942d46fb6ea1bb2d0da5cf119b6d3889_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

942d46fb6ea1bb2d0da5cf119b6d3889_JaffaCakes118
Size

194KB
MD5

942d46fb6ea1bb2d0da5cf119b6d3889
SHA1

01021bbd0f7900a82ccbefc2e403e51a86733e67
SHA256

1090f0a4ebd71fd1ed5ae1f3f5d479b6502aeb254dd7bc6e6e87baab28ef25ff
SHA512

510f5c070bcb9010a453be9562a68a95d4808ed1fd9c94da34812b692072e34fe8e539040d9387beadc920de4c71e2c354dd46dc275dee8fb74a87ec13eebe8f
SSDEEP

6144:DZNYiO3ftFNOn8VVbd2trkFVJn5TqZm0d:lNYiO3p5KkFTMN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
942d46fb6ea1bb2d0da5cf119b6d3889_JaffaCakes118

Files

942d46fb6ea1bb2d0da5cf119b6d3889_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8464d076f4e1bc6fa7d0c1f6efa7e348

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

ole32

CoResumeClassObjects
CoAddRefServerProcess
CLSIDFromString
CreateStreamOnHGlobal
CoReleaseServerProcess
CoRegisterMessageFilter
CoTaskMemFree
CoUninitialize
StringFromGUID2
CoCreateInstance
GetRunningObjectTable
CreateClassMoniker
CoDisconnectObject
CoRegisterClassObject
CoInitialize
CoRevokeClassObject
CoTaskMemAlloc

user32

DispatchMessageW
RealGetWindowClass
PostThreadMessageW
TranslateMessage
MsgWaitForMultipleObjects
PeekMessageW

kernel32

CreateFiberEx
LocalAlloc
TerminateJobObject
FileTimeToSystemTime
EnumResourceNamesW
FlushFileBuffers
SetEvent
GetTempPathW
RaiseException

shlwapi

wnsprintfW

rpcrt4

UuidCreate

iphlpapi

NotifyRouteChange

advapi32

RegCloseKey
RegOpenKeyExW
EncryptFileW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
DecryptFileW

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ