328bfbfad85e57c91214fb46eb9a7df5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

328bfbfad85e57c91214fb46eb9a7df5_JaffaCakes118
Size

199KB
MD5

328bfbfad85e57c91214fb46eb9a7df5
SHA1

5e5efda81d76281ec5115e5471670738ee3587de
SHA256

1532b0f35df8558cf71610bf991c553d46fb482a14cfa2bb87751051adfac091
SHA512

6c612998d3f872c6b9b18be93bb9a7ba7f08a30e6858f11c8a7733bc733b1360f071f7000c671e35caf04980e14256678d613a605ed4d042c227138eb610b88f
SSDEEP

3072:xCvPwt+/zWXqUoWBe0ioTS0fNQJBKt7KCaGdJMK82aXLOESmekYiTwS75+V:g3ww/gled0fsQOzoJMK8nXq+YiTw+i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
328bfbfad85e57c91214fb46eb9a7df5_JaffaCakes118

Files

328bfbfad85e57c91214fb46eb9a7df5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7289240d9c6a9437c61bff9dbe7a86a4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

MsgWaitForMultipleObjects
DispatchMessageW
PostThreadMessageW
TranslateMessage
RealGetWindowClass
PeekMessageW

kernel32

CreateFiberEx
LocalAlloc
TerminateJobObject
SetEvent
EnumResourceNamesW
FlushFileBuffers
FileTimeToSystemTime
GetTempPathW
RaiseException

advapi32

EncryptFileW
RegQueryValueExW
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
DecryptFileW

ole32

CoAddRefServerProcess
CreateClassMoniker
CoDisconnectObject
CoRegisterClassObject
CoRegisterMessageFilter
CoResumeClassObjects
CoReleaseServerProcess
CLSIDFromString
CoInitialize
StringFromGUID2
GetRunningObjectTable
CoTaskMemFree
CoUninitialize
CoRevokeClassObject
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc

rpcrt4

UuidCreate

shlwapi

wnsprintfW

iphlpapi

NotifyRouteChange

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ