7edcdb0339a8278ccf4533f048be53d4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7edcdb0339a8278ccf4533f048be53d4_JaffaCakes118
Size

104KB
MD5

7edcdb0339a8278ccf4533f048be53d4
SHA1

4aa0902c366b10028f1b6459e68ce93eb36468c9
SHA256

1ac7ec54b37c85164442fb721d2a6fcf5c7b36e112545ee51a96def0cd5fd4c8
SHA512

b8dd9f8cfa4127f721e12f9d8a80dbb6e7ee9174bf3663ebbd5f46ac6be431d283526dfc3c8925facee34b86c3c04d0002466762f87382e731e2432017bb98ae
SSDEEP

1536:XmN+MiaQIm8a9YWXNT+cjA1RIsEaD6dDJhp2kbHloZs:O+ZIm8aiJcjQIfjnp5bFoa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7edcdb0339a8278ccf4533f048be53d4_JaffaCakes118

Files

7edcdb0339a8278ccf4533f048be53d4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

99616a913a92fa958fdc34dc8492c7e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcBindingFromStringBindingW

shlwapi

PathAddBackslashA

setupapi

SetupDiCreateDeviceInterfaceW
CMP_WaitNoPendingInstallEvents

gdi32

CreateDiscardableBitmap

winscard

SCardGetProviderIdW

kernel32

ReOpenFile
Thread32First
RequestWakeupLatency
SetFilePointer
GetPriorityClass
GetNumaHighestNodeNumber
HeapDestroy
SleepEx
Process32FirstW
GetVolumeNameForVolumeMountPointW
HeapSetInformation
GetCommandLineA
GetConsoleProcessList

user32

ReuseDDElParam
GetFocus
OpenWindowStationW
GetScrollInfo
GetUpdateRect
GetSubMenu
GetMenuState
RealChildWindowFromPoint
ExcludeUpdateRgn
SetForegroundWindow

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CONST
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ