9ed6c83c0f81868328e04d32c6231936_JaffaCakes118 | Triage

Sharing

General

Target

9ed6c83c0f81868328e04d32c6231936_JaffaCakes118
Size

278KB
MD5

9ed6c83c0f81868328e04d32c6231936
SHA1

287218b13c8b33b70ba5cec42cf4cad13cca6b85
SHA256

c727e9dbb045c5e7f6f6fa01722c399e3f2ccf5827f631189acb9bb69c75e241
SHA512

ae451a6beb4e0d6c5b225ef5fdf4e39ed00024da3b81bd0ebf550d8146e33fb4436636eb94d71cb03087c86127678e1f8002435259877fd953bce104f6d64e00
SSDEEP

6144:eBnnldVKx9TuNZouuIqhsWToQW1L0YGFVW0M8VXNcZP:eldV6TK6FImsVQWRaFM0TVXC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ed6c83c0f81868328e04d32c6231936_JaffaCakes118

Files

9ed6c83c0f81868328e04d32c6231936_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7d4e0ac4077ae4cf87300b388f7acc16

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_DragLeave
ImageList_DragMove
ImageList_DragEnter

newdev

UpdateDriverForPlugAndPlayDevicesW

iphlpapi

GetIpAddrTable

kernel32

TlsGetValue
AddAtomA
GetModuleHandleA
FlushFileBuffers
TlsAlloc
GetProcAddress
GetVersionExA
EnumResourceTypesA
GetPrivateProfileStructA
TlsSetValue
HeapAlloc
HeapFree
GetProcessHeap
ExitProcess
TlsFree

setupapi

CM_Get_Sibling
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

shlwapi

StrCmpNIA
StrStrA

shell32

SHGetFolderPathW

Sections

.text
Size: 136KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ