b626da0a14b74844d64e796a32308c63_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b626da0a14b74844d64e796a32308c63_JaffaCakes118
Size

185KB
MD5

b626da0a14b74844d64e796a32308c63
SHA1

9e7e9572f363df713f9470219654342229afbc87
SHA256

1597349d81471d29783aa9ea0e7113f61bd90e39716b6a316e3eac48e6734184
SHA512

13d56abeaeb84391c66aa9838759a4228a53a91a6e024b6eb68fdd1e5bfabaaf49f5d73f19daeef8c81327b8cfb779838c6d0dfcf18ceca58c7a99163d404c48
SSDEEP

3072:r0MSmuG8HGQUFyxRDh0LJhgklm1nuiOgEjC2S9SH30YWPv9Cv/PjM+BPnp8/qwYx:r0iIHGIx1h0LJhHmVBOrC2S923/u9+/M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b626da0a14b74844d64e796a32308c63_JaffaCakes118

Files

b626da0a14b74844d64e796a32308c63_JaffaCakes118
.exe windows:4 windows x86 arch:x86

26d8f66aa6106f3ae1e69aae70e892a8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileTime
WinExec
GetVersion
FindNextFileW
GlobalAlloc
LoadLibraryW
AddAtomA
lstrlenW
GlobalFree
GetACP
MoveFileW
CloseHandle
GetFileSize
GetModuleHandleA
GlobalSize
SetFileTime
UnlockFile
GetModuleHandleW
GetProcAddress
GetFileAttributesW
FindFirstFileW
WriteFile
SetLastError
DeleteFileW
GetCurrentDirectoryW
EnumResourceNamesW
GlobalReAlloc
ReadFile
FindClose
LockFile
SetFileAttributesW
FindActCtxSectionStringW
SearchPathW
GetVersionExW
GetVolumeInformationW
GetDriveTypeW
IsDBCSLeadByte
SetFilePointer
OutputDebugStringA
GlobalUnlock
GetModuleFileNameW
GetSystemDefaultLCID
IsDBCSLeadByteEx
GetLastError

setupapi

CM_Get_Child
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

Sections

.text
Size: 93KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ