34c83309811e423efae8cbfc4b547960_JaffaCakes118 | Triage

Sharing

General

Target

34c83309811e423efae8cbfc4b547960_JaffaCakes118
Size

182KB
MD5

34c83309811e423efae8cbfc4b547960
SHA1

82f0e89902aaf1ff8f6d0eba919e8ed898146cd1
SHA256

491d9e732242cdba0204ba8df4c3674552ceb8af0276ed5d9deaf14964cfc805
SHA512

ef69e62ae790164323ff407953f78c4b27c6214827e88116121f781dab100c3d074c967d671631a5dd10fc69059ee9ca92fd0c020a03890fc7f004b0100a7380
SSDEEP

3072:DNBa/wP//jQ63yYSlzYhhjt46dM34GUTWul+mRTBETGyJwg0vaRHMtqv1DbmOaNC:DNB1/06iYIYhhjt46zDxl5hBET1CXvXw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34c83309811e423efae8cbfc4b547960_JaffaCakes118

Files

34c83309811e423efae8cbfc4b547960_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dd8aacc0392da31f9bd6c0ce47b6b2db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

rpcrt4

UuidCreate

user32

MsgWaitForMultipleObjects
DispatchMessageW
PostThreadMessageW
RealGetWindowClass
TranslateMessage
PeekMessageW

iphlpapi

NotifyRouteChange

shlwapi

wnsprintfW

advapi32

EncryptFileW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCloseKey
DecryptFileW

kernel32

CreateFiberEx
FileTimeToSystemTime
TerminateJobObject
GetTempPathW
EnumResourceNamesW
FlushFileBuffers
LocalAlloc
SetEvent
RaiseException

ole32

CoRegisterClassObject
CoUninitialize
CoRevokeClassObject
CreateClassMoniker
CreateStreamOnHGlobal
CoDisconnectObject
CLSIDFromString
GetRunningObjectTable
StringFromGUID2
CoReleaseServerProcess
CoCreateInstance
CoResumeClassObjects
CoAddRefServerProcess
CoTaskMemFree
CoRegisterMessageFilter
CoInitialize
CoTaskMemAlloc

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ