cf66daf3f589f62edb4a0fbf6f5d8b0b_JaffaCakes118 | Triage

Sharing

General

Target

cf66daf3f589f62edb4a0fbf6f5d8b0b_JaffaCakes118
Size

274KB
MD5

cf66daf3f589f62edb4a0fbf6f5d8b0b
SHA1

a06602d1d22d368c0c368a0a346c9f2b427282e0
SHA256

604530775a7b35fab1bbfc05d2bb1af66e74f42ed02fe5e18cb80a59b2859699
SHA512

138cb36049952a73d6fe83101967b9e7d0edb7aa478810e8d7eb460444517bfaa31f61c4218de07670e6373c14620fee02a5110c3657580342b6447c15ab67ac
SSDEEP

6144:fOXHjn3SOI3x2nuLHWVVHBXDHC4RQkSX4M1WKM7Fjy4Ufs+a:faT3SOiRsfXRQnXb4DRjy4f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf66daf3f589f62edb4a0fbf6f5d8b0b_JaffaCakes118

Files

cf66daf3f589f62edb4a0fbf6f5d8b0b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

99eeea20d301a0ebc238875b9b6d76ae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GlobalAddAtomW
GetCommandLineW
FindFirstFileA
EnumResourceLanguagesW
GetModuleHandleW
FindNextFileA
HeapAlloc
FindFirstFileW
CloseHandle
EnumResourceNamesW
GetProcAddress
EnumResourceNamesA
SetLastError
FindResourceExW
LockResource
GlobalFree
LoadLibraryA
RaiseException
EnumResourceTypesW
LocalFree
GetLastError
FormatMessageW
LoadResource
MultiByteToWideChar
GetDateFormatW
GetCurrentDirectoryW
SizeofResource
InterlockedExchange
HeapFree
Sleep

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

user32

LoadStringA
SetTimer
MessageBoxA
IsWindowVisible
CharUpperA
PostThreadMessageA
KillTimer
GetWindowThreadProcessId
wsprintfW
EnumWindows
PeekMessageA
CharNextA
GetMessageA
GetWindowTextA
DispatchMessageA
wsprintfA

Sections

.text
Size: 137KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ