babe8fa685e32d18978d98f4e23273e2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

babe8fa685e32d18978d98f4e23273e2_JaffaCakes118
Size

174KB
MD5

babe8fa685e32d18978d98f4e23273e2
SHA1

7bad99845eb074c01f35cf1ed4aadee74f7b54c7
SHA256

848bc5eb09be2ab17c37a2019ec634c0a90969a22d493969d703c0abd206a356
SHA512

460119b2b71c220612b9043d765469fea36d0c941ca319dd1e203ee481ea7b5a6218c6996cc5da33193e931b820d6c85994ab01d6733451f0201ef1d77aa7d85
SSDEEP

3072:QufFVeooKnSFal+Xdu/853mjqIaovw1LtrB7ovYugTBLvqL/TB:L9VeooKnS3du/EuqIaSw1LtyeTBDqTN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
babe8fa685e32d18978d98f4e23273e2_JaffaCakes118

Files

babe8fa685e32d18978d98f4e23273e2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e83baa40d264838cf3a03cf8fe55f03d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsValidCodePage
GetCalendarInfoW
GetCPInfo
InitializeCriticalSection
SetEndOfFile
HeapReAlloc
HeapCreate
LeaveCriticalSection
HeapDestroy
DeleteCriticalSection
GetACP
ExitProcess
GetOEMCP
EnumResourceNamesA
FreeEnvironmentStringsA
HeapSize
GetStartupInfoA
RtlUnwind
EnterCriticalSection
VirtualFree
SetFilePointer
RaiseException
ReadFile

oleacc

LresultFromObject
CreateStdAccessibleObject

rpcrt4

UuidCreate

ole32

CoGetMalloc
CoQueryProxyBlanket
CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoTaskMemFree
StringFromGUID2

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ