8e790056d526b297c8ca1d5f43399905_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8e790056d526b297c8ca1d5f43399905_JaffaCakes118
Size

153KB
MD5

8e790056d526b297c8ca1d5f43399905
SHA1

299c571d287aeed7cffe960922e940ab3d28fa61
SHA256

f9166e84aeabdec0b1a90be8cdf77fd044c4ed80858f41be32447db43091f898
SHA512

50cb6685b1eee7e6f1aaa08c43506ef4bf7790daa8469992940ea6118d8bd769a0a733a83ffb813de9e84bd077aa0d91ff29b38cf61795638a5e5778118014d6
SSDEEP

3072:NQCZGI3j5KpASJRysfK5qtC/w32hOfFn0YxMMU47DW9QDhle68hDW:NQ63dKuWRm5U2hOfhlMYvW9QVlnm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e790056d526b297c8ca1d5f43399905_JaffaCakes118

Files

8e790056d526b297c8ca1d5f43399905_JaffaCakes118
.dll windows:4 windows x86 arch:x86

962bab93bad82a0f893d85f600dac4e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemAlloc
CLSIDFromString
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoGetClassObject

rpcrt4

RpcStringBindingComposeW
RpcStringFreeW
RpcSmDestroyClientContext
RpcBindingFromStringBindingW

comdlg32

GetFileTitleA

kernel32

GetGeoInfoW
GetCommandLineA
TlsAlloc
LZOpenFileW
GetTickCount
FindAtomA
GetTimeFormatA
OpenFileMappingA
UnmapViewOfFile
MapViewOfFile
FormatMessageA
GetUserDefaultLCID
Sleep
CloseHandle
GetLastError
CreateFileMappingA
LoadLibraryW
LocalAlloc
FoldStringA
GetAtomNameA
FreeLibrary
LoadLibraryA

oleaut32

LHashValOfNameSys
GetRecordInfoFromTypeInfo
VarUI4FromDec
SysFreeString

Sections

.text
Size: 89KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ