2801613e1489000462401e66a325edab_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2801613e1489000462401e66a325edab_JaffaCakes118
Size

176KB
MD5

2801613e1489000462401e66a325edab
SHA1

dfe47ff43e775d5b7d854496c09f4d159efcdbaf
SHA256

f6d7bb451ce7dd189a9a66eb4f11dcc7c36fa0e27de3c458e4bf2363d02911a5
SHA512

616fb4ed9552b50f59b444f2fbd2eba1889c25988a816c9c190101e2fbf40271915eb77b771514989c84c9a45e13dbe22e9764672cb2c0add0ee748d1b604e38
SSDEEP

3072:EkRciARRhrnv2QL3S0Qou+tnJqjfKbNrIcy0FKx04ZAwWJ5Ev:rOiAjBnJQoJqjfey0FjGHWJO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2801613e1489000462401e66a325edab_JaffaCakes118

Files

2801613e1489000462401e66a325edab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5a3e6651e2778ca1eed62700c315f6e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashW

kernel32

GetVersionExW
CreateFileW
GetConsoleMode
FlushFileBuffers
TlsFree
AddAtomW
HeapAlloc
TlsSetValue
CreateFileMappingA
HeapFree
SetLastError
LoadLibraryExW
GetTempPathW
ExitProcess
GetProcAddress
GetVersionExA
InterlockedIncrement
EnumResourceNamesA
UnmapViewOfFile
GetLastError
GetEnvironmentVariableW
TlsGetValue
GetModuleHandleW
GetProcessHeap
VerLanguageNameA
GetConsoleCP
InterlockedDecrement
GetModuleHandleA
CreateFileA
WriteConsoleW
TlsAlloc
MapViewOfFile
Sleep

msimg32

AlphaBlend
TransparentBlt

winmm

mciSendCommandW
sndPlaySoundW

setupapi

CM_Get_Depth_Ex
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyA
CM_Get_DevNode_Status

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ