1017cd8dedeed370440ad0f9d8bbe648_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1017cd8dedeed370440ad0f9d8bbe648_JaffaCakes118
Size

195KB
MD5

1017cd8dedeed370440ad0f9d8bbe648
SHA1

342c7ad45df59b632ca0f7a880ee886195fe6811
SHA256

c17bef294036812c90efa4ab64a2a872e4ce209c64cc241b4056dad5732bead8
SHA512

5b09cae380645972673f27548bbea21fad27fe87c05863a1b0f90416d146495209c12dff7c48e43e5e5a47f7b96a1d97dddf0c4df0dd2dfad3070edab1eabc6d
SSDEEP

3072:n3dEMDd4crHW9gTgQeKVxX+qWT5s88b+FFNsXNnncvdkhZJnP23KPq2:n3dtd4crl1Vcra8D7NsXNnE87nP23+q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1017cd8dedeed370440ad0f9d8bbe648_JaffaCakes118

Files

1017cd8dedeed370440ad0f9d8bbe648_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fb1d5a8927d94cf729e99bcad74c9174

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoMarshalHresult
CreateItemMoniker
GetRunningObjectTable
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoInitialize
CoRegisterClassObject
CLSIDFromString
StringFromCLSID
CoFreeUnusedLibraries
CoRevokeClassObject
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemAlloc

gdiplus

GdipGetImageWidth
GdipDisposeImage

kernel32

SetUnhandledExceptionFilter
InterlockedCompareExchange
SetPriorityClass
GetLocaleInfoA
TerminateProcess
GetLocaleInfoW
GetSystemTimeAsFileTime
IsDebuggerPresent
GetThreadLocale
GetTempFileNameA
GetCurrentProcessId
HeapAlloc
GetTempPathA
EnumResourceTypesW
GetStartupInfoA
QueryPerformanceCounter
HeapFree
GetCurrentProcess
GetProcessHeap
GetPrivateProfileStringW
UnhandledExceptionFilter
VirtualProtect
MulDiv
CreateProcessA
GetACP
GetVersionExA
InterlockedExchange
RaiseException
TlsFree

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ