a9e366e3db8da196f5e4b17b4c71f0ea_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a9e366e3db8da196f5e4b17b4c71f0ea_JaffaCakes118
Size

171KB
MD5

a9e366e3db8da196f5e4b17b4c71f0ea
SHA1

166580437ff626e8e98ea67fdfc83db4df220ecf
SHA256

aa6927b8720e5867adbdcab349b90cf9d1960a49f739a81b2b8a544d994a111b
SHA512

a075835348ee0b899ead3652f21407255aea0ae4f72ca8d27e6a9f65db8198b87d92bd265d97f37adb5dff66a5ef23b652b7df37ba8cdf53b946071c8606b065
SSDEEP

3072:lzheiO7DYs773+z3ngFuR7evc8F+91xytA4EqFC+CHac7x7lc2cgmjPqs:K71774wa72pcXd4Q+0CgmjPj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9e366e3db8da196f5e4b17b4c71f0ea_JaffaCakes118

Files

a9e366e3db8da196f5e4b17b4c71f0ea_JaffaCakes118
.exe windows:4 windows x86 arch:x86

83df052bd76ca5099fed751180d47d1a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashW

kernel32

TlsAlloc
InterlockedDecrement
CreateFileA
GetModuleHandleA
AddAtomW
InterlockedIncrement
GetConsoleCP
WriteConsoleW
GetProcAddress
FlushFileBuffers
HeapFree
GetLastError
CreateFileW
CreateFileMappingA
GetVersionExW
EnumResourceNamesA
LoadLibraryExW
UnmapViewOfFile
MapViewOfFile
TlsGetValue
GetConsoleMode
GetTempPathW
GetEnvironmentVariableW
IsBadStringPtrW
TlsSetValue
GetProcessHeap
HeapAlloc
GetModuleHandleW
ExitProcess
GetVersionExA
TlsFree
SetLastError
Sleep

winmm

mciSendCommandW
sndPlaySoundW

setupapi

CM_Get_Depth_Ex
SetupDiGetDeviceRegistryPropertyA
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ