94ad7b5d9a70bfcd3f32f5d57f75a909_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

94ad7b5d9a70bfcd3f32f5d57f75a909_JaffaCakes118
Size

281KB
MD5

94ad7b5d9a70bfcd3f32f5d57f75a909
SHA1

139daecb785229ab8843d03dcb243ee8e1091f61
SHA256

ac8b7e85dd8c2ca735be267aa9c6ac1e9ddc7b8c53390f197006a30635db4413
SHA512

ac280a9be378ddec9ce727342d9d5b2c0731783c604ef3b6ce14d5e4d8847b66d5743983d47e54c5005f79c3e876b596d33604c7959c2031f635c89e7dfe0d14
SSDEEP

6144:KwlVFOsOjUffhYFPEbLbVFD/0yYduYE6g6yoBo1jgkoNcxppdncxgd:R3cjQf5CWbTD03E6g6fygk5pptcxg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94ad7b5d9a70bfcd3f32f5d57f75a909_JaffaCakes118

Files

94ad7b5d9a70bfcd3f32f5d57f75a909_JaffaCakes118
.exe windows:4 windows x86 arch:x86

01cd58a26b23897fc1748a5fc9a5678a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
MultiByteToWideChar
CloseHandle
EnumResourceLanguagesA
GlobalAddAtomW
GetCurrentDirectoryA
HeapAlloc
SetLastError
SizeofResource
FindNextFileW
LoadLibraryW
GetProcessHeap
LoadResource
GetLastError
FormatMessageA
EnumResourceNamesA
FindFirstFileW
LocalFree
FindResourceExA
GetModuleHandleA
InterlockedExchange
GetProcAddress
GetCurrencyFormatA
LockResource
EnumResourceNamesA
RaiseException
GetCommandLineA
HeapFree
EnumResourceTypesA
GlobalFree
Sleep

user32

EnumWindows
GetWindowThreadProcessId
GetWindowTextA
IsWindowVisible
wsprintfW
wsprintfA

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyA
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

Sections

.text
Size: 140KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ