374adaa69fd5253db7de99f0f92fcff3_JaffaCakes118

General

Target

374adaa69fd5253db7de99f0f92fcff3_JaffaCakes118
Size

781KB
MD5

374adaa69fd5253db7de99f0f92fcff3
SHA1

ce69f6483514d4dbe322817cfb4a4b69965bf70f
SHA256

ee99829637e34b1e220c5dfecfc1bffd463e6349154f7f07f6a8008f5c745a88
SHA512

1ac14d1cc6319997c2ffc7b981665b1ee31a0123520f1d8f561c1e186de35c7b3fb1964c3e3c88baf16ce77be370cf33156b74854ecaba34075078c8fb02bbb4
SSDEEP

24576:F3imdaAP0V8rqtdYOv0XsQHmhq5pJ0qf7YwclnX:FpdaA5q8Ov0jKq55fGX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
374adaa69fd5253db7de99f0f92fcff3_JaffaCakes118

Files

374adaa69fd5253db7de99f0f92fcff3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

76d1519de16a7c970d5cbe8213a53093

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA
PathRemoveFileSpecW
PathCombineW
PathMatchSpecW
wvnsprintfA
StrCmpNIA
wnsprintfA
wvnsprintfW

kernel32

HeapFree
VirtualAlloc
GetUserDefaultUILanguage
FindNextFileW
GetModuleHandleA
InitializeCriticalSection
GetFileSizeEx
GetProcAddress
UnmapViewOfFile
HeapReAlloc
GetEnvironmentVariableW
VirtualProtect
FindClose
MultiByteToWideChar
Sleep
LoadLibraryA
GetFileSize
CreateThread
CreateMutexW

user32

DrawIcon
CharLowerBuffA
CloseDesktop
GetMessageA
MsgWaitForMultipleObjects
GetWindowLongA
GetForegroundWindow
SendMessageA
DispatchMessageA
GetClassNameA
GetKeyState
GetWindowThreadProcessId
ToUnicode
SetThreadDesktop
CloseWindowStation
GetCursorPos
GetClipboardData

advapi32

CryptAcquireContextW
RegQueryValueExA
CryptCreateHash
CryptGetHashParam
RegSetValueExA
GetUserNameW
RegCloseKey
CryptHashData
RegDeleteValueA
DuplicateTokenEx
RegEnumKeyExA

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 765B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

76d1519de16a7c970d5cbe8213a53093

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

Sections

.text Size: 57KB - Virtual size: 57KB

.data Size: 1KB - Virtual size: 13KB

.rdata Size: 1024B - Virtual size: 765B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 57KB - Virtual size: 57KB

.data
Size: 1KB - Virtual size: 13KB

.rdata
Size: 1024B - Virtual size: 765B

.rsrc
Size: 1KB - Virtual size: 1KB