3cbd4e0e67e7d275e69ae82c07160277_JaffaCakes118 | Triage

Sharing

General

Target

3cbd4e0e67e7d275e69ae82c07160277_JaffaCakes118
Size

187KB
MD5

3cbd4e0e67e7d275e69ae82c07160277
SHA1

77bf90aba681629eda0fbdb4ed30f2dca27f679c
SHA256

0a9e8386203e4a7c89110b66b062e3bf4d3d6d9e6b1146d3c4d6eb2b98fb46e9
SHA512

4947a7e441414aa26e05157e415c3f4379cbd39f9de3df115d093d526d78241270324c71c30797aaa1f4ed437079086c221ac4068bf478dce82e7b2c4d22e6f1
SSDEEP

3072:I1VnyLT12UiX9zuC5nwngkQ4hbTA0Ij86DhfCSo/WGHEfElm7mYb6oPJgkLsiS05:I1V412UiXpX5wnZIjNo/pIlbjh1Xx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cbd4e0e67e7d275e69ae82c07160277_JaffaCakes118

Files

3cbd4e0e67e7d275e69ae82c07160277_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e97509496f9576461532c0c2c1414196

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

PostThreadMessageW
RealGetWindowClass
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
PeekMessageW

kernel32

CreateFiberEx
FileTimeToSystemTime
TerminateJobObject
GetTempPathW
EnumResourceNamesW
FlushFileBuffers
LocalAlloc
SetEvent
RaiseException

shlwapi

wnsprintfW

ole32

CoAddRefServerProcess
CoUninitialize
CoInitialize
CoTaskMemFree
CoRegisterMessageFilter
StringFromGUID2
CoResumeClassObjects
CoRevokeClassObject
GetRunningObjectTable
CoRegisterClassObject
CoCreateInstance
CLSIDFromString
CreateStreamOnHGlobal
CreateClassMoniker
CoDisconnectObject
CoReleaseServerProcess
CoTaskMemAlloc

iphlpapi

NotifyRouteChange

rpcrt4

UuidCreate

advapi32

RegOpenKeyExA
EncryptFileW
RegQueryValueExA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
DecryptFileW

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ