aafef63e1807f894faf5d343e1371a37_JaffaCakes118 | Triage

Sharing

General

Target

aafef63e1807f894faf5d343e1371a37_JaffaCakes118
Size

192KB
MD5

aafef63e1807f894faf5d343e1371a37
SHA1

cccb01376c51f0f55fb534a32bb12a60a9567ed5
SHA256

abfaa59c10ce0d5e04840d35b2c68a08f97dc38f5be8f729dea930bd13f0aaf0
SHA512

d2814376787432e0fbf204a74a6f70bb7062beb56e353de4fe120a70cddf4e654d6b99a5b492f287c9aff211d6ba132cf8e739d9846f6d8579e08bf5892caf00
SSDEEP

6144:SL6JDMIXmH8bKMUmSSWpcEvFC25B8GBTr:hHmc1SPG4Q2D8G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aafef63e1807f894faf5d343e1371a37_JaffaCakes118

Files

aafef63e1807f894faf5d343e1371a37_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3a35e6b50a543e1ee76acdcef5750530

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
GetLocaleInfoA
GetProcessHeap
SetPriorityClass
UnhandledExceptionFilter
HeapAlloc
GetStartupInfoA
GetACP
InterlockedCompareExchange
HeapFree
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
EnumResourceTypesW
TerminateProcess
RaiseException
InterlockedExchange
GetTempPathA
GetCurrentProcessId
GetPrivateProfileStringW
SetUnhandledExceptionFilter
CreateProcessA
GetLocaleInfoW
GetTempFileNameA
GetThreadLocale
GetVersionExA
MulDiv
GetCurrentProcess
TlsFree

ole32

CoMarshalHresult
CoInitialize
CoRegisterClassObject
CreateStreamOnHGlobal
CoFreeUnusedLibraries
CoCreateInstance
CoInitializeEx
CoUninitialize
StringFromCLSID
CLSIDFromString
CreateItemMoniker
StringFromGUID2
CoTaskMemFree
CoRevokeClassObject
GetRunningObjectTable
CoTaskMemAlloc

gdiplus

GdipGetImageWidth
GdipDisposeImage

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ