b6286b05c9696884baf7dc476bcf710d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b6286b05c9696884baf7dc476bcf710d_JaffaCakes118
Size

194KB
MD5

b6286b05c9696884baf7dc476bcf710d
SHA1

8aeba69daeb2b527abc96163d8bf9a9848dc66b3
SHA256

96314eaf0380041e1661576f590ea8b96735005a8c4dc58313c9bbb04338824b
SHA512

d88df5762f5b6a822a4b5f599f7b853f179539d2bc37a3d5aaef99125135a045b8ab873725c8b7be5270e043742239d54ebd7676b0ea11659707ffe918856918
SSDEEP

6144:DZNYiO3ftFNOn8VVbd2trkFVJn5TqZm0d:lNYiO3p5KkFTMN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6286b05c9696884baf7dc476bcf710d_JaffaCakes118

Files

b6286b05c9696884baf7dc476bcf710d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8464d076f4e1bc6fa7d0c1f6efa7e348

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

ole32

CoResumeClassObjects
CoAddRefServerProcess
CLSIDFromString
CreateStreamOnHGlobal
CoReleaseServerProcess
CoRegisterMessageFilter
CoTaskMemFree
CoUninitialize
StringFromGUID2
CoCreateInstance
GetRunningObjectTable
CreateClassMoniker
CoDisconnectObject
CoRegisterClassObject
CoInitialize
CoRevokeClassObject
CoTaskMemAlloc

user32

DispatchMessageW
RealGetWindowClass
PostThreadMessageW
TranslateMessage
MsgWaitForMultipleObjects
PeekMessageW

kernel32

CreateFiberEx
LocalAlloc
TerminateJobObject
FileTimeToSystemTime
EnumResourceNamesW
FlushFileBuffers
SetEvent
GetTempPathW
RaiseException

shlwapi

wnsprintfW

rpcrt4

UuidCreate

iphlpapi

NotifyRouteChange

advapi32

RegCloseKey
RegOpenKeyExW
EncryptFileW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
DecryptFileW

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ