8e89b3c3fc7a01c4e9a5266af4be3814_JaffaCakes118 | Triage

Sharing

General

Target

8e89b3c3fc7a01c4e9a5266af4be3814_JaffaCakes118
Size

171KB
MD5

8e89b3c3fc7a01c4e9a5266af4be3814
SHA1

cbf5776be5120966f7cd8b3e62a1bcdc3769974e
SHA256

1c7eb8cd5c894c8a3e9b0d823022f9f19bb77ad6c3a36e6c5dc3776455b5ba81
SHA512

f491f5b0e0c27d7ad535a1802682f6b79950c4ab7a1e806d0a8739440ad676807294cb1266eaad85023f7aa815dad8a5c18ac497c7f5bb4642cfbaa58febea8f
SSDEEP

3072:65rdyCdUGswaA0dkq0OYew0tuQoSPnEegId2DoKUtmBxVspIvrvaHmH:kdddUGsy0dMutNtnEegjDoKUkB/esrvc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e89b3c3fc7a01c4e9a5266af4be3814_JaffaCakes118

Files

8e89b3c3fc7a01c4e9a5266af4be3814_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ba5de56fbce679f6178adf8f2add5f2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

shell32

SHGetFolderPathW

user32

GetDlgItem
DestroyWindow
EnumChildWindows
CreateWindowExW
SendMessageA
IsWindow
GetWindowThreadProcessId

newdev

UpdateDriverForPlugAndPlayDevicesW

rpcrt4

UuidCreate

kernel32

HeapDestroy
GetCalendarInfoW
HeapCreate
ExitProcess
InitializeCriticalSection
RtlUnwind
VirtualAlloc
RaiseException
DeleteCriticalSection
EnterCriticalSection
EnumResourceNamesA
IsValidCodePage
HeapSize
SetEndOfFile
GetCPInfo
FreeEnvironmentStringsA
GetOEMCP
LeaveCriticalSection
VirtualFree
GetACP
GetStartupInfoA
SetFilePointer
HeapReAlloc
ReadFile
SetEnvironmentVariableA

ole32

CoGetMalloc
CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoQueryProxyBlanket
CoInitializeSecurity
CoTaskMemFree
StringFromGUID2

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ