2e580d3d4d6f65f72bc92d262331aa65_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e580d3d4d6f65f72bc92d262331aa65_JaffaCakes118
Size

187KB
MD5

2e580d3d4d6f65f72bc92d262331aa65
SHA1

3f3fe5d892ad1b94a50a05d77ab763ab85a7e920
SHA256

aaf3139b9b2e6301839adcca69221f2863709dc704cfb9fcd1ff8780d10d00e5
SHA512

75073d369de797e2a5223f7510e59ef57accc01403e0d200c56af14ca31064c01d26b5534ad305935b2cb0dede882deafd742bef8ed78d51f3742f125b3fe172
SSDEEP

3072:RWYjE6A/YwwXeK9UKGWEzq7tjp0iMYGkEzCe6pBYZGLDooMsNm:Md6A/Ywwz+5qH0sGkEue2BzDBMp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e580d3d4d6f65f72bc92d262331aa65_JaffaCakes118

Files

2e580d3d4d6f65f72bc92d262331aa65_JaffaCakes118
.exe windows:4 windows x86 arch:x86

02dfbf7606eb0c3dee3f4648073d959a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashW

kernel32

GetTempPathW
WriteConsoleW
FlushFileBuffers
LoadLibraryExW
GetConsoleMode
AddAtomW
TlsAlloc
GetVersionExA
TlsFree
GetProcAddress
InterlockedDecrement
UnmapViewOfFile
GetLastError
CreateFileW
HeapFree
InterlockedIncrement
GetModuleHandleA
GetEnvironmentVariableW
GetVersionExW
EnumResourceNamesA
HeapAlloc
SetLastError
ExitProcess
CreateFileA
GetModuleHandleW
VerLanguageNameA
CreateFileMappingA
TlsSetValue
TlsGetValue
GetConsoleCP
MapViewOfFile
GetProcessHeap
Sleep

setupapi

CM_Get_Depth_Ex
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyA
CM_Get_DevNode_Status

winmm

mciSendCommandW
sndPlaySoundW

msimg32

AlphaBlend
TransparentBlt

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ