2dbbfec0bc499a83a805d844df8c74b6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2dbbfec0bc499a83a805d844df8c74b6_JaffaCakes118
Size

1.6MB
MD5

2dbbfec0bc499a83a805d844df8c74b6
SHA1

90247848fd49339708b5b81220eccdbdc430d6ce
SHA256

3e3d16611da62542ccc3613af47f866c2b25d4d71a3aa6e322cb6690f521f596
SHA512

7c11ba2975e36a13cac0794b61e59dc49994ab736d960ca34b1c0099262b53d4d3f3ac2cb70224d63d7504cb77a6a0343bfe0c86868ee7f4f43ecc699ed7c35c
SSDEEP

24576:o/9QSv95TjRNTR7pJ5POc+eq9UFp4nXwM8gIzwWDqUK2kKh9T51xAO9emdcKw2N:N6XnRNfPaeqY8fHCzD/7Z95J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2dbbfec0bc499a83a805d844df8c74b6_JaffaCakes118

Files

2dbbfec0bc499a83a805d844df8c74b6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0f73cf93df7f8d936bc5a7a10af334d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Depth_Ex
SetupDiGetDeviceRegistryPropertyA
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

shlwapi

PathAddBackslashW

winmm

mciSendCommandW
sndPlaySoundW

kernel32

FlushFileBuffers
InterlockedDecrement
GetEnvironmentVariableW
AddAtomW
MapViewOfFile
HeapAlloc
CreateFileMappingA
UnmapViewOfFile
GetVersionExW
ExitProcess
CreateFileW
GetConsoleCP
GetConsoleMode
GetProcessHeap
EnumResourceNamesA
HeapFree
GetProcAddress
WriteConsoleW
TlsSetValue
GetModuleHandleW
GetVersionExA
TlsGetValue
GetLastError
GetModuleHandleA
VerLanguageNameA
InterlockedIncrement
LoadLibraryExW
CreateFileA
TlsFree
SetLastError
GetTempPathW
TlsAlloc
Sleep

Sections

.text
Size: 824KB - Virtual size: 823KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 831KB - Virtual size: 831KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ