JaffaCakes118_2888cdb9bf6cfa9314635f6a83bfa083 | Triage

Sharing

General

Target

JaffaCakes118_2888cdb9bf6cfa9314635f6a83bfa083
Size

177KB
MD5

2888cdb9bf6cfa9314635f6a83bfa083
SHA1

b848d56f0aaafce6d046295cf42e301c065be85c
SHA256

b2cd8f95a5f083f655638ac7ae1cb8b7ac7b224fee58d9a12bdd222c430552af
SHA512

1053f1846f2ffb5ddb9a87b6e48a37a69153c283bd5a147c13d0bb161f78f9176cfb52af060680dce943320381bea00fbc13e3d6e2e70c417fb9d53b0daef15b
SSDEEP

3072:Gl2VZnoqpHoxNAQUbxMYpVBc4pjpbg1NWEuqX4xgSmS8NRVu7nHoDMW77H:GlMnLdEA/WYvBcujpb2zuqIxgSyVu7ne

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_2888cdb9bf6cfa9314635f6a83bfa083

Files

JaffaCakes118_2888cdb9bf6cfa9314635f6a83bfa083
.exe windows:4 windows x86 arch:x86

ea21bb6aa31ab0fbe4477cd767566d61

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mciSendCommandA
sndPlaySoundA

kernel32

SetLastError
IsBadWritePtr
GetStartupInfoA
AddAtomA
GetCurrentProcess
InterlockedExchange
VirtualAlloc
GetSystemInfo
TlsFree
TlsGetValue
GetEnvironmentStrings
GetACP
EnumResourceNamesA
TerminateProcess
SetEndOfFile
TlsSetValue
GetEnvironmentStringsW
VirtualFree
GetModuleFileNameA
SetHandleCount
GetStdHandle
TlsAlloc
GetVersionExA
IsBadStringPtrW
HeapSize
FreeEnvironmentStringsW
GetFileType
HeapCreate
FreeEnvironmentStringsA
GetLocaleInfoA
UnhandledExceptionFilter

shlwapi

PathAddBackslashA

setupapi

CM_Get_Depth_Ex
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ