a4d194a281b7b1a5c3dd31b9df406b7d_JaffaCakes118 | Triage

Sharing

General

Target

a4d194a281b7b1a5c3dd31b9df406b7d_JaffaCakes118
Size

175KB
MD5

a4d194a281b7b1a5c3dd31b9df406b7d
SHA1

68a2728241d8b6295905ba650329ed632b2e151c
SHA256

3cfd48abc285db2cd706d204c6c8990e3afb9ec9338537ebfb5c91e943cace71
SHA512

cba7d37e71fcd79cf60817ba84ad176dd7f2979a938ec12fccb093a12cfe911f0921e236fd39addaa06ca5027916155625b3d2ee9c8671112447a52bcb260b79
SSDEEP

3072:JXred4YI4gHwWehX2SoaOL71Jri0I2XsftcgNvzXy1H:JXre2YOHkt2gO/1JO04tfNbiJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4d194a281b7b1a5c3dd31b9df406b7d_JaffaCakes118

Files

a4d194a281b7b1a5c3dd31b9df406b7d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1a58f179b54eeb801395b245d8d195dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfW
GetWindowTextA
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
wsprintfA

setupapi

CM_Get_Depth
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyA
CM_Get_DevNode_Status

kernel32

GlobalAddAtomW
GetProcessHeap
FindNextFileW
HeapFree
EnumResourceNamesA
FormatMessageA
GetCurrentDirectoryA
GlobalFree
FindResourceExA
RaiseException
GetModuleHandleA
FindFirstFileA
FindFirstFileW
LoadResource
LockResource
EnumResourceNamesA
GetProcAddress
HeapAlloc
InterlockedExchange
EnumResourceTypesA
SizeofResource
GetCurrencyFormatA
LoadLibraryW
MultiByteToWideChar
SetLastError
EnumResourceLanguagesA
GetCommandLineA
GetLastError
LocalFree
CloseHandle
Sleep

Sections

.text
Size: 94KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ