dfebb9613391dd1862e08a8d230964f3_JaffaCakes118 | Triage

Sharing

General

Target

dfebb9613391dd1862e08a8d230964f3_JaffaCakes118
Size

368KB
MD5

dfebb9613391dd1862e08a8d230964f3
SHA1

73def5c9d56f401c3f72cf992cc104a516c3499d
SHA256

d0199979d2a74aecb9bdf8468db05972e80bdde1a073882cd9f7fa214b0968fb
SHA512

8f6451ec41821e66bdc9d0d358fe150c9945d31a7fcc690a34f13f3bbdf37d070c4bf01405b5dd71798f3436999ff9ea8adc2d644b3d553d8ba083fd09698988
SSDEEP

6144:gNa1crY6r8qLJSIm13nsSzbE1iZXCJo+83i3s1Se8b4lkaR6n87+KB3agqxO7zkL:gAvKxLJ/m13smDZXP+x8ke8klsn87DKR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfebb9613391dd1862e08a8d230964f3_JaffaCakes118

Files

dfebb9613391dd1862e08a8d230964f3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

af94095de726676ca0d300f548f824b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtAllocateVirtualMemory

kernel32

Sleep

msvcrt

malloc
_adjust_fdiv
_initterm
free

rpcrt4

IUnknown_AddRef_Proxy
CStdStubBuffer_CountRefs
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrOleAllocate
NdrCStdStubBuffer_Release
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
NdrStubCall2
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
IUnknown_QueryInterface_Proxy
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrOleFree
CStdStubBuffer_IsIIDSupported
NdrDllCanUnloadNow
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
NdrStubForwardingFunction
CStdStubBuffer_Connect

mpr

WNetEnumResourceA

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ