290e49b9a9fb4931e3505da331071e9a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

290e49b9a9fb4931e3505da331071e9a_JaffaCakes118
Size

368KB
MD5

290e49b9a9fb4931e3505da331071e9a
SHA1

59f198531ac978b171c16c99822888ed3d387dc5
SHA256

bbd93f3a56652885c699f877a802f10ea391e0891bdd24858be83a1b97ea11de
SHA512

8eb51fd5952403af741af01c045f8e4dd3ec9655db5eb4e51b089e6195a59a24c05241bb4d0b843075f7df46955ad6bf424a9b9c5eab37c00e2d202a22e86cd4
SSDEEP

6144:DAUsxnVs3zjKFYUKGYyrBKcHnjYfIHTn1rrQzWmtXhzpJP/yDfMvCecDjd7mUOV:DAZ6GMWTHnnzn1rrQ5tTIJp7mf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
290e49b9a9fb4931e3505da331071e9a_JaffaCakes118

Files

290e49b9a9fb4931e3505da331071e9a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a921c1fea8f63bb39f66879930e1b790

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
CreateThread
GetACP
LocalFree
CloseHandle
GetModuleHandleW
VirtualAlloc
GetEnvironmentVariableA
InterlockedExchange
FreeConsole
GetDriveTypeW
GlobalFree
FindVolumeClose
GetPrivateProfileIntW
lstrlenA
LocalSize
ResetEvent
GetMailslotInfo
WriteFile
ResumeThread

user32

DispatchMessageA
IsWindow
CallWindowProcW
DrawStateW
EndDialog
GetClientRect
GetClassInfoA
CreateWindowExA
GetSysColor
SetFocus
GetSysColor
GetKeyboardType
GetCursorInfo

qedit

DllUnregisterServer
DllUnregisterServer
DllUnregisterServer
DllUnregisterServer
DllGetClassObject

hdwwiz.cpl

InstallNewDevice

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ