0f232d85a2c0960cfd3b6ff3ecc836b3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f232d85a2c0960cfd3b6ff3ecc836b3_JaffaCakes118
Size

511KB
MD5

0f232d85a2c0960cfd3b6ff3ecc836b3
SHA1

08ce04c22cd096044f105d4844e1816a36b05871
SHA256

e32458a748ca86b3dc34eab424d9dc600e898462df04cf5a6ae5927fb91ce08c
SHA512

0858d6683e6eafb17865a9eb8bff8dca54f832e81c64e78b4e873df288fcdcad5b4f778036a296f7df3c023b4b53ad14dfba906db8090479f4dadd1aefdc6a9f
SSDEEP

12288:p2LpEQFWp2FJYuTSacqoQ9KLvhTwJuuJIgkA4REe3V+TeRmeSV8AHmk:6wYFJ7+zqowKDhzumgkA4meNmeSV8q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f232d85a2c0960cfd3b6ff3ecc836b3_JaffaCakes118

Files

0f232d85a2c0960cfd3b6ff3ecc836b3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1b0373c94cd757ce6fe5961cf55c57f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

OpenDesktopA
FindWindowExA
GetKeyState
CharLowerBuffA
GetWindowThreadProcessId
ToUnicode
GetIconInfo
CloseWindowStation
GetClipboardData
GetCursorPos
GetWindowLongA
GetClassNameA
SendMessageA

kernel32

VirtualProtect
GetModuleHandleA
GetTickCount
VirtualAlloc
CreateProcessW
UnmapViewOfFile
FindFirstFileW
HeapReAlloc
GetCurrentThreadId
GetModuleFileNameA
LoadLibraryA
WideCharToMultiByte
GetFileAttributesW
CloseHandle
FindResourceW
CreateThread

advapi32

RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
GetUserNameW
RegQueryValueExA
DuplicateTokenEx
RegCloseKey
CryptDestroyHash
CryptReleaseContext
RegEnumKeyExA
CryptHashData

shlwapi

wvnsprintfW
PathRemoveFileSpecW
PathFindFileNameW
StrCmpNIW
StrStrW
SHDeleteKeyA
wvnsprintfA
wnsprintfA
StrCmpNIA
PathMatchSpecW
PathFileExistsW
wnsprintfW
PathCombineW

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE