67b10f6b579197818e1d1890e5c90d72_JaffaCakes118 | Triage

Sharing

General

Target

67b10f6b579197818e1d1890e5c90d72_JaffaCakes118
Size

480KB
MD5

67b10f6b579197818e1d1890e5c90d72
SHA1

a056e88ef3657fb67f46797f26e9a2bc7c35eccb
SHA256

22bde35f9362ffa42970d198782e25655b2c09289b7dfdf7a9465b46b59fea56
SHA512

1041aedea923493b32dd469b3f1f6cdd2afbcf3adda6c857a13e235556d52845d4340c672d4fb37c60b100678f479afedf1ecca59572fee8578d7f79efe0afcf
SSDEEP

12288:SzutXlUugas/FQsNyD9XMMnMMMMMTRfh49yeIfw4PbziThN:Se7g7/WyyBXMMnMMMMMTRfh8Cw4PSH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67b10f6b579197818e1d1890e5c90d72_JaffaCakes118

Files

67b10f6b579197818e1d1890e5c90d72_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6497ea539c318a0e9c5387b708923de9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

NdrOleAllocate
NdrDllCanUnloadNow
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrDllGetClassObject
RpcStringFreeW
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrOleFree
IUnknown_QueryInterface_Proxy
NdrDllUnregisterProxy

msvcrt

_initterm
_adjust_fdiv
malloc
free

ntdll

RtlAdjustPrivilege
NtAllocateVirtualMemory
RtlAddAccessAllowedAceEx

oleaut32

VariantCopy

netapi32

NetDfsMove

kernel32

GetStartupInfoA

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 968KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ