JaffaCakes118_997c1372e3467df9d6f4289b38e86078 | Triage

Sharing

General

Target

JaffaCakes118_997c1372e3467df9d6f4289b38e86078
Size

275KB
MD5

997c1372e3467df9d6f4289b38e86078
SHA1

bd437e1e4aea26e071144fd70a7afae03a34b4b8
SHA256

0466b478af51a21795b89ce82b979dc9e7b78434ff04f42d2b609833562132c9
SHA512

41f52653ac29fef2737e436e08219d112dbb83bf3b7eb189b271dd32c99268c444e9bcc9bb77c0eabc092c910560a6d11001e93eeb0fb75f054b89afd553a489
SSDEEP

6144:49l2jtbWFPZDsFZxbzIWfI+/4tnTiytXWW:QwjtbsORzIuEnt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_997c1372e3467df9d6f4289b38e86078

Files

JaffaCakes118_997c1372e3467df9d6f4289b38e86078
.exe windows:4 windows x86 arch:x86

e95b46401c0dfba4696992b6e9f073e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
FlushInstructionCache
GetStringTypeA
AddAtomW
IsBadCodePtr
FlushFileBuffers
IsBadReadPtr
CloseHandle
GetCurrentThreadId
InitializeCriticalSection
GetLastError
LCMapStringW
SetFilePointer
GetStringTypeW
EnumResourceNamesA
InterlockedDecrement
RaiseException
HeapAlloc
RegisterWaitForSingleObject
GetCurrentProcess
LoadLibraryExA
LCMapStringA
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
SetStdHandle
EnterCriticalSection
DeleteCriticalSection
InterlockedIncrement
SizeofResource

gdi32

CreateFontIndirectA

gdiplus

GdipCreateHBITMAPFromBitmap
GdipCloneImage

shell32

Shell_NotifyIconA

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ