fcaf18d8a906e267f6523b6cf3a2cf63_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fcaf18d8a906e267f6523b6cf3a2cf63_JaffaCakes118
Size

152KB
MD5

fcaf18d8a906e267f6523b6cf3a2cf63
SHA1

685e6e906c181ddbecc8c3ca0a53006c84c9d77f
SHA256

6424bcf02c33f45fb8f110216ea248c13814689d9ec96d6dfdbc775cf2e387b0
SHA512

70200e0dac57f2119ee1fe45e782f7ae974a024e4f74a397538bcd32a275b64a1e844bb7166cef9c69b6a1b9bba57363672ae667925ba204aefb5e737e921208
SSDEEP

3072:Wm2aYTgOtf+9SVeVokqo/Nczl/TkvWw6X1zaFuE5LtQdHOeb:4aQzJqVokq6NIlww1zxEDEHOeb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcaf18d8a906e267f6523b6cf3a2cf63_JaffaCakes118

Files

fcaf18d8a906e267f6523b6cf3a2cf63_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5da8217c119759a92c7e433f8ab0eba3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemAlloc
CLSIDFromString
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoGetClassObject

rpcrt4

RpcStringBindingComposeW
RpcStringFreeW
RpcSmDestroyClientContext
RpcBindingFromStringBindingW

shell32

SHGetFolderPathW
DragQueryFileW
DragFinish
CommandLineToArgvW
SHFileOperationW

comdlg32

GetFileTitleA

kernel32

GetVersionExW
FormatMessageW
InterlockedDecrement
CreateToolhelp32Snapshot
InterlockedIncrement
CreateFileW
CloseHandle
LocalAlloc
GetLocaleInfoW
GetComputerNameW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
InterlockedExchange
OpenProcess
GetModuleFileNameW

oleaut32

LHashValOfNameSys
GetRecordInfoFromTypeInfo
VarUI4FromDec
SysFreeString

Sections

.text
Size: 76KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 282B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ