3b71c2eb3851b9d4413b0cf139fbe89c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3b71c2eb3851b9d4413b0cf139fbe89c_JaffaCakes118
Size

189KB
MD5

3b71c2eb3851b9d4413b0cf139fbe89c
SHA1

e69753e76c6e3cc70edb9b91aeef7eabedd2b5b3
SHA256

d4bd9fd0e652daf00d1e5313660a4341f51704fe890f029e1b7eac556f0eb614
SHA512

d1862d590e9c392264ab16854b7029feed3b4399c8f121010a13150183ad3f46204d7c56c143b7bc55831e660b451797491477da3aad7d322c7e1eb7618f80ec
SSDEEP

3072:ZAWg18YYih0CBWtCNwNqEjysI8oSubjXbta2Vdwsd4G1cppjd3PsC9Bj:ZDE8YYHCBXNYpI8tcXpa+RK9Pso

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b71c2eb3851b9d4413b0cf139fbe89c_JaffaCakes118

Files

3b71c2eb3851b9d4413b0cf139fbe89c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ee42a87874852ff43dc6b4a138ae83d1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Depth
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

user32

EnumWindows
wsprintfW
PeekMessageA
IsWindowVisible
DispatchMessageA
PostThreadMessageA
GetWindowThreadProcessId
GetWindowTextA
GetMessageA
MessageBoxA
KillTimer
LoadStringA
CharUpperA
CharNextA
SetTimer
wsprintfA

kernel32

LoadResource
GlobalAddAtomW
HeapFree
EnumResourceLanguagesW
SizeofResource
LockResource
GlobalFree
FindFirstFileA
GetCurrentDirectoryW
GetLastError
EnumResourceTypesW
InterlockedExchange
GetProcessHeap
MultiByteToWideChar
RaiseException
HeapAlloc
EnumResourceNamesA
EnumResourceNamesW
GetModuleHandleW
CloseHandle
FindNextFileA
LocalFree
FormatMessageW
FindFirstFileW
GetDateFormatW
FindResourceExW
GetCommandLineW
SetLastError
GetProcAddress
LoadLibraryA
Sleep

Sections

.text
Size: 100KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ