89ef29dc300bfa7f849234ab87a08440_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

89ef29dc300bfa7f849234ab87a08440_JaffaCakes118
Size

175KB
MD5

89ef29dc300bfa7f849234ab87a08440
SHA1

c06741adde7f81e1bcc650951d916873379de606
SHA256

411e7773fac584dba44b45eb7f02fc546304d61be10324fc7031fa41152efeea
SHA512

4123a47dfe60ca63b0417d4ebc143e0253ef9288d410e955128f9dbd1dc08e4f710c31ec81c8d8113effb9d52049bb07a01e5697e99a5e7f72190fe34a2bdc22
SSDEEP

3072:t/kcFGL5ZNR93r2KUWpcBCfTH5MIJbmve86KbJsWDf023N+8+GpD+O+E:t/BYrLjnzH9mv0vWA23N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89ef29dc300bfa7f849234ab87a08440_JaffaCakes118

Files

89ef29dc300bfa7f849234ab87a08440_JaffaCakes118
.exe windows:4 windows x86 arch:x86

af5296f9e7f9b7c63b5e00691d54df6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreate

user32

SendMessageA
CreateWindowExW
EnumChildWindows
DestroyWindow
IsWindow
GetDlgItem
GetWindowThreadProcessId

kernel32

GetCalendarInfoW
GetCPInfo
GetOEMCP
RaiseException
VirtualAlloc
EnterCriticalSection
HeapSize
RtlUnwind
ReadFile
GetStartupInfoA
IsValidCodePage
VirtualFree
EnumResourceNamesA
InitializeCriticalSection
SetFilePointer
FreeEnvironmentStringsA
HeapCreate
SetEndOfFile
DeleteCriticalSection
ExitProcess
HeapDestroy
LeaveCriticalSection
GetACP
HeapReAlloc
SetEnvironmentVariableA

shell32

SHGetFolderPathW

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

ole32

CoGetMalloc
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoQueryProxyBlanket
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity
StringFromGUID2

newdev

UpdateDriverForPlugAndPlayDevicesW

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ