56d3c79c735211c1e74134a55b4d0b18_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

56d3c79c735211c1e74134a55b4d0b18_JaffaCakes118
Size

188KB
MD5

56d3c79c735211c1e74134a55b4d0b18
SHA1

bf222ce07b258a0a1bff5ed4cae10cdfa88dfb32
SHA256

72c032fac9d7f88f126dbe1ffbb0937a3121c1edaf984836bc8a7fc8506576d0
SHA512

8f7fcc6f579c664772e4362d67c7c201713bf22a0741730b27cb128cf22ddba58060fb6c80f807c7b827002847abb44fa3c61bf07e299cfd36f98a3b47d302c9
SSDEEP

3072:l/4GrlTF5XWwuHCQ9i5Vl8J8M0iL+5YzEodK8QVQ+7UW/jfjVJya0VOlKVyrnd:9Tr3huH0C67H8QVQVW/HVsbVOxr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56d3c79c735211c1e74134a55b4d0b18_JaffaCakes118

Files

56d3c79c735211c1e74134a55b4d0b18_JaffaCakes118
.exe windows:4 windows x86 arch:x86

57cbd3e8430e9048143ee3b26019adfb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Depth_Ex
SetupDiGetDeviceRegistryPropertyA
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

msimg32

AlphaBlend
TransparentBlt

winmm

mciSendCommandW
sndPlaySoundW

kernel32

HeapAlloc
WriteConsoleW
AddAtomW
GetVersionExW
GetModuleHandleA
GetLastError
HeapFree
GetConsoleMode
GetVersionExA
ExitProcess
GetConsoleCP
SetLastError
CreateFileMappingA
GetEnvironmentVariableW
TlsGetValue
GetModuleHandleW
InterlockedDecrement
MapViewOfFile
EnumResourceNamesA
UnmapViewOfFile
VerLanguageNameA
FlushFileBuffers
TlsAlloc
LoadLibraryExW
InterlockedIncrement
CreateFileW
GetTempPathW
GetProcAddress
CreateFileA
GetProcessHeap
TlsSetValue
TlsFree
Sleep

shlwapi

PathAddBackslashW

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ