0cfcfb95ec5ba2bf23680426e8bb5269_JaffaCakes118

General

Target

0cfcfb95ec5ba2bf23680426e8bb5269_JaffaCakes118
Size

61KB
MD5

0cfcfb95ec5ba2bf23680426e8bb5269
SHA1

1ef22febb9393d3dde74fcfaffef5cae469971d9
SHA256

e057c81dbab3986461ea24f6a9128c5811c2db06896ca5e95bcb7207bb1ebeb4
SHA512

93235ff551742b63013fd7785053675bc8da9203e386946f9522d408fe5ec02c5988cc685294611c19a7e6c9c9f934e8f04daa2176521180e479cc6a464cd600
SSDEEP

1536:Pt8R8lx7i77LqawVk1/PfTj9Pq8kuPgYLQwhUsV+:Pt8R8THV8/PfoggYThH+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cfcfb95ec5ba2bf23680426e8bb5269_JaffaCakes118

Files

0cfcfb95ec5ba2bf23680426e8bb5269_JaffaCakes118
.exe windows:4 windows x86 arch:x86

57b40012d28f559fea2b3f49474ef7db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpNIW
PathFileExistsW
wnsprintfA
PathRemoveFileSpecW
wnsprintfW
wvnsprintfA
wvnsprintfW
StrStrW
SHDeleteKeyA
StrCmpNIA

kernel32

Sleep
FindClose
HeapReAlloc
VirtualAlloc
ReleaseMutex
CreateProcessW
VirtualProtect
WideCharToMultiByte
GlobalLock
GetUserDefaultUILanguage
lstrlenW
GetDiskFreeSpaceW
GetModuleHandleA
OpenMutexW
ExpandEnvironmentStringsW
SetFilePointer
LoadLibraryA
GetFileAttributesA
GetModuleFileNameW
CreateMutexW
lstrcmpiW
lstrcpyW

user32

GetCursorPos
GetWindowTextA
CharLowerBuffA
SetProcessWindowStation
CloseDesktop
SendMessageA
GetDlgItemTextA
SetThreadDesktop
OpenWindowStationA
MsgWaitForMultipleObjects
ToUnicode
GetClipboardData
CloseWindowStation
GetWindowLongA
ExitWindowsEx
PeekMessageA
GetKeyboardState
GetIconInfo
GetKeyState
GetForegroundWindow
FindWindowExA

advapi32

CryptGetHashParam
RegEnumKeyExA
RegSetValueExA
CryptAcquireContextW
RegCreateKeyExA
CryptHashData
RegQueryValueExA
RegCloseKey
CryptDestroyHash
CryptReleaseContext
CryptCreateHash

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

57b40012d28f559fea2b3f49474ef7db

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 20KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 20KB