b32b2d5fea0d6bd8f8574736a3c5a6c9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b32b2d5fea0d6bd8f8574736a3c5a6c9_JaffaCakes118
Size

186KB
MD5

b32b2d5fea0d6bd8f8574736a3c5a6c9
SHA1

a04b57fefe604cbeb113375c8cef815eb698f0ae
SHA256

153aee7385b9b8182920d1e9f36ee0e1c2d95507fd838a04f08f1bcb2df8c55e
SHA512

6e28650e3de4976cc53a9429609eb18edba91183fa682090d4bf7ca1a13d1356c8a1769c65120d731de72d2f1f0034623c258936897263a4e9f8fc80d1a689b4
SSDEEP

3072:ZvBU6ZYCTeZgiftqHIzCoRDUA7ld0BnwjRUXr4hfevgdwA+nV3bQey:ZvBUnXZnt8SCC3xSBwNMQmswpd3y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b32b2d5fea0d6bd8f8574736a3c5a6c9_JaffaCakes118

Files

b32b2d5fea0d6bd8f8574736a3c5a6c9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b1237758d404a556dc24018ccc9e4b14

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateFiberEx
SetEvent
TerminateJobObject
GetTempPathW
EnumResourceNamesW
FlushFileBuffers
LocalAlloc
FileTimeToSystemTime
RaiseException

ole32

GetRunningObjectTable
StringFromGUID2
CoCreateInstance
CoRevokeClassObject
CLSIDFromString
CoResumeClassObjects
CoInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoRegisterMessageFilter
CoUninitialize
CoAddRefServerProcess
CoDisconnectObject
CoReleaseServerProcess
CreateClassMoniker
CoRegisterClassObject
CoTaskMemAlloc

rpcrt4

UuidCreate

advapi32

RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
EncryptFileW
DecryptFileW

iphlpapi

NotifyRouteChange

shlwapi

wnsprintfW

user32

RealGetWindowClass
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
PostThreadMessageW
PeekMessageW

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ