6b3aeccdd1f44eb2d49b0fa601d2e026_JaffaCakes118 | Triage

Sharing

General

Target

6b3aeccdd1f44eb2d49b0fa601d2e026_JaffaCakes118
Size

277KB
MD5

6b3aeccdd1f44eb2d49b0fa601d2e026
SHA1

29933063339e4115fedf12822587f4d0898c774b
SHA256

6798af171f4e5d6720c9fad7f8fc76e37bb1632d3970fa8de9ccb09834580821
SHA512

eaa37ed4ea8f5b21724fe01154e15c5e5bf7431f6f69e30a5898298eabc7decf5748ce78be6d5e27e4818c2137dd222216aabb6f8403634a9e053359f79dfaa9
SSDEEP

6144:IM6cc26HaIhMB4H1uhUTnu0XUzD8bdlRCTC99vdr04:kHaNuH1uKUD83+gdA4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b3aeccdd1f44eb2d49b0fa601d2e026_JaffaCakes118

Files

6b3aeccdd1f44eb2d49b0fa601d2e026_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eb6243dea7e972188e0dc85a0b73b575

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

newdev

UpdateDriverForPlugAndPlayDevicesW

user32

GetDlgItem
EnumChildWindows
IsWindow
DestroyWindow
CreateWindowExW
SendMessageA
GetWindowThreadProcessId

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

setupapi

CM_Get_Parent
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

kernel32

AddAtomA
GetCPInfo
GetEnvironmentStringsW
GetStartupInfoA
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
EnumResourceLanguagesA
GetStringTypeExW
GetEnvironmentStrings
WriteFile
FreeEnvironmentStringsW
SetUnhandledExceptionFilter

shell32

SHGetFolderPathW

iphlpapi

GetIpAddrTable

Sections

.text
Size: 136KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ