5f9a57e7a08ca69f4152e98f780bf724_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5f9a57e7a08ca69f4152e98f780bf724_JaffaCakes118
Size

171KB
MD5

5f9a57e7a08ca69f4152e98f780bf724
SHA1

a157dc4e36f6944a8e682da913f5868707eda25c
SHA256

8449fb48aa532636782a1c200bc7d7d8cdfdbee987870c0656f216103ad2c74d
SHA512

304fc28355ac38b7ce0f6e86d385eab78600a2de13572afeb4d5a15009ca16327e977b1c6a722a7ddf713160e9045cfb47551942369572894f3cd7e4df01f480
SSDEEP

3072:mN0lRgvn0EWPPMUOAql25uuq7iox3QI2/o1wNavc6yfABLliMUBUJH:8g0n0EWPPMryqG6AIJwovMmoW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f9a57e7a08ca69f4152e98f780bf724_JaffaCakes118

Files

5f9a57e7a08ca69f4152e98f780bf724_JaffaCakes118
.exe windows:4 windows x86 arch:x86

aa0f104dfbaeddeba428e416acdd7b1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipCreateHBITMAPFromBitmap
GdipCloneImage

kernel32

CloseHandle
InitializeCriticalSection
AddAtomW
InterlockedIncrement
GetCurrentThreadId
GetCurrentProcessId
FlushInstructionCache
GetCurrentProcess
RaiseException
LCMapStringA
GetStringTypeW
LCMapStringW
LoadLibraryExA
IsBadCodePtr
SetStdHandle
EnumResourceNamesA
EnterCriticalSection
InterlockedDecrement
LeaveCriticalSection
FlushFileBuffers
GetModuleHandleA
RegisterWaitForSingleObject
GetSystemTimeAsFileTime
GetStringTypeA
GetLastError
IsBadReadPtr
DeleteCriticalSection
HeapAlloc
SetFilePointer
SizeofResource

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

gdi32

CreateFontIndirectA

shell32

Shell_NotifyIconA

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ