b325e8349812e1b8398a736e12e91560_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b325e8349812e1b8398a736e12e91560_JaffaCakes118
Size

216KB
MD5

b325e8349812e1b8398a736e12e91560
SHA1

01aba82667a34741dada84e06579ec7786dc43a7
SHA256

19344b34a4e7b790ce11206c9c69dc3a132ff5739e564aa0476d5371493548f8
SHA512

5c010bef6e2989fff370cb775134bff2110131b20879ef0193ee7288670bb6b5267507e02c8e676dda8cd504505b4cecd2d9e443e79ec4ee51b236b2a1e2a08f
SSDEEP

6144:TCeVHuS7S3KPUMi1sE0g+G6kzGL3n/Wg9nAN35mw2:T9VOS7yKPz0z6G5cn/Z5M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b325e8349812e1b8398a736e12e91560_JaffaCakes118

Files

b325e8349812e1b8398a736e12e91560_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bf501065e2cc26cdbbd1321559a5cbbf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

RealGetWindowClass
DispatchMessageW
PostThreadMessageW
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
EncryptFileW
DecryptFileW

rpcrt4

UuidCreate

iphlpapi

NotifyRouteChange

kernel32

CreateFiberEx
GetTempPathW
TerminateJobObject
LocalAlloc
EnumResourceNamesW
FlushFileBuffers
SetEvent
FileTimeToSystemTime
RaiseException

shlwapi

wnsprintfW

ole32

CoTaskMemFree
CoAddRefServerProcess
GetRunningObjectTable
StringFromGUID2
CreateStreamOnHGlobal
CoRegisterClassObject
CreateClassMoniker
CLSIDFromString
CoCreateInstance
CoInitialize
CoUninitialize
CoReleaseServerProcess
CoResumeClassObjects
CoDisconnectObject
CoRevokeClassObject
CoRegisterMessageFilter
CoTaskMemAlloc

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ