
Size

162KB
MD5

06285ee044e41f43f750a8eaddaf7370
SHA1

d1ef4e92a8d235196effcbfde46ac4091c14b5a4
SHA256

ed78bb6fa9382cd04244e8b67880bee4ee3bc74fb9d286679bf022c9d0305c8a
SHA512

ec68a3a5c60f9206899a8537ab909331a89eadf2980a5a3ee8c7f8a79f35df06b7e9b82a7be8dd644717c001a577935dc794244fa80e0aed80546005dd5883c2
SSDEEP

3072:PW3B7bE2l/Kp9t/dP92PTQpkYqpR1DN42akWqytlYPZlXtcqPEF5h/OwGh:PYtE2l+9RdPs8pkYSakWtoRV+q22w+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06285ee044e41f43f750a8eaddaf7370_JaffaCakes118

Files

06285ee044e41f43f750a8eaddaf7370_JaffaCakes118
.exe windows:4 windows x86 arch:x86

badcd0417f6b8a4c016e4a49c260aa5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSizeEx
VirtualAlloc
VirtualProtect
CreateMutexW
OpenMutexW
lstrlenA
SetFilePointer
lstrcpyA
GetModuleHandleA
lstrcpynW
GetDiskFreeSpaceW
lstrcmpiW
GetFileAttributesW
GlobalLock
CreateEventW
lstrcpyW
CreateThread
FindNextFileW
LoadLibraryA
GlobalUnlock
GetUserDefaultUILanguage
CloseHandle
MultiByteToWideChar
GetProcAddress

advapi32

RegCloseKey
RegSetValueExA
DuplicateTokenEx
CryptAcquireContextW
CryptHashData
RegEnumKeyExA
GetUserNameW
RegCreateKeyExA
CryptGetHashParam
CryptReleaseContext
CryptDestroyHash

shlwapi

wnsprintfA
wnsprintfW
PathRemoveFileSpecW
StrStrW
SHDeleteKeyA
PathMatchSpecW
wvnsprintfA
PathCombineW
PathFileExistsW
PathFindFileNameW
StrCmpNIW

user32

SendMessageA
GetCursorPos
GetForegroundWindow
SetProcessWindowStation
CloseWindowStation
OpenDesktopA
OpenWindowStationA
GetIconInfo
GetClipboardData
FindWindowExA
GetWindowLongA

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE