fd0f495e2591d50d33149ef4521cf42c_JaffaCakes118 | Triage

Sharing

General

Target

fd0f495e2591d50d33149ef4521cf42c_JaffaCakes118
Size

183KB
MD5

fd0f495e2591d50d33149ef4521cf42c
SHA1

4c48efc91268be9226b42be113e3870e603f59a7
SHA256

8bf262dfef65d1d917608969c942062fbb0bcfa65c28c773c2dcdee479c33a82
SHA512

735b5449640451a0c8ee0a2dac914c43b4fc4c7bc72a9033f75a9e0d39b5f445b102a8569d59b15b9fae58429e0e173d4cb8dd2255c54901c35ff8f9b71c1d35
SSDEEP

3072:BzIIfglntYsALBO6tBONx+LMG/kh8rhg1rUyaYVk8r68i/kRylgEe2O0:uIUHAM+BsrKFwrVLOf/NQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd0f495e2591d50d33149ef4521cf42c_JaffaCakes118

Files

fd0f495e2591d50d33149ef4521cf42c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b9a8c64504015470eeb803fb73c5231b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

GetVersionExA
AddAtomA
GetModuleHandleA
HeapFree
TlsSetValue
TlsGetValue
HeapAlloc
EnumResourceLanguagesW
GetProcAddress
GetPrivateProfileStructW
ExitProcess
TlsAlloc
FlushFileBuffers
GetProcessHeap
TlsFree

setupapi

CM_Get_Parent
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

comctl32

ImageList_DragLeave
ImageList_DragMove
ImageList_DragEnter

shell32

SHGetFolderPathW

shlwapi

StrCmpNIA
StrStrA

iphlpapi

GetIpAddrTable

Sections

.text
Size: 92KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ