bf1054c5cbc94fc8d9f47d5dc2bffbf5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf1054c5cbc94fc8d9f47d5dc2bffbf5_JaffaCakes118
Size

167KB
MD5

bf1054c5cbc94fc8d9f47d5dc2bffbf5
SHA1

36f9265c3c78fffc58140d0186b3fa0b427e77df
SHA256

2f481f1c45c58d6d911a325fa2c93ab079c6df6fd45e71c9a8efa8d03d445029
SHA512

088db35c6f029b3c2bcb3e6bc30ea5fc8f2ba7d1705d0a9a331fa096f5fb4841f69ebedc1b4c6cfa53e4d4828f22cfe627edd6a57f404d9f3a2733937251f78a
SSDEEP

3072:dVNX9o3UgSAgWeBIpSss2UahaUrwKtdQolfx24g1YbhiD8AfJLs//r:B9qNbgLBcSs1zwKwGN7MYy6/r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf1054c5cbc94fc8d9f47d5dc2bffbf5_JaffaCakes118

Files

bf1054c5cbc94fc8d9f47d5dc2bffbf5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8a1d43a6b06589babc9f03dc3434ea9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

ole32

CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoInitialize
CoTaskMemFree
CoUninitialize
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
StringFromCLSID

kernel32

lstrcpyA
GlobalFree
DeleteCriticalSection
lstrcpyW
WideCharToMultiByte
GetTickCount
CheckRemoteDebuggerPresent
lstrlenW
EnumResourceNamesA
lstrcpyA
GetCPInfo
MultiByteToWideChar
OutputDebugStringW
GetLastError
LockResource
InitializeCriticalSection
GlobalAlloc
GetACP
FindClose
lstrcmpiW
GetModuleHandleW

oleacc

LresultFromObject
CreateStdAccessibleObject

user32

wsprintfW
DispatchMessageW
GetMessageW
PostThreadMessageW
KillTimer
CharUpperW
SendMessageW
TranslateMessage
GetDC
CharNextW
SetTimer
UnregisterClassA

shlwapi

PathCombineW
PathFileExistsW

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.isete
Size: 1024B - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ