4d0498962a7885a641a733844ab3516f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d0498962a7885a641a733844ab3516f_JaffaCakes118
Size

175KB
MD5

4d0498962a7885a641a733844ab3516f
SHA1

5d3aac1885847b315f1c1676102598326efa4983
SHA256

0db6fd8f00a9c0d7bf158fcb4fc1c1003157303b7eaa74c337cb5a12c64d0587
SHA512

8c175903a429c3a12dc09c5ce9afa954764cc4ea9887f3bad97562174fe4f306b6b4598abbb2daeb831adeba6406c40e5e1e8eec6eff73064fd231b2cf66a6fd
SSDEEP

3072:sMCxTnt5W8afJYFqBruRrGYdzy9Xk8YkFE2uGvJXsJ1Y0uO:sM0TEfJYFqluRi8z8hFE2rvc1YK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d0498962a7885a641a733844ab3516f_JaffaCakes118

Files

4d0498962a7885a641a733844ab3516f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f426b7cc3161946777d0630fb7b35f71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoGetMalloc
CoQueryProxyBlanket
CoSetProxyBlanket
CoTaskMemFree
CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoUninitialize
StringFromGUID2

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

newdev

UpdateDriverForPlugAndPlayDevicesW

user32

CreateWindowExW
GetDlgItem
IsWindow
DestroyWindow
EnumChildWindows
SendMessageA
GetWindowThreadProcessId

rpcrt4

UuidCreate

shell32

SHGetFolderPathW

kernel32

RaiseException
GetCalendarInfoW
ExitProcess
HeapSize
LeaveCriticalSection
IsValidCodePage
RtlUnwind
GetCPInfo
ReadFile
HeapCreate
EnterCriticalSection
EnumResourceNamesA
GetOEMCP
DeleteCriticalSection
HeapDestroy
HeapReAlloc
GetACP
FreeEnvironmentStringsA
InitializeCriticalSection
VirtualAlloc
VirtualFree
SetEndOfFile
GetStartupInfoA
SetFilePointer
SetEnvironmentVariableA

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ