f42194db9c034979c778a367fd38680b_JaffaCakes118 | Triage

Sharing

General

Target

f42194db9c034979c778a367fd38680b_JaffaCakes118
Size

105KB
MD5

f42194db9c034979c778a367fd38680b
SHA1

07e6c5810ff918f81d924029bb0c44dd9ae3bffe
SHA256

1abb9e9fb44c61fba4123b2e837eb9c1c9f65d72908a265d92daf4fba73eed84
SHA512

8362f8815f7c134e33597bf77bcfbd06c70b979e8337b8ef69d37f6d0f92a89740b6d3dcd014b0102e36383fc222b9b67e791d09f810fde61bfe70b365840baf
SSDEEP

1536:NJYVFonWnvN0RQLT7IM3BOsicT1IqabS+O3tVDBek2nAnB/D0EQgQHbUz/F5:bY0nY0mf93Qsi21InbS+MHDQtQ878/T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f42194db9c034979c778a367fd38680b_JaffaCakes118

Files

f42194db9c034979c778a367fd38680b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

86b658bd7101e30cb53898ddafe10b67

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EnumWindows
GetWindowThreadProcessId
IsWindowVisible
wsprintfW
GetWindowTextA
wsprintfA

kernel32

MultiByteToWideChar
LoadLibraryW
InterlockedExchange
EnumResourceTypesA
GlobalAddAtomW
GetCurrentDirectoryA
GetProcessHeap
FindFirstFileW
GetModuleHandleA
LockResource
HeapFree
GetProcAddress
EnumResourceNamesA
GetCommandLineA
EnumResourceNamesA
GlobalFree
LocalFree
FindResourceExA
LoadResource
FindNextFileW
EnumResourceLanguagesA
FindFirstFileA
FormatMessageA
HeapAlloc
RaiseException
GetCurrencyFormatA
SizeofResource
GetLastError
SetLastError
CloseHandle
Sleep

setupapi

CM_Get_Depth
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyA
CM_Get_DevNode_Status

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ