e045f2e581f8b25a69c3cb7dd8b391c3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e045f2e581f8b25a69c3cb7dd8b391c3_JaffaCakes118
Size

152KB
MD5

e045f2e581f8b25a69c3cb7dd8b391c3
SHA1

e549b9b70d60ad85fabcd86a6dc1a1fa65536700
SHA256

10428d47f525a92490eb33f81b5b995ac7bdeef0e513a673a2478fdbd16b076a
SHA512

aca5e735852ff3ad6c2d9ebd4fb19403df0c8257001baa296a2f4d5db5f6336bf9cbe070758c0e3efe802d5980c88ddd011e3fc2d40057fc81ba4d6e4bd66801
SSDEEP

3072:QDJi3ozPpCRfAYrz7idp5BF/vgbT1ch6+7cdEI4RSB5x:Oi4zaAu7idp5BF/vYTuh6+PI4RSf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e045f2e581f8b25a69c3cb7dd8b391c3_JaffaCakes118

Files

e045f2e581f8b25a69c3cb7dd8b391c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cbf510b0ddc12ea98f1682b545752094

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemAlloc
CLSIDFromString
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoGetClassObject

rpcrt4

RpcStringBindingComposeW
RpcStringFreeW
RpcSmDestroyClientContext
RpcBindingFromStringBindingW

shell32

SHGetFolderPathW
DragQueryFileW
DragFinish
CommandLineToArgvW
SHFileOperationW

user32

wvsprintfA

kernel32

GetLogicalDriveStringsA
GetSystemTimeAsFileTime
GetProcessHeap
CreateConsoleScreenBuffer
GetModuleHandleW
CreateProcessA
GetTempFileNameA
HeapFree
HeapAlloc
LoadLibraryW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess

oleaut32

LHashValOfNameSys
GetRecordInfoFromTypeInfo
VarUI4FromDec
SysFreeString

Sections

.text
Size: 58KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ