38b0a6e7d467c26bbbd5df0fad359777_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38b0a6e7d467c26bbbd5df0fad359777_JaffaCakes118
Size

285KB
MD5

38b0a6e7d467c26bbbd5df0fad359777
SHA1

b7b1ac6af401684ea52a04ba84336dade6b56e4b
SHA256

b30c87e0114623dc03d4d16a14ef0ccdca7601119e84814126cda6f981090135
SHA512

e93f83d24d2435a78316d7074d0a1c5979bbb8a0c7d694f0b95d5d1b730460f4fb966441d13720c1831dbc3a2431860c8911c3c9ec710b3cf5ae2569deb48d04
SSDEEP

6144:w0JNZWQfyg/Rk+acBpn9ActsHohAmz/sXgKuQS6ER9o1u:wMNZ/yOYwnaHSAksXgKo9oA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38b0a6e7d467c26bbbd5df0fad359777_JaffaCakes118

Files

38b0a6e7d467c26bbbd5df0fad359777_JaffaCakes118
.exe windows:4 windows x86 arch:x86

968b32a06835150eaa4f47c45ae8f852

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CreateFontIndirectW

ole32

CoTaskMemFree
CoCreateInstance
StringFromCLSID
CLSIDFromString

oleaut32

GetErrorInfo
VariantClear
VariantInit
VarBstrCmp
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocStringLen
SysFreeString

kernel32

UnhandledExceptionFilter
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
IsDebuggerPresent
lstrlenW
GetCurrentThreadId
lstrlenA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateMutexA
VirtualAlloc
GetVersion

iernonce

RunOnceExProcess

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 249KB - Virtual size: 13.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ