8dbcd792f6bf1aefb29501451d505a6a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8dbcd792f6bf1aefb29501451d505a6a_JaffaCakes118
Size

170KB
MD5

8dbcd792f6bf1aefb29501451d505a6a
SHA1

e6dcae13f85d0b8fdf983458d25c654baa0a5bbb
SHA256

1e9fde969d31fcf2cdc5e5115e84c70fe159c346dbb8c379d666e425abfdb07a
SHA512

7f10705759d12f032e22cc2b160b8a501249b9b688acc5496550917e9b6d281caf277a26f6774bea57fd3963471e0ec6df308e8bcaddd61d227c2c5143681a93
SSDEEP

3072:+PRLydL6cHfr/yr4VTbZU1cmMqzskCjrMy56OaaSIG3kBXICzCMM7r3A4egrF8:ERi60fzyrwW1cm9QrlsIbE0I2M7b5v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8dbcd792f6bf1aefb29501451d505a6a_JaffaCakes118

Files

8dbcd792f6bf1aefb29501451d505a6a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

87b20bffc441b16a5a0b15bd03db5bfc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Child
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

kernel32

GetProcAddress
FindNextFileW
GetFileAttributesW
SetFilePointer
LockFile
WinExec
AddAtomA
CloseHandle
GetACP
IsDBCSLeadByteEx
GlobalSize
ReadFile
GetModuleHandleW
SetFileAttributesW
DeleteFileW
SetLastError
lstrlenW
MoveFileW
GetModuleFileNameW
GlobalUnlock
GetModuleHandleA
GlobalAlloc
EnumResourceNamesW
GetVolumeInformationW
FindClose
GetVersionExW
IsDBCSLeadByte
FindFirstFileW
SearchPathW
UnlockFile
FindActCtxSectionStringW
GetDriveTypeW
OutputDebugStringA
GetCurrentDirectoryW
GlobalReAlloc
SetFileTime
GetFileTime
GetVersion
GetFileSize
GlobalFree
GetSystemDefaultLCID
LoadLibraryW
WriteFile
GetLastError

Sections

.text
Size: 93KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ