6f006ea15d5bba93771e05c16acad2bd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f006ea15d5bba93771e05c16acad2bd_JaffaCakes118
Size

156KB
MD5

6f006ea15d5bba93771e05c16acad2bd
SHA1

2bf6a269d7c6f5edf5371a747ecbff2df8b3220a
SHA256

12d4cc2eec16da5dccc4322d893911d1eda22592ff200416788adc864e94117e
SHA512

23ec3f3b010276d1d0c6c867584cef7766a09156e8fd26315dc30848fb4c3d3cb7dc944d06efaa5ef62390d0ce9889833111da9244684f0b5d3fe88c94111c5c
SSDEEP

3072:Ov9zFFQCdepdxxF/t4UQYzgUv0ugYX92t7jqPlz/T0lDTYHhpE:WICdELV4zY0UrN2tn+QFYHhp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f006ea15d5bba93771e05c16acad2bd_JaffaCakes118

Files

6f006ea15d5bba93771e05c16acad2bd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5d319227619cd45b13508fa6c6c4da96

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemAlloc
CLSIDFromString
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoGetClassObject

rpcrt4

RpcStringBindingComposeW
RpcStringFreeW
RpcSmDestroyClientContext
RpcBindingFromStringBindingW

shell32

SHGetFolderPathW
DragQueryFileW
DragFinish
CommandLineToArgvW
SHFileOperationW

comdlg32

GetFileTitleA

kernel32

GetVersionExW
GetCommandLineA
TlsAlloc
LZOpenFileW
GetTickCount
FindAtomA
GetTimeFormatA
OpenFileMappingA
UnmapViewOfFile
MapViewOfFile
FormatMessageA
GetUserDefaultLCID
Sleep
CloseHandle
GetLastError
CreateFileMappingA
LoadLibraryW
LocalAlloc
FoldStringA
GetAtomNameA
FreeLibrary
LoadLibraryA

oleaut32

LHashValOfNameSys
GetRecordInfoFromTypeInfo
VarUI4FromDec
SysFreeString

Sections

.text
Size: 95KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ