fbd644dbe1203eb4a7a0f0f002f2e421_JaffaCakes118 | Triage

Sharing

General

Target

fbd644dbe1203eb4a7a0f0f002f2e421_JaffaCakes118
Size

166KB
MD5

fbd644dbe1203eb4a7a0f0f002f2e421
SHA1

7761777af35b9ac68595eaa9de86deec012e03cc
SHA256

ab2e7570287a4ec38ad19bfad8991501c5edd58f0582b68a69275270ff6493c1
SHA512

79e50f0b91ffebb459f05c1066cc487e9143c7945062e887f80d9636a11d64ad50dd0663261a80aa601ff0c707a55015defa4501a21a2d0d44794da5cfb76d94
SSDEEP

3072:/8bn/Y5Juwre8zMmU/BAQepx2ztPR9FgRkKmKJ8eW:/0nwKC0meAX2tj2DJ8eW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbd644dbe1203eb4a7a0f0f002f2e421_JaffaCakes118

Files

fbd644dbe1203eb4a7a0f0f002f2e421_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bc66577f2dbd2738ee8b782d12f761bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

GetCalendarInfoW
RtlUnwind
HeapSize
SetFilePointer
HeapCreate
VirtualFree
GetOEMCP
RaiseException
HeapDestroy
ReadFile
GetCPInfo
GetStartupInfoA
EnumResourceNamesA
SetEndOfFile
ExitProcess
GetACP
DeleteCriticalSection
FreeEnvironmentStringsA
InitializeCriticalSection
IsValidCodePage
EnterCriticalSection
HeapReAlloc
LeaveCriticalSection
VirtualAlloc
SetEnvironmentVariableA

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

shell32

SHGetFolderPathW

user32

SendMessageA
GetDlgItem
CreateWindowExW
DestroyWindow
EnumChildWindows
IsWindow
GetWindowThreadProcessId

ole32

CoGetMalloc
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoQueryProxyBlanket
CoSetProxyBlanket
CoInitializeSecurity
CoUninitialize
StringFromGUID2

rpcrt4

UuidCreate

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ