7468021e5ae449752893fca1f87d75e9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7468021e5ae449752893fca1f87d75e9_JaffaCakes118
Size

209KB
MD5

7468021e5ae449752893fca1f87d75e9
SHA1

8b3237d05d074958977fa08b5d0ac04d8f520c38
SHA256

c74dbee1f26ba62ebc15df63c276ad70e86af376995eead3ff67e85f956b142e
SHA512

7f2ed5c3e24603a5ba5c51ab14df6ef3a659ddc2d0653df1042f5cae1a72b21ff662afa0dd9a01c7558f694ee344cbc0d603d53b16e12678265703b0a1de2315
SSDEEP

6144:X/fhk1XYOoiAt9L7kt501PjgpGouf1pHYHj4tFA1xXQsi21G:Xhk1drKZ7kt50Jw1Y+j4rAg2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7468021e5ae449752893fca1f87d75e9_JaffaCakes118

Files

7468021e5ae449752893fca1f87d75e9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f7e4c9e00fce0bb5ef19783c6ff0bfdd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateFiberEx
FileTimeToSystemTime
TerminateJobObject
GetTempPathW
EnumResourceNamesW
FlushFileBuffers
SetEvent
LocalAlloc
RaiseException

user32

TranslateMessage
DispatchMessageW
PostThreadMessageW
RealGetWindowClass
MsgWaitForMultipleObjects
PeekMessageW

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
EncryptFileW
DecryptFileW

iphlpapi

NotifyRouteChange

ole32

CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
CreateClassMoniker
CoRevokeClassObject
GetRunningObjectTable
CoRegisterMessageFilter
CoUninitialize
CoDisconnectObject
StringFromGUID2
CoInitialize
CoResumeClassObjects
CoReleaseServerProcess
CoAddRefServerProcess
CoTaskMemFree
CoRegisterClassObject
CoTaskMemAlloc

rpcrt4

UuidCreate

shlwapi

wnsprintfW

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ