04af90f50ec2034302ea25df92d03f6c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04af90f50ec2034302ea25df92d03f6c_JaffaCakes118
Size

178KB
MD5

04af90f50ec2034302ea25df92d03f6c
SHA1

15d4fb85aa29f5b2487c015357ae7e90ce5ffe5b
SHA256

ad06ce94b5bb783959698f6d249569b956b563f4665fb2c40d860184b37b009a
SHA512

daf161ad128f5930269cab5adc0da5d36fe11318f93405fd1e4624b03e2e6eb12ebec3aa12757a67de45d9b37fa3d4ab20181c6529f1d573962eaa8f27520843
SSDEEP

3072:ylIGXQavcshrw3HS5VQuvWhLJ7DrEYnie82FBxafpExmJ6jI:ylxDEX2ApJ7DrJ8gBUfXJ6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04af90f50ec2034302ea25df92d03f6c_JaffaCakes118

Files

04af90f50ec2034302ea25df92d03f6c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8ba573c577e3831f250fc9ab03b1f6c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StringFromIID
ProgIDFromCLSID
CoTaskMemFree
StringFromCLSID

kernel32

ExitProcess
CreateProcessA
VirtualQueryEx
lstrlenA
MultiByteToWideChar
GetACP
lstrlenW
GetEnvironmentVariableA
GetLocaleInfoA
UnhandledExceptionFilter
WideCharToMultiByte
EnumResourceNamesW
RaiseException
LocalAlloc
GetModuleHandleA
GetCPInfoExA
InterlockedExchange
GetCurrentProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetThreadLocale

oleacc

LresultFromObject
CreateStdAccessibleObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegOpenKeyA
RegSetValueExA

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ