1701edd74ccb2dbfa17225525df2c242_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1701edd74ccb2dbfa17225525df2c242_JaffaCakes118
Size

274KB
MD5

1701edd74ccb2dbfa17225525df2c242
SHA1

7a805a0d59ad0a417b3684cb10d0941e156081a0
SHA256

bcc0776ba31bbd1121a05a2820679236b61621378159e96d1e8206f82ca41392
SHA512

8a45bb954d640c495fe9c7641ee36bb66aee02d6dad1fe491608a8afd97721d4285450528e361045dd6be3cc5e7e939639cd9403bc11dad5185faae3771db5dd
SSDEEP

6144:fOXHjn3SOI3x2nuLHWVVHBXDHC4RQkSX4M1WKM7Fjy4Ufs+a:faT3SOiRsfXRQnXb4DRjy4f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1701edd74ccb2dbfa17225525df2c242_JaffaCakes118

Files

1701edd74ccb2dbfa17225525df2c242_JaffaCakes118
.exe windows:4 windows x86 arch:x86

99eeea20d301a0ebc238875b9b6d76ae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GlobalAddAtomW
GetCommandLineW
FindFirstFileA
EnumResourceLanguagesW
GetModuleHandleW
FindNextFileA
HeapAlloc
FindFirstFileW
CloseHandle
EnumResourceNamesW
GetProcAddress
EnumResourceNamesA
SetLastError
FindResourceExW
LockResource
GlobalFree
LoadLibraryA
RaiseException
EnumResourceTypesW
LocalFree
GetLastError
FormatMessageW
LoadResource
MultiByteToWideChar
GetDateFormatW
GetCurrentDirectoryW
SizeofResource
InterlockedExchange
HeapFree
Sleep

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

user32

LoadStringA
SetTimer
MessageBoxA
IsWindowVisible
CharUpperA
PostThreadMessageA
KillTimer
GetWindowThreadProcessId
wsprintfW
EnumWindows
PeekMessageA
CharNextA
GetMessageA
GetWindowTextA
DispatchMessageA
wsprintfA

Sections

.text
Size: 137KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ