JaffaCakes118_06385e24cf154854ae87232a7fcf9685 | Triage

Sharing

General

Target

JaffaCakes118_06385e24cf154854ae87232a7fcf9685
Size

177KB
MD5

06385e24cf154854ae87232a7fcf9685
SHA1

629b9ab0a2462d434b46861e0fae68bdfb3ccd80
SHA256

0dc673b5c7951079f3054893b239f321e0524cbdfdcd0e9486f3d61978ddb43c
SHA512

fdb4e22755504826e0e11c06bbc447f7858f2bacaf435fff0040640f7ef3c79b53832d42e6112dcc555c92442fa235a4cecc689ffd9c131f856dde15b9d402a2
SSDEEP

3072:sYXNOLpHcDVMhWLyXzG7y9S47TewBNDAGtqQ6wCQBi3T6nW9sh6138EmrM6hPbkv:DO1qMhWLyDG347TeoDACqnuBi19shw3V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_06385e24cf154854ae87232a7fcf9685

Files

JaffaCakes118_06385e24cf154854ae87232a7fcf9685
.exe windows:4 windows x86 arch:x86

09bd2930f4f89ad83d091d4ab0647440

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashW

kernel32

GetConsoleCP
TlsFree
TlsGetValue
GetModuleHandleW
GetProcAddress
GlobalAddAtomW
GetTempPathW
MapViewOfFile
FlushFileBuffers
CreateFileA
WriteConsoleW
ExitProcess
TlsSetValue
CreateFileMappingA
HeapFree
CreateFileW
SetLastError
GetLastError
InterlockedDecrement
EnumResourceNamesA
TlsAlloc
LoadLibraryExW
GetEnvironmentVariableW
GetConsoleMode
GetProcessHeap
VerLanguageNameA
InterlockedIncrement
GetModuleHandleA
GetVersionExW
GetVersionExA
HeapAlloc
UnmapViewOfFile
Sleep

msimg32

AlphaBlend
TransparentBlt

winmm

mciSendCommandW
sndPlaySoundW

setupapi

InstallCatalog
SetupDiGetDeviceRegistryPropertyA
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ