ed498471068c50ccdad664f698b56f4a_JaffaCakes118 | Triage

Sharing

General

Target

ed498471068c50ccdad664f698b56f4a_JaffaCakes118
Size

172KB
MD5

ed498471068c50ccdad664f698b56f4a
SHA1

26587940f0d41b1cc6dd2954b7d1cad0e77dd765
SHA256

20913ed5548410745729c3f425f22bdf4e6acb47afa79756911fe5946b5f835c
SHA512

a0f71dcfb163560032e883b69930c2240a695e50bb3f36693106b0144202067f321247bfa61effd84565fe89dcecce40d3d45c8a5629aeb734e25876ade86afd
SSDEEP

3072:6UijtdFH9aEdozWO/sn3IFEUEckt5kFxmjmfGZKKXZxvpDNR4Cb/jteHV:6JFo/1FEUjk20mOZfZxvpBbVeHV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed498471068c50ccdad664f698b56f4a_JaffaCakes118

Files

ed498471068c50ccdad664f698b56f4a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4ed986abf7ed1ddca3021fecc27f6880

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

Shell_NotifyIconA

gdiplus

GdipCreateHBITMAPFromBitmap
GdipCloneImage

gdi32

CreateFontIndirectA

kernel32

InterlockedIncrement
IsBadCodePtr
AddAtomW
GetStringTypeW
IsBadReadPtr
GetCurrentProcess
LCMapStringW
GetCurrentThreadId
LeaveCriticalSection
LoadLibraryExA
InterlockedDecrement
InitializeCriticalSection
GetModuleHandleA
FlushInstructionCache
SetFilePointer
EnterCriticalSection
EnumResourceNamesA
HeapAlloc
SetStdHandle
RegisterWaitForSingleObject
RaiseException
GetStringTypeA
LCMapStringA
GetLastError
FlushFileBuffers
DeleteCriticalSection
CloseHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
SizeofResource

setupapi

CM_Get_Depth
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ