bee3f9d3db6ea12968dc30dc310b9e2f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bee3f9d3db6ea12968dc30dc310b9e2f_JaffaCakes118
Size

279KB
MD5

bee3f9d3db6ea12968dc30dc310b9e2f
SHA1

2c669831d8b567c1636c5e739cf78fbdeb5272d5
SHA256

7046134cf79d0c0956babe7cf421e5c65d2794dee32955dae2a202c807d076d8
SHA512

bea72eecaf328afd75e9623556ff006174a9f21ae049863e450e89b01f8106966e9f929bdbb5373849b2f56e4e0811176a45fa506d5629e6d58d83f18207d0a8
SSDEEP

6144:e2MZZls6+jJCJ+pzcl0Ya5IdVowijuPeP1Ax3w6Qr:VMZZls60J68U6IdSxjOwmi6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bee3f9d3db6ea12968dc30dc310b9e2f_JaffaCakes118

Files

bee3f9d3db6ea12968dc30dc310b9e2f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

34b40c09bf82d94a90f8086d1c56ce60

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Child
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

kernel32

WriteFile
ReadFile
AddAtomA
WinExec
GetVersionExW
MoveFileW
GetDriveTypeW
GlobalReAlloc
SetLastError
GetModuleHandleA
GlobalSize
GlobalFree
SetFileAttributesW
FindNextFileW
IsDBCSLeadByteEx
lstrlenW
SetFilePointer
DeleteFileW
GetProcAddress
GetFileTime
GetVersion
EnumResourceNamesW
FindFirstFileW
CloseHandle
UnlockFile
GetCurrentDirectoryW
CheckNameLegalDOS8Dot3W
SetFileTime
LockFile
LoadLibraryW
SearchPathW
GetVolumeInformationW
GetFileAttributesW
GetModuleFileNameW
GetFileSize
FindClose
IsDBCSLeadByte
OutputDebugStringA
GlobalUnlock
GetModuleHandleW
GetSystemDefaultLCID
GlobalAlloc
GetACP
GetLastError

Sections

.text
Size: 146KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ