JaffaCakes118_4fa395b4f7eabf255edcab9a2c4f35eb | Triage

Sharing

General

Target

JaffaCakes118_4fa395b4f7eabf255edcab9a2c4f35eb
Size

186KB
MD5

4fa395b4f7eabf255edcab9a2c4f35eb
SHA1

86201b60e53229d7276d79df2f9019b240fa443e
SHA256

2b4c2dcfb2dba4f26c2d65f3621e7d123b96815cf8fbf16ccc14a378cd746141
SHA512

526f00971685aacc5742731f68fac61bfd0c955b6658f02abb30aba0da3b008ee90381fc6ce4c259803abaac683e136f48822d22fd2cce0d18e99633eb112736
SSDEEP

3072:WNsG96bd+ahdOcdJubbVs1HcDMChU6m/yZpaqy4fzFBBH/KKrpEGSWZCDzYelsGH:WN1WdlhdOcdJsJs1HcDjcajySznVHSW0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4fa395b4f7eabf255edcab9a2c4f35eb

Files

JaffaCakes118_4fa395b4f7eabf255edcab9a2c4f35eb
.exe windows:4 windows x86 arch:x86

3fd8245c6263c8e75ab7d34a00f580d0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
FlushInstructionCache
GlobalLock
WriteProcessMemory
TlsSetValue
WaitForSingleObject
GlobalUnlock
GetLastError
GlobalAlloc
VirtualProtectEx
ExitProcess
GetThreadContext
SetLastError
SetLocaleInfoW
CreateFileW
GetCurrentProcess
GetCurrentThreadId
DuplicateHandle
GetVersionExW
GetTempPathW

newdev

UpdateDriverForPlugAndPlayDevicesW

winmm

timeEndPeriod

rpcrt4

NdrByteCountPointerFree
UuidCreate

shlwapi

SHGetValueW
PathCombineW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ