82b3b5ec7f10ef03d4128907f988be04_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

82b3b5ec7f10ef03d4128907f988be04_JaffaCakes118
Size

175KB
MD5

82b3b5ec7f10ef03d4128907f988be04
SHA1

14a935e1b4d2783395afb80dd614199b0ace04f2
SHA256

c9ffa1a98eede2e316b8e2554720c3c2f760f59e4402f2d15f1134d46e819a76
SHA512

d5a82528200883e36ccb19519fc874684bcc4b80062cf8c593386dca2b6f4afff58427447bfc4f31195e2266febd9eb97c6cac8666953fe405c96f83841fab11
SSDEEP

3072:rfU7qxFneC5mO4U7H0ufElgfrmPvCCZeZXZKwIjX+ukdAkPOAhLFkL2xPPmwv:47qxFeC5uU7HPElgfqXCC4ZpKv7+ukdB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82b3b5ec7f10ef03d4128907f988be04_JaffaCakes118

Files

82b3b5ec7f10ef03d4128907f988be04_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b368a6bb6e25b764dff91da4b525a219

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleacc

LresultFromObject
CreateStdAccessibleObject

kernel32

VirtualQueryEx
WideCharToMultiByte
LocalAlloc
lstrlenA
EnumResourceNamesA
CreateProcessA
RaiseException
GetSystemTimeAsFileTime
MultiByteToWideChar
OpenJobObjectA
InterlockedExchange

ole32

StringFromIID
CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID

advapi32

RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

shlwapi

PathFileExistsW

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ