3f1c9c873621b8450e7e9d6881e9cb23_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f1c9c873621b8450e7e9d6881e9cb23_JaffaCakes118
Size

57KB
MD5

3f1c9c873621b8450e7e9d6881e9cb23
SHA1

209f8a405488196d2e117e112fa8ce9d4c93cd89
SHA256

bc881a69039ca2bd68ade259079a1ac4614e01d07f5c32cc03f8993a396d6d2d
SHA512

6c21191789956bdf816d256de279ad4289d632a5e74e97ae6321d1010bda5cca8077b1365165da213099a858fa10aa21e731c8f0e86a45fe1407ddc494004715
SSDEEP

768:sspmU30I4SLN0LCfb5DKr8P+QbS4jhAg51WkVNO+ahDvFaudUh4JInQk/3xIYoRz:sgX4RGDK4I8BxVNLatvbILn7/cRF5X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f1c9c873621b8450e7e9d6881e9cb23_JaffaCakes118

Files

3f1c9c873621b8450e7e9d6881e9cb23_JaffaCakes118
.exe windows:4 windows x86 arch:x86

88586f869ba18f56fe5e1f0c282d6fb4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EndDialog
GetClipboardData
GetDlgItemTextA
GetCursorPos
GetWindowThreadProcessId
GetWindowLongA
CharLowerBuffA
GetMessageA
GetIconInfo
SetProcessWindowStation
DrawIcon
OpenDesktopA
GetKeyState
SendMessageA

advapi32

CryptHashData
CryptReleaseContext
RegCloseKey
CryptGetHashParam
RegEnumKeyExA
RegSetValueExA
GetUserNameW
CryptCreateHash
RegCreateKeyExA
CryptDestroyHash

kernel32

GlobalUnlock
VirtualProtect
GetModuleFileNameW
GetModuleFileNameA
OpenMutexW
WideCharToMultiByte
FindFirstFileW
lstrcmpiA
GetVersionExW
GetLocalTime
FindResourceW
GetTickCount
CreateFileA
Sleep
HeapReAlloc
GetFileSizeEx
lstrcpyA
CreateMutexW
CreateThread
VirtualAlloc

shlwapi

PathMatchSpecW
PathFileExistsW
wnsprintfW
wvnsprintfA
wnsprintfA
wvnsprintfW
PathFindFileNameW
PathCombineW
StrCmpNIA

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE