16709d59ba7b15f3cafe5c1407ac55cf_JaffaCakes118 | Triage

Sharing

General

Target

16709d59ba7b15f3cafe5c1407ac55cf_JaffaCakes118
Size

1.1MB
MD5

16709d59ba7b15f3cafe5c1407ac55cf
SHA1

b959727177f7c2cbde9ff521462598ff85ceebe9
SHA256

e46b2e6daf2c887216eae9f0675ae944e87f154aab15e37eb9105e9dd17d64e8
SHA512

04747e92d8f7a9bd97bef828eb1532d2e604806109e03385a3e1835759fdb13c6651223938dc5d4a501ab252100a156de360291273ba1caf2933050825e90069
SSDEEP

24576:a5/uM5ZePgYxM+PTn9nmYVBDaH6c0ZcBMOfUGiWpIYX0LhARn46r:9MDYxvPpnJBDaac0ZuUGjpD0LhK46r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16709d59ba7b15f3cafe5c1407ac55cf_JaffaCakes118

Files

16709d59ba7b15f3cafe5c1407ac55cf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

76c3b083a702f164b6b4c61c51b58299

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
SetEvent
EnterCriticalSection
VirtualAlloc
GetLocalTime
HeapReAlloc
GetModuleHandleA
MultiByteToWideChar
GetTimeZoneInformation
GetFileSizeEx
CreateEventW
VirtualProtect
CreateMutexW
lstrcmpiA
GetDiskFreeSpaceW
lstrcpyW

advapi32

RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegSetValueExW
RegQueryValueExA

shell32

ShellExecuteExW

user32

OpenWindowStationA
ToUnicode
OpenDesktopA
ExitWindowsEx
GetIconInfo
GetWindowLongA
EndDialog
CloseDesktop

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

shlwapi

SHDeleteValueW
SHDeleteKeyW

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE