394d5a20cf43c87a4b11c280f74c52fe_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

394d5a20cf43c87a4b11c280f74c52fe_JaffaCakes118
Size

197KB
MD5

394d5a20cf43c87a4b11c280f74c52fe
SHA1

41d112f9f219cc718666b29582761b0b3549a0e7
SHA256

f5f84db983021314fa673ead3f57383d216fd90d4ddc0d649431888b99d93c47
SHA512

fe43ab41f8d07bb9ad9196d5081099af583c7563f6ce3f9606ee42c945998b81be9a27e9b1cb2c04d7fb821576ad4a8a225cf90d144cbdb27ec37879230739e1
SSDEEP

3072:py+iiovF+xmGXNoEOYD/5jojs9+YVHMZoMNl1eW0VAfey/rle64yjsa/rvkWFJ6D:pkiyOXnr/MZYVH+cPVKjMc3Jz6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
394d5a20cf43c87a4b11c280f74c52fe_JaffaCakes118

Files

394d5a20cf43c87a4b11c280f74c52fe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

af4faca1b741ed09d80efd82ff9032d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

LoadIconW
RealGetWindowClass
MapVirtualKeyW
GetSystemMetrics

setupapi

CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

kernel32

GetCurrentThreadId
CreateFiberEx
TlsAlloc
FoldStringW
TerminateThread
LoadLibraryA
GetLocaleInfoW
EnumResourceNamesW
TlsFree
FlushFileBuffers
TlsGetValue
GetLastError
Sleep
VirtualProtect

msimg32

AlphaBlend

Sections

.text
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ