b198ccf17826157030f93839b0073334_JaffaCakes118 | Triage

Sharing

General

Target

b198ccf17826157030f93839b0073334_JaffaCakes118
Size

278KB
MD5

b198ccf17826157030f93839b0073334
SHA1

2ba5171bf0917bc42b0f3307b02d96fba026eb8c
SHA256

cae560e45455ea4fd8ddd3e5a9de9eef9e7bf9c26b1fae83b538ec111e145cc6
SHA512

fc3c194d25c17aacb5ccada7c7ed3195a543c735b8f22c4b1a39e2e54df7f005b1c1e521d135cc651529e2f81261582b3dacfaa57061e3df5eaae5af9102efe8
SSDEEP

6144:h2xWmwEiSh908fenhnhwNJJ3FQl8gLxq9KuFlqvsqBVSNk3teUF:h2ZrTgnhh6FyrLskuzqEqiY8U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
b198ccf17826157030f93839b0073334_JaffaCakes118

Files

b198ccf17826157030f93839b0073334_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d166cc04cc503032411f70814914a732

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Child
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

kernel32

GetModuleHandleA
WinExec
GlobalAlloc
AddAtomA
LoadLibraryW
WriteFile
FindClose
GetCurrentDirectoryW
OutputDebugStringA
GetModuleFileNameW
GlobalFree
LockFile
GetFileSize
GetVersion
SetFileAttributesW
GetProcAddress
GetDriveTypeW
GetModuleHandleW
GlobalUnlock
CloseHandle
SetLastError
GetVersionExW
EnumResourceNamesW
GetSystemDefaultLCID
SetFileTime
SearchPathW
DeleteFileW
IsDBCSLeadByteEx
lstrlenW
FindActCtxSectionStringW
FindFirstFileW
ReadFile
MoveFileW
IsDBCSLeadByte
GlobalReAlloc
FindNextFileW
UnlockFile
SetFilePointer
GetVolumeInformationW
GetACP
GetFileAttributesW
GetFileTime
GlobalSize
GetLastError

Sections

.text
Size: 143KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ