abe5840255468451e00272b83e6f1df5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

abe5840255468451e00272b83e6f1df5_JaffaCakes118
Size

166KB
MD5

abe5840255468451e00272b83e6f1df5
SHA1

93b1ab8b05961bb039409e22feef5eb6f79ef2f3
SHA256

605d115033d61834c6035b195e0d76bea3624442773c0cc095ba8e113b0bf032
SHA512

4a456e05e3a13b594ad4334a338bf81143d27f660cb1ec5dfd6faad8e1b40f663cd79f918a6c5bb2b2d65b3c4a745cb63fe4f6bf9515942afd2d189d4a895ba4
SSDEEP

3072:Hy5j/CA91+XHdZ2sqSUhMhNUr9VAQ5OzIjt0N2ilbEt+JeXrTBnTBHO4gqX:HY/CZDXUChqr/Ax2HilbEme7TbOg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abe5840255468451e00272b83e6f1df5_JaffaCakes118

Files

abe5840255468451e00272b83e6f1df5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e64c9a8de04c74e85c75199f25442280

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoGetMalloc
CoSetProxyBlanket
CoQueryProxyBlanket
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
CoUninitialize
StringFromGUID2

shell32

SHGetFolderPathW

newdev

UpdateDriverForPlugAndPlayDevicesW

rpcrt4

UuidCreate

user32

SendMessageA
EnumChildWindows
IsWindow
DestroyWindow
GetDlgItem
CreateWindowExW
GetWindowThreadProcessId

kernel32

GetOEMCP
DeleteCriticalSection
SetFilePointer
GetCalendarInfoW
VirtualFree
ExitProcess
InitializeCriticalSection
LeaveCriticalSection
HeapSize
GetACP
EnumResourceNamesA
ReadFile
HeapCreate
HeapDestroy
FreeEnvironmentStringsA
SetEndOfFile
VirtualAlloc
RtlUnwind
RaiseException
GetCPInfo
EnterCriticalSection
GetStartupInfoA
HeapReAlloc
IsValidCodePage
SetEnvironmentVariableA

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ