16560efb1eae790135c2a7f7380e0e06_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16560efb1eae790135c2a7f7380e0e06_JaffaCakes118
Size

311KB
MD5

16560efb1eae790135c2a7f7380e0e06
SHA1

2fd155129dd8894f131e8d38a2b1cc9e9c7cff07
SHA256

e6f77f743d13a763401fdde76e8f971c514ecf4d66adb447da15d45ebd3f7317
SHA512

47f6467cb68013cc26ee547357a53542d7c255d90246c47a720518314723f334bd4e3c405b8ad537336b6043819ea09742cf3dd7a5711fadf3c6b9cea2553754
SSDEEP

6144:ZfSby/0nKkjt6U917asZ1r0yVb+yB7vmK/bv+A8B5BddBxJ592v:okgZfirYWA8bBnS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16560efb1eae790135c2a7f7380e0e06_JaffaCakes118

Files

16560efb1eae790135c2a7f7380e0e06_JaffaCakes118
.exe windows:4 windows x86 arch:x86

14d7b8fa7b943fe7eb3132d50481dcdd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoCreateInstance

gdi32

CreateFontIndirectW
GetLayout

oleaut32

VarBstrCmp
SysStringLen
GetErrorInfo
VariantInit
SysAllocStringLen
SysStringByteLen
SysAllocString
SysAllocStringByteLen
VariantClear
SysFreeString

kernel32

lstrlenW
IsDebuggerPresent
lstrlenA
DeleteCriticalSection
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
GetModuleHandleA
VirtualAlloc

user32

GetDC
DialogBoxIndirectParamW
CreateAcceleratorTableA
LoadMenuW
DestroyCursor
OffsetRect
LoadImageA
LoadImageW
wsprintfW
MonitorFromRect
EnumWindows
WinHelpA
ShowCursor
SetActiveWindow
FindWindowA
CharPrevA
CheckMenuItem
IsIconic
LoadIconA

corpol

CORLockDownProvider
DllUnregisterServer

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ