f5da2590e5938d982c22eab6a5f6d185_JaffaCakes118 | Triage

Sharing

General

Target

f5da2590e5938d982c22eab6a5f6d185_JaffaCakes118
Size

182KB
MD5

f5da2590e5938d982c22eab6a5f6d185
SHA1

42fe806f5872d9816bc16c0ee44e745d41581e11
SHA256

9cdba55daeb92f0de2e841554171327576790cd52b265fa27d77191045aa5647
SHA512

f955ec401d6207b351107abba984d0da8c0cf9c9f0327a900ff53424f3b8331ee811425aca171c3118c515c726d05bb53c408430c76a58e27770853367e1e8af
SSDEEP

3072:CIh75WqHtNw8OC7/GWPcZDpjwN/0D0gjqE8NE5Ulx6Mi/pY8Efd:jtRNNwE/GRnjq/c0gjKE6lx6px7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5da2590e5938d982c22eab6a5f6d185_JaffaCakes118

Files

f5da2590e5938d982c22eab6a5f6d185_JaffaCakes118
.exe windows:4 windows x86 arch:x86

88b9f555dfca48f95165a5438052ced8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

ole32

CoGetMalloc
CoInitializeSecurity
CoQueryProxyBlanket
CoSetProxyBlanket
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize
StringFromGUID2

kernel32

VirtualFree
VirtualAlloc
EnterCriticalSection
GetCalendarInfoW
GetCPInfo
RtlUnwind
HeapCreate
HeapSize
IsValidCodePage
ExitProcess
EnumResourceNamesA
InitializeCriticalSection
DeleteCriticalSection
HeapReAlloc
LeaveCriticalSection
SetEndOfFile
GetStartupInfoA
FreeEnvironmentStringsA
HeapDestroy
GetACP
SetFilePointer
GetOEMCP
RaiseException
ReadFile
SetEnvironmentVariableA

rpcrt4

UuidCreate

user32

DestroyWindow
SendMessageA
EnumChildWindows
GetDlgItem
IsWindow
CreateWindowExW
GetWindowThreadProcessId

shell32

SHGetFolderPathW

newdev

UpdateDriverForPlugAndPlayDevicesW

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ