8ba06a100fe99cbf77241bb0ddbfaf26_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8ba06a100fe99cbf77241bb0ddbfaf26_JaffaCakes118
Size

171KB
MD5

8ba06a100fe99cbf77241bb0ddbfaf26
SHA1

6ee3251e6163a4151196138c4ad5194c49ac92f2
SHA256

756a97a88b543d40b4cf561125d92613d50d97dcb2637f2b62ee9c9f5f8ef7c1
SHA512

9a9227065ccc044d98a2b8326eb60dac50ef685cc962f57b55283d2987b4152c2bab967b50d393d3fbed01a484785720db60d79d318700b852f9be54c4fb0030
SSDEEP

3072:pYwnZkEzB2gK4T0rIfEtZNrgShZi3hxCuMHSsjq3WaOTJ27hhxf9pSu:ppZVzBHK4T6OKZNrz+xZwPchXT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ba06a100fe99cbf77241bb0ddbfaf26_JaffaCakes118

Files

8ba06a100fe99cbf77241bb0ddbfaf26_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f121e9a71fa43247da59b370718219c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashW

setupapi

CM_Get_Depth_Ex
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyA
CM_Get_DevNode_Status

winmm

mciSendCommandW
sndPlaySoundW

kernel32

AddAtomW
GetVersionExW
GetVersionExA
UnmapViewOfFile
CreateFileA
InterlockedDecrement
WriteConsoleW
SetLastError
FlushFileBuffers
GetModuleHandleA
GetTempPathW
TlsFree
LoadLibraryExW
HeapAlloc
GetModuleHandleW
TlsAlloc
HeapFree
EnumResourceNamesA
ExitProcess
CreateFileMappingA
GetLastError
IsBadStringPtrW
GetConsoleMode
TlsSetValue
GetProcessHeap
MapViewOfFile
TlsGetValue
GetProcAddress
InterlockedIncrement
GetConsoleCP
GetEnvironmentVariableW
CreateFileW
Sleep

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ