beedebcc71ec270baaeda1003edcbab9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

beedebcc71ec270baaeda1003edcbab9_JaffaCakes118
Size

186KB
MD5

beedebcc71ec270baaeda1003edcbab9
SHA1

728297de441fd26b95a7fc04ee42ef972cc8fdce
SHA256

fa956a07933919bf8a798371d563fc867d158432719ab762b2cb7e1caf614d7c
SHA512

d004c1ed60447763214e54ca0deeeb9859bdeb673eb6f76f174486453a1b87fe572341fc11c04f269bf06a9940965defc024a9dcbda2344632e4bc056599a43c
SSDEEP

3072:EoJ5rEha941Ud666w+iZBuyh74LzPuNHUIjDJGp9waceR0g3wZJmK2njv6Yo:5W4ijp6BugNUIjDJGpCadR0g7K2j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
beedebcc71ec270baaeda1003edcbab9_JaffaCakes118

Files

beedebcc71ec270baaeda1003edcbab9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b8be35a432fc49f1dfbe95521ea92eee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetPriorityClass
QueryPerformanceCounter
GetLocaleInfoA
UnhandledExceptionFilter
RaiseException
CreateProcessA
GetTempFileNameA
IsDebuggerPresent
SetUnhandledExceptionFilter
GetThreadLocale
HeapFree
GetACP
HeapAlloc
MulDiv
TerminateProcess
EnumResourceTypesA
GetVersionExA
InterlockedCompareExchange
GetLocaleInfoW
GetPrivateProfileIntA
GetProcessHeap
VirtualProtect
GetCurrentProcess
GetStartupInfoA
GetCurrentProcessId
GetTempPathA
InterlockedExchange
GetSystemTimeAsFileTime
TlsFree

gdiplus

GdipGetImageWidth
GdipDisposeImage

ole32

CoMarshalHresult
CLSIDFromString
CoInitialize
GetRunningObjectTable
CoCreateInstance
CoFreeUnusedLibraries
CoRevokeClassObject
StringFromGUID2
CreateStreamOnHGlobal
CoInitializeEx
CoTaskMemFree
CoUninitialize
StringFromCLSID
CoRegisterClassObject
CreateItemMoniker
CoTaskMemAlloc

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ