0b99426a738bc4258e189348cd7bb2c6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b99426a738bc4258e189348cd7bb2c6_JaffaCakes118
Size

174KB
MD5

0b99426a738bc4258e189348cd7bb2c6
SHA1

a8b551024dc6d1644cccd7fb98d80f1149293ae9
SHA256

5849b2f734d920f9eb5c372a6203bef257013aaa1fb5732aa7332fc331ce9c08
SHA512

0dbefb1ae30cd6fa0fbaa7532d57033b13ca7efa8a1a7ca728db9f37ff823435a3d81ea63b3fb71d8b0612bfe03f06d301ee93e78df32962e4dd003811c18ce3
SSDEEP

3072:N3hYq/lnY6UHluHhYz9CtXeKzKH2Cvu9CSNQBe8eCaKlqXUh2Dx:N2qdY6OGschBC26xqXU2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b99426a738bc4258e189348cd7bb2c6_JaffaCakes118

Files

0b99426a738bc4258e189348cd7bb2c6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a72d7450d1901b1ee7d8be23233c6065

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadStringA
CharUpperA
SetTimer
CharNextA
GetWindowTextA
wsprintfW
EnumWindows
GetMessageA
PostThreadMessageA
GetWindowThreadProcessId
PeekMessageA
IsWindowVisible
KillTimer
DispatchMessageA
MessageBoxA
wsprintfA

kernel32

EnumResourceLanguagesW
InterlockedExchange
GetCurrentDirectoryW
SetLastError
GlobalAddAtomW
GetModuleHandleW
FindFirstFileA
EnumResourceTypesW
CloseHandle
LocalFree
GetCommandLineW
GetProcessHeap
GlobalFree
EnumResourceNamesA
LockResource
GetLastError
SizeofResource
FindResourceExW
RaiseException
EnumResourceNamesW
HeapAlloc
GetProcAddress
GetDateFormatW
FindNextFileA
FindFirstFileW
FormatMessageW
HeapFree
LoadLibraryA
LoadResource
MultiByteToWideChar
Sleep

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

Sections

.text
Size: 97KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ