4d332e4837d2b38a114301ad9034dda3_JaffaCakes118 | Triage

Sharing

General

Target

4d332e4837d2b38a114301ad9034dda3_JaffaCakes118
Size

171KB
MD5

4d332e4837d2b38a114301ad9034dda3
SHA1

006d5d6faf6814e08e202f0340c490dfc41ecc16
SHA256

17ceead059e3df10a55800bb0e0f2ee3737e6712f187eebf25ac92df1e60f9a4
SHA512

fdc27393be917736b92ce6c5a98d880d7d688dc3a810b50f24ec6d359aaefc969a7b52e070589d40b3f5f07b3fc835438abd2c9a758b6e815d941aae417a0308
SSDEEP

3072:+1YS4qLdtJ45viJfVjGejqYF0CGr3O5vk+JgwFban78WTSvW2t/lJf58deh2AvO6:642tmlajvqQ0C04HbBaVShzJSezO8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d332e4837d2b38a114301ad9034dda3_JaffaCakes118

Files

4d332e4837d2b38a114301ad9034dda3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dee5d9d9468c2b52dd9056500df2ccc1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mciSendCommandW
sndPlaySoundW

shlwapi

PathAddBackslashW

setupapi

InstallCatalog
SetupDiGetDeviceRegistryPropertyA
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

msimg32

AlphaBlend
TransparentBlt

kernel32

MapViewOfFile
CreateFileW
InterlockedIncrement
GlobalAddAtomW
CreateFileA
HeapAlloc
GetVersionExA
GetLastError
GetEnvironmentVariableW
GetModuleHandleW
ExitProcess
GetModuleHandleA
GetTempPathW
LoadLibraryExW
GetProcessHeap
EnumResourceNamesA
SetLastError
FlushFileBuffers
TlsAlloc
WriteConsoleW
GetConsoleMode
GetVersionExW
HeapFree
CreateFileMappingA
VerLanguageNameA
GetProcAddress
InterlockedDecrement
TlsGetValue
UnmapViewOfFile
TlsFree
GetConsoleCP
TlsSetValue
Sleep

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ