df4c693b9632f100573a26820700465d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df4c693b9632f100573a26820700465d_JaffaCakes118
Size

153KB
MD5

df4c693b9632f100573a26820700465d
SHA1

173f6a75ebc47eb1ad62b4858520676bb1c0847a
SHA256

52a52c875828c5ff5109ed604868800a6c223d5660e4df2c1c96c23c9d69445f
SHA512

9eb948ae05f3dd9b5b01f83a81806c4e88af2de92cfa45557dbde78c2c86870dbd62060f69a890a8907b5efef49d10fb5dc0e742b69e547659d6ca0135703b01
SSDEEP

3072:PTVHWPyiRjnLrAJmT35O1sYZfrweE2IxdyzlEjmGrlW0s5EaPrVMtQ/m4:PB2Ke48TY6MseE5d6lEjbZs5lTVMtQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df4c693b9632f100573a26820700465d_JaffaCakes118

Files

df4c693b9632f100573a26820700465d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d79b94d6d15eb3d4747f248603b73dd0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemAlloc
CLSIDFromString
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoGetClassObject

rpcrt4

RpcStringBindingComposeW
RpcStringFreeW
RpcSmDestroyClientContext
RpcBindingFromStringBindingW

shell32

SHGetFolderPathW
DragQueryFileW
DragFinish
CommandLineToArgvW
SHFileOperationW

comdlg32

GetFileTitleA

kernel32

GetVersionExW
FormatMessageW
InterlockedDecrement
LZOpenFileW
InterlockedIncrement
CreateFileW
CloseHandle
LocalAlloc
GetLocaleInfoW
GetComputerNameW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
InterlockedExchange
OpenProcess
GetModuleFileNameW

oleaut32

LHashValOfNameSys
GetRecordInfoFromTypeInfo
VarUI4FromDec
SysFreeString

Sections

.text
Size: 83KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ