JaffaCakes118_28f8f9b08a8db5e9c2ff4395e50ad6a2 | Triage

Sharing

General

Target

JaffaCakes118_28f8f9b08a8db5e9c2ff4395e50ad6a2
Size

171KB
MD5

28f8f9b08a8db5e9c2ff4395e50ad6a2
SHA1

6dfd389dec0a6887a53677a487ce6b1d9ab81f33
SHA256

132f0bcfb3cc8ce5aebf97cea20aedd264d5dd212c432e6bfed9381472b7c772
SHA512

ab2f08bb674d3517f7b2ba386d301784b506b8e008458611e90d8b52d3fb16d2fa398b22a9a2cddf1011feee7719ac3e69527b87da05298f0fded29add77177a
SSDEEP

3072:y6bVNjd3YW5fc24DDXymmYjk/vVghHFVVWyTwYDD0LHleXoOiFOz13:y6ZNjNN5fLeXtq18MylwzleXodOz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_28f8f9b08a8db5e9c2ff4395e50ad6a2

Files

JaffaCakes118_28f8f9b08a8db5e9c2ff4395e50ad6a2
.exe windows:4 windows x86 arch:x86

7b2c26f35a5a3b7b8a9bb67b526f63f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExW
GetTempPathW
GlobalAddAtomW
UnmapViewOfFile
ExitProcess
CreateFileMappingA
GetProcessHeap
GetConsoleMode
SetLastError
TlsAlloc
GetVersionExA
TlsGetValue
GetProcAddress
GetConsoleCP
TlsSetValue
GetModuleHandleW
CreateFileW
CreateFileA
TlsFree
EnumResourceNamesA
HeapAlloc
VerLanguageNameA
MapViewOfFile
FlushFileBuffers
GetVersionExW
InterlockedDecrement
HeapFree
GetEnvironmentVariableW
InterlockedIncrement
GetModuleHandleA
WriteConsoleW
GetLastError
Sleep

msimg32

AlphaBlend
TransparentBlt

winmm

mciSendCommandW
sndPlaySoundW

setupapi

InstallCatalog
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyA
CM_Get_DevNode_Status

shlwapi

PathAddBackslashW

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ