0d75e82e089683656626791b2504afe6_JaffaCakes118 | Triage

Sharing

General

Target

0d75e82e089683656626791b2504afe6_JaffaCakes118
Size

277KB
MD5

0d75e82e089683656626791b2504afe6
SHA1

e03b38f448977657f4327b0919a2df5cc2a00455
SHA256

2878828c126960692b1d55bece6f536505d168f5b936832d8d71226e5f02fec3
SHA512

3ae8b5456aa11cb25352650344d94ad662cebb669c71d9002ab7243a99835f4432ded056f583d2104e7b369023b8e29f9ab04392c598188bbca39234fb6bf544
SSDEEP

6144:CodcaqzjQVh0vnAY45O/0YW3ronU/nZtn8JemqnmfC7EaJWu/:/qzjSh0vnj4R3rrnwPqnYClJ/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d75e82e089683656626791b2504afe6_JaffaCakes118

Files

0d75e82e089683656626791b2504afe6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

85256a0fd134f32b15120fd3edc1d596

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AddAtomA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetOEMCP
GetCPInfo
UnhandledExceptionFilter
EnumResourceLanguagesA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeExW
WriteFile
GetStartupInfoA
SetUnhandledExceptionFilter

newdev

UpdateDriverForPlugAndPlayDevicesW

shell32

SHGetFolderPathW

user32

CreateWindowExW
IsWindow
DestroyWindow
EnumChildWindows
SendMessageA
GetDlgItem
GetWindowThreadProcessId

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

setupapi

CM_Get_Parent
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

iphlpapi

GetIpAddrTable

Sections

.text
Size: 136KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ