37e676c9e7534d1dbaf9dcff15d1898d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37e676c9e7534d1dbaf9dcff15d1898d_JaffaCakes118
Size

186KB
MD5

37e676c9e7534d1dbaf9dcff15d1898d
SHA1

211dcd4385e3aa1c894a190e18bc3f5e4ac99515
SHA256

6f744feb9734cf2646a52ac4338971ffd60d05416b7f574685c64871f77104b1
SHA512

957be84b63b49740f3bdbeeab6c917f02aac7582d9a0186964c601650bb05ce69a6e6ddb38d064ab08513107eb8dccecacb424935d5e247e2ed8b8840de056c4
SSDEEP

3072:9dw+Kwk09mZkFu9w0gfzR0PS7bq5Zbwk/+8j07yC2gj2vkfZ0tk/+UFNK2yQT6Sg:9a+K29m2uWpiS/Pr8w12gjQkxEoL9hD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37e676c9e7534d1dbaf9dcff15d1898d_JaffaCakes118

Files

37e676c9e7534d1dbaf9dcff15d1898d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

536c6cad050db1d700a759ada92ff745

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

newdev

UpdateDriverForPlugAndPlayDevicesW

rpcrt4

NdrByteCountPointerFree
UuidCreate

winmm

timeEndPeriod

kernel32

FlushInstructionCache
WaitForSingleObject
TlsSetValue
VirtualProtectEx
GlobalUnlock
GlobalLock
CreateFileW
GetCurrentThreadId
GlobalFree
ExitProcess
GetCurrentProcess
GetLastError
DuplicateHandle
SetLocaleInfoW
SetLastError
GlobalAlloc
GetVersionExW
GetThreadContext
WriteProcessMemory
GetTempPathW

shlwapi

PathCombineW
SHGetValueW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ