079db0546f90c056fa1766c4083263c4_JaffaCakes118 | Triage

Sharing

General

Target

079db0546f90c056fa1766c4083263c4_JaffaCakes118
Size

172KB
MD5

079db0546f90c056fa1766c4083263c4
SHA1

de2d82cfb75130c7415ac57bbc8971cf34b9f22f
SHA256

14ec74513e05baf484348001a5a24fab0e867c250739da9425601e03daed2d1b
SHA512

9c06fb741d7471333638ce60e862f81d0d9b54f70c0a496d6a2e7b4cd418fa2deec7d3798cc2ca384514e17c442218320128a672c829f852a8423292f0e75742
SSDEEP

3072:UkOpHlujRsWeiDcvG4g2M4xLwz5R9KDqEXfz+iF9hNFCG6HZiH80G0TN30aUCL1:h8FEF/l+HcnHZJHE5Vh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
079db0546f90c056fa1766c4083263c4_JaffaCakes118

Files

079db0546f90c056fa1766c4083263c4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

759cc0ac6e3762d73018700a268314dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Depth_Ex
SetupDiGetDeviceRegistryPropertyA
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

winmm

mciSendCommandW
sndPlaySoundW

shlwapi

PathAddBackslashW

kernel32

GetConsoleMode
ExitProcess
GetVersionExA
FlushFileBuffers
AddAtomW
MapViewOfFile
TlsGetValue
SetLastError
GetVersionExW
GetLastError
GetProcAddress
HeapFree
GetModuleHandleW
UnmapViewOfFile
TlsAlloc
TlsFree
EnumResourceNamesA
TlsSetValue
CreateFileMappingA
GetTempPathW
HeapAlloc
LoadLibraryExW
InterlockedDecrement
GetModuleHandleA
IsBadStringPtrW
InterlockedIncrement
GetEnvironmentVariableW
WriteConsoleW
CreateFileA
CreateFileW
GetProcessHeap
GetConsoleCP
Sleep

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ