3c85264e449523234c2a2dd7a78ace15_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c85264e449523234c2a2dd7a78ace15_JaffaCakes118
Size

170KB
MD5

3c85264e449523234c2a2dd7a78ace15
SHA1

f60e8adb4dd40062b4e496ac8f92f7b0c05297a3
SHA256

f36a4e752d0f2cc927a78ca329419910332ef287bc4897835231d9924e6735d9
SHA512

1ffcd9cf69c28379d8b8c1a0391917b83e6f6a188343f06a5fcd875daaaa7300e38b78a2307d7e3f047c88952bc6004dbabea70ebee7a221922c7ca231a12e4a
SSDEEP

3072:Sy4JoUjtSfwGRHxBkHLbUNkBquzVNDrn/XmmIcFaozJNle0nsdeZ:Sy9YCkrbUSfVJ/XmmIc8oHlPAe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c85264e449523234c2a2dd7a78ace15_JaffaCakes118

Files

3c85264e449523234c2a2dd7a78ace15_JaffaCakes118
.exe windows:4 windows x86 arch:x86

be829a58caf7b25afc23ffe45c62aff5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Depth_Ex
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyA
CM_Get_DevNode_Status

winmm

mciSendCommandW
sndPlaySoundW

kernel32

GetLastError
GetConsoleCP
InterlockedIncrement
AddAtomW
WriteConsoleW
GetVersionExA
FlushFileBuffers
InterlockedDecrement
CreateFileMappingA
HeapFree
UnmapViewOfFile
CreateFileW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
EnumResourceNamesA
GetTempPathW
TlsFree
TlsAlloc
SetLastError
ExitProcess
GetConsoleMode
MapViewOfFile
CreateFileA
IsBadStringPtrW
GetProcAddress
HeapAlloc
GetModuleHandleW
GetEnvironmentVariableW
TlsSetValue
GetProcessHeap
TlsGetValue
Sleep

shlwapi

PathAddBackslashW

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ