e14d9bd28f8101a7901a0d0fc3437545_JaffaCakes118 | Triage

Sharing

General

Target

e14d9bd28f8101a7901a0d0fc3437545_JaffaCakes118
Size

283KB
MD5

e14d9bd28f8101a7901a0d0fc3437545
SHA1

fe121de8dd7e82ce06a96cc7b8072e1ab12a9370
SHA256

940eceaa0e8b97e3a78cb4b62badeb228d29e610625e4c746346f35762f026d1
SHA512

09319e8f41bc429291db16f46584900906b2367299385df9a6d64abfa32898a2318a8108e163ef76c4e5064bcc4dd02f3bc5806f8c5c9a114f622e023944f18e
SSDEEP

6144:hfdXKu7e03vsKGp4AhnaJY0j5l2cVK3KJV9dd5DhcMUoV5wZOIoM02:xFKw0pqwSdj5BVKIRd7fwZOIo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e14d9bd28f8101a7901a0d0fc3437545_JaffaCakes118

Files

e14d9bd28f8101a7901a0d0fc3437545_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8e3d763eabafe76e2468b9a9c8cbd1f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
SizeofResource
GlobalAddAtomW
HeapFree
MultiByteToWideChar
FindResourceExA
GetProcAddress
RaiseException
LocalFree
InterlockedExchange
LockResource
EnumResourceTypesA
CloseHandle
GetModuleHandleA
EnumResourceNamesA
GlobalFree
FindFirstFileA
FormatMessageA
HeapAlloc
GetCurrentDirectoryA
FindNextFileW
GetCurrencyFormatA
EnumResourceLanguagesA
GetProcessHeap
SetLastError
GetCommandLineA
EnumResourceNamesA
LoadLibraryW
GetLastError
LoadResource
Sleep

user32

wsprintfW
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
GetWindowTextA
wsprintfA

setupapi

CM_Get_Depth
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyA
CM_Get_DevNode_Status

Sections

.text
Size: 149KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ