565d0d2f5cac4d89d9d3c2cc668651e3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

565d0d2f5cac4d89d9d3c2cc668651e3_JaffaCakes118
Size

170KB
MD5

565d0d2f5cac4d89d9d3c2cc668651e3
SHA1

10b1f84bae75735685e294be3aa27734055f51c4
SHA256

b04132df9f3fded8a1e908480117819e2ccdc13e04c4923771abd81e72441770
SHA512

b36a03615bce1ca30710465c0a44df724b3e012751713258a1ab188713b53c752a99370479c4447b6d687bff9a598116fc733954a73fd42b88e2501f17a1e865
SSDEEP

3072:FNnpDREAXnI2YL2sh3qb6MscoVgEOCONWpg+2f1hbwu2RLAkCL7qFbXzBGMOZlyl:xD+AXtS21PsN1HCV+2fUPEvL7k1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
565d0d2f5cac4d89d9d3c2cc668651e3_JaffaCakes118

Files

565d0d2f5cac4d89d9d3c2cc668651e3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f3db651fb0ea7af4d9bce08f323699db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Child
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

kernel32

SetLastError
GlobalSize
AddAtomA
GetVersionExW
CloseHandle
LockFile
IsDBCSLeadByte
SetFileAttributesW
SetFilePointer
GetModuleHandleW
WriteFile
GetCurrentDirectoryW
GlobalReAlloc
GetFileTime
DeleteFileW
WinExec
GlobalFree
GetProcAddress
FindNextFileW
EnumResourceNamesW
GlobalUnlock
OutputDebugStringA
FindClose
MoveFileW
GetACP
LoadLibraryW
GetDriveTypeW
ReadFile
GlobalAlloc
UnlockFile
FindFirstFileW
FindActCtxSectionStringW
GetVersion
IsDBCSLeadByteEx
lstrlenW
GetFileAttributesW
GetModuleFileNameW
SearchPathW
GetSystemDefaultLCID
GetModuleHandleA
GetVolumeInformationW
SetFileTime
GetFileSize
GetLastError

Sections

.text
Size: 93KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ