00bed5b0e24bde1138f571d586809174_JaffaCakes118 | Triage

Sharing

General

Target

00bed5b0e24bde1138f571d586809174_JaffaCakes118
Size

157KB
MD5

00bed5b0e24bde1138f571d586809174
SHA1

215100d9147441732739e8a9282ecdd82847e4fd
SHA256

ab5111ea0d35e43e39d3d1613930155bc7eed3df59dbd60454b39cb07c354feb
SHA512

639eef14cc07b6e0e57b0a10cd0c6075268cc3a54c9605b5954517bc1d4897cfc8f925e193225ac772f08ef6eadf5d662403818ae18c8166ec829750ecd3d0fa
SSDEEP

3072:f4rd2yo5L7V7teauRdtnbXKZENln/i1bLC2PeB9+OqVxA4Sy7HVW5ZL:f4wyoB7VBkdpbYEW1y3B4OqPn7HVs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00bed5b0e24bde1138f571d586809174_JaffaCakes118

Files

00bed5b0e24bde1138f571d586809174_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c5ca12329b005291e625e972353440c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemAlloc
CLSIDFromString
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoGetClassObject

rpcrt4

RpcStringBindingComposeW
RpcStringFreeW
RpcSmDestroyClientContext
RpcBindingFromStringBindingW

shell32

SHGetFolderPathW
DragQueryFileW
DragFinish
CommandLineToArgvW
SHFileOperationW

user32

wvsprintfA

kernel32

GetCurrentDirectoryW
GetSystemTimeAsFileTime
GetProcessHeap
CreateConsoleScreenBuffer
GetModuleHandleW
CreateProcessA
GetTempFileNameA
HeapFree
HeapAlloc
LoadLibraryW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess

oleaut32

LHashValOfNameSys
DispGetIDsOfNames
VarUI4FromDec
SysFreeString

Sections

.text
Size: 94KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 286B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ