2fe9fdbc29104995179fe72cab1a5b4e_JaffaCakes118

General

Target

2fe9fdbc29104995179fe72cab1a5b4e_JaffaCakes118
Size

61KB
MD5

2fe9fdbc29104995179fe72cab1a5b4e
SHA1

6774b6852bc193a30659cd8b4e40029b98b3e161
SHA256

e388401a1a2cf44cb34f21449d215215fc3816e5773bac39546437060b332076
SHA512

57923a6718708d236bf4c95ad02cc2ffc2ad50537ceb4cd3a1c902d91ee121546c2c9c28a3c041790293309e9f0308444fd88c41262f61eb36707163e5349151
SSDEEP

1536:Dx2YPqPUZF6TqXRlLJZPSN1sk/Mm0TUPW7J4Y9sZ0i0u:DtCsf6TqXR1PSMk/MrUP8aZf5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fe9fdbc29104995179fe72cab1a5b4e_JaffaCakes118

Files

2fe9fdbc29104995179fe72cab1a5b4e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a7d3718657b306a815d1569a950bf524

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptGetHashParam
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
CryptDestroyHash
RegDeleteValueA
DuplicateTokenEx
CryptAcquireContextW
CryptHashData
RegEnumKeyExA
RegCloseKey
GetUserNameW

shlwapi

PathFileExistsW
PathFindFileNameW
StrCmpNIA
wnsprintfA
StrCmpNIW
SHDeleteKeyA
wvnsprintfA
PathRemoveFileSpecW
StrStrW
PathMatchSpecW
PathCombineW

user32

LoadCursorA
OpenDesktopA
SendMessageA
FindWindowExA
GetForegroundWindow
GetMessageA
GetIconInfo
CloseDesktop
SetProcessWindowStation
GetDlgItemTextA
SetThreadDesktop
GetWindowThreadProcessId
GetClipboardData
ExitWindowsEx
GetDlgItem
EndDialog
GetKeyState

kernel32

OpenMutexW
VirtualAlloc
GetCurrentThreadId
CreateProcessW
ResetEvent
WaitForSingleObject
GetModuleHandleA
GetSystemTimeAsFileTime
GetDiskFreeSpaceW
VirtualProtect
ExpandEnvironmentStringsW
GetVersionExW
GetCommandLineA
FindNextFileW
MulDiv
HeapFree
GetAtomNameW
lstrcatA
CreateMutexW
lstrcmpiW
GetTimeZoneInformation
GlobalLock
SetFileTime
GlobalUnlock

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a7d3718657b306a815d1569a950bf524

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

user32

kernel32

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 20KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 20KB