176d58a084b699d14791ddaf6f2fb589_JaffaCakes118 | Triage

Sharing

General

Target

176d58a084b699d14791ddaf6f2fb589_JaffaCakes118
Size

44KB
MD5

176d58a084b699d14791ddaf6f2fb589
SHA1

56de1806ae4d5bebb58dee4f592ca1b42946e931
SHA256

83b9a987e99f90c844bd2e240bd3f8c49fabf3f56d20e48a9c452a4ca6f92edc
SHA512

4cdbb69c2d41e32acbf65cc9b3a04069445a316554aba46cbbb1e20c3dcd96c6afb9cd31c48f6f9bf3d9805b68a00b6a0ae26747b7f4d5410defa620068774e5
SSDEEP

768:Cwx7tzB0KzODODhjSiT0ft4LilDVVO34RxRiXlpMbx:CcLFwOrZLAb04RxR8lyb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
176d58a084b699d14791ddaf6f2fb589_JaffaCakes118

Files

176d58a084b699d14791ddaf6f2fb589_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0892d04762df372ef4f9e9e12dbad306

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemPowerStatus
GetModuleHandleA
VirtualProtect
CreateMailslotA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcessHeap
GetModuleHandleW
CreateProcessA
GetTempFileNameA

ole32

CoCreateInstance
CoUninitialize

user32

wsprintfA

secur32

GetUserNameExW

shell32

SHGetFolderPathA

oleaut32

CreateErrorInfo
SafeArraySetRecordInfo
VarFormatFromTokens
SetErrorInfo

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ