92f5b775f7868663b3bdd93f8533d43a_JaffaCakes118 | Triage

Sharing

General

Target

92f5b775f7868663b3bdd93f8533d43a_JaffaCakes118
Size

171KB
MD5

92f5b775f7868663b3bdd93f8533d43a
SHA1

4623e8835716bbaf5347519e5fd59e3ba51c9387
SHA256

63e7fe69c0ce16a11967ac833ed1999577d084404b8cd3522adb8fd728ba7844
SHA512

178afb7610ece549fd8144321b29b55fe721d82b7aa850fa4f4bc352e41ff247275d45017a4ebc66f197d2443d05c9bc5c0a46f792495d5e7424be0ad3f0d576
SSDEEP

3072:rDHO5uvbqCzXTvrTGUUQzqKXy6DholcHUkQeaecXkzvaqlLps66C55b//:GhCDnTrXzqKXy6dYgQeaecXOyq7s0/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
92f5b775f7868663b3bdd93f8533d43a_JaffaCakes118

Files

92f5b775f7868663b3bdd93f8533d43a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

95869c4e2bd3221f1264550584a7cbf3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mciSendCommandW
sndPlaySoundW

kernel32

CreateFileA
GetLastError
AddAtomW
UnmapViewOfFile
ExitProcess
CreateFileMappingA
GetProcessHeap
GetModuleHandleA
MapViewOfFile
TlsAlloc
GetEnvironmentVariableW
CreateFileW
GetVersionExW
GetVersionExA
EnumResourceNamesA
TlsGetValue
HeapAlloc
GetConsoleMode
GetTempPathW
TlsSetValue
GetProcAddress
IsBadStringPtrW
HeapFree
SetLastError
FlushFileBuffers
LoadLibraryExW
GetConsoleCP
WriteConsoleW
InterlockedIncrement
GetModuleHandleW
InterlockedDecrement
TlsFree
Sleep

setupapi

CM_Get_Depth_Ex
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyA
CM_Get_DevNode_Status

shlwapi

PathAddBackslashW

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ