4abf1a59f166f5db9b7663846eb5e21d_JaffaCakes118 | Triage

Sharing

General

Target

4abf1a59f166f5db9b7663846eb5e21d_JaffaCakes118
Size

169KB
MD5

4abf1a59f166f5db9b7663846eb5e21d
SHA1

b69f453ba2b2ebe87e3940d39dd047e6e1e7136b
SHA256

b3d42bf78fb8229ef5be68f69ef5fbc194d0d2da7ccf9e65fd915680459c0a40
SHA512

0b10ab7ce7b417031f3c5af469f1e6e1a78d7819de034d5bd5cb6901d5b4c115f363912a68825ffa97a886ca710821a4a15a0deb41d4156573eeb7df87a61610
SSDEEP

3072:lsV0+otEjF9kKBvGBt0WVAPOGLkVVpOqIg3FOiN+rcVqNv:mV0+otI9kOGBCeAPLId/FOiEr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4abf1a59f166f5db9b7663846eb5e21d_JaffaCakes118

Files

4abf1a59f166f5db9b7663846eb5e21d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ac25c1c8b5878857962d0354b30c2389

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashW

winmm

mciSendCommandW
sndPlaySoundW

setupapi

CM_Get_Depth_Ex
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyA
CM_Get_DevNode_Status

kernel32

GetConsoleMode
TlsAlloc
AddAtomW
MapViewOfFile
InterlockedIncrement
SetLastError
GetConsoleCP
GetModuleHandleW
GetProcAddress
UnmapViewOfFile
GetTempPathW
CreateFileA
TlsGetValue
GetProcessHeap
FlushFileBuffers
TlsFree
InterlockedDecrement
EnumResourceNamesA
ExitProcess
CreateFileMappingA
IsBadStringPtrW
HeapFree
WriteConsoleW
TlsSetValue
LoadLibraryExW
HeapAlloc
GetEnvironmentVariableW
GetVersionExA
GetVersionExW
CreateFileW
GetLastError
GetModuleHandleA
Sleep

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ