b5d974ee623e232cb8bdfa5b10f9a628_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b5d974ee623e232cb8bdfa5b10f9a628_JaffaCakes118
Size

1.6MB
MD5

b5d974ee623e232cb8bdfa5b10f9a628
SHA1

d60816ff8deb3e6690d7ed021f6dc092cff7b753
SHA256

3dd5c44370a4942325fba610ddd0a4052661c04faebf5ed079f3a767cb6a3f97
SHA512

ef39f09a6a678fa0affa69a827c475e38dbcd6b09d0f6749a5dc35d2defea9169934ce38f046b6f68b1da6f101b9944eb9dcd5f0a61f37f7292913a2d359cb95
SSDEEP

49152:ERjgX8y2A5fYeMcxqKGawakk7cV1sxGJiqH4qHhdAK21uwB:EtgX81aYhv6pkk7smxGDnuK2Iw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5d974ee623e232cb8bdfa5b10f9a628_JaffaCakes118

Files

b5d974ee623e232cb8bdfa5b10f9a628_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f48609a85db5294e68127f2139fd1929

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemFree
CoCreateInstance
CLSIDFromString
StgCreateDocfile

advapi32

RegDeleteKeyA
RegCloseKey
RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCreateKeyA
RegQueryValueExA

shell32

Shell_NotifyIconA

gdi32

CreateFontIndirectA

comdlg32

ChooseFontA
GetOpenFileNameA

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

shlwapi

PathAddBackslashA

kernel32

AddAtomA
CreateFileA
lstrcpynA
LoadLibraryA
GetThreadLocale
GetCurrentThreadId
FreeLibrary
GetFileAttributesA
lstrlenA
WideCharToMultiByte
EnumResourceNamesA
GetDiskFreeSpaceA
GetLastError
lstrcmpiA
IsDBCSLeadByteEx
lstrcatA
MulDiv
FindFirstFileA
VirtualProtect
GetFullPathNameA
GetTickCount
ReadFile
FlushFileBuffers
MultiByteToWideChar

Sections

.text
Size: 789KB - Virtual size: 789KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 861KB - Virtual size: 860KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ