aa6ac5e9b67731b3bdd806a9a5119d56_JaffaCakes118 | Triage

Sharing

General

Target

aa6ac5e9b67731b3bdd806a9a5119d56_JaffaCakes118
Size

166KB
MD5

aa6ac5e9b67731b3bdd806a9a5119d56
SHA1

8819e74050abe93af4f54d97726146aea507a221
SHA256

43aacf7e7cee4343764e59581133e12edbb1df256e533da912b995de73225286
SHA512

7ac00a76059504832ee74d55f18839320cb23272cee1df1f2468f84f856576cc6c1aba92451f8a8cddb89bf9a6a8349d964663bd39ef99a658d644fc0c01465d
SSDEEP

3072:rT4Jfb3zQJBSPywlV1etp1gViNiFj3mLNMCMNrs:rTsj3zsSP/otpIQcmLEr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa6ac5e9b67731b3bdd806a9a5119d56_JaffaCakes118

Files

aa6ac5e9b67731b3bdd806a9a5119d56_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0654a306ec05c5bb8767f440d04e9120

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

newdev

UpdateDriverForPlugAndPlayDevicesW

shell32

SHGetFolderPathW

rpcrt4

UuidCreate

ole32

CoGetMalloc
CoInitializeSecurity
CoQueryProxyBlanket
CoUninitialize
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
StringFromGUID2

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

user32

CreateWindowExW
EnumChildWindows
IsWindow
SendMessageA
GetDlgItem
DestroyWindow
GetWindowThreadProcessId

kernel32

RaiseException
GetCPInfo
GetCalendarInfoW
EnterCriticalSection
GetOEMCP
HeapReAlloc
IsValidCodePage
GetStartupInfoA
ExitProcess
SetFilePointer
DeleteCriticalSection
EnumResourceNamesA
ReadFile
HeapSize
SetEndOfFile
VirtualAlloc
FreeEnvironmentStringsA
InitializeCriticalSection
VirtualFree
LeaveCriticalSection
HeapDestroy
HeapCreate
GetACP
RtlUnwind
SetEnvironmentVariableA

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ