ebb244ecce69aab63492cb0dcaae06f9_JaffaCakes118 | Triage

Sharing

General

Target

ebb244ecce69aab63492cb0dcaae06f9_JaffaCakes118
Size

144KB
MD5

ebb244ecce69aab63492cb0dcaae06f9
SHA1

890cebdce52c7c169b5566853ddde6c5eadf2f39
SHA256

ab85af377e289f58ce0bcd0e607b8042e3f1994914a328068ad52689202949ef
SHA512

653a029e7ef07db4bf314230bc0e36e6a2ace7a582824fc201be23adffb2c8c2f50d561d51119c035673da5edfa27b5eda9239a5acbe750ddd7431132453874c
SSDEEP

3072:GIXm/KADhxbCCeps4LzvzXpsJUzPymmyzWecwS+EJhp/Wul2WO1NPsWTa:EKADrbCCeGops2zPymmyzR+peF1GWO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebb244ecce69aab63492cb0dcaae06f9_JaffaCakes118

Files

ebb244ecce69aab63492cb0dcaae06f9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d79b94d6d15eb3d4747f248603b73dd0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemAlloc
CLSIDFromString
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoGetClassObject

rpcrt4

RpcStringBindingComposeW
RpcStringFreeW
RpcSmDestroyClientContext
RpcBindingFromStringBindingW

shell32

SHGetFolderPathW
DragQueryFileW
DragFinish
CommandLineToArgvW
SHFileOperationW

comdlg32

GetFileTitleA

kernel32

GetVersionExW
FormatMessageW
InterlockedDecrement
LZOpenFileW
InterlockedIncrement
CreateFileW
CloseHandle
LocalAlloc
GetLocaleInfoW
GetComputerNameW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
InterlockedExchange
OpenProcess
GetModuleFileNameW

oleaut32

LHashValOfNameSys
GetRecordInfoFromTypeInfo
VarUI4FromDec
SysFreeString

Sections

.text
Size: 101KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ