43016edd3cc576fa08ed5a12cf32ee00_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

43016edd3cc576fa08ed5a12cf32ee00_JaffaCakes118
Size

171KB
MD5

43016edd3cc576fa08ed5a12cf32ee00
SHA1

6362021b9bf960efa542baad11e0105b50feab88
SHA256

e6405f23be2935162f1b7c0573746f1a49511906f4143f3ef20c6be2528254de
SHA512

bf9db280b0df9b709f6d3b486ff4f0fbc42f471e514a83a53c615d6fcc71db988a7294d30c25c41fd649934e940a97e431d02a13b6077ddf2faa5022b64092a4
SSDEEP

3072:nWVGjHfSs6g6NCPihWEea1DPJL6/4O52n2zBOtcvx:WQjU86PjJW/x5BzR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43016edd3cc576fa08ed5a12cf32ee00_JaffaCakes118

Files

43016edd3cc576fa08ed5a12cf32ee00_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c90e86af000afb0a282de767ed39f4a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCalendarInfoW
SetFilePointer
EnterCriticalSection
RaiseException
HeapSize
InitializeCriticalSection
VirtualFree
GetACP
GetCPInfo
IsValidCodePage
EnumResourceNamesA
SetEndOfFile
HeapDestroy
ExitProcess
FreeEnvironmentStringsA
RtlUnwind
LeaveCriticalSection
DeleteCriticalSection
GetOEMCP
HeapCreate
GetStartupInfoA
HeapReAlloc
ReadFile

rpcrt4

UuidCreate

oleacc

LresultFromObject
CreateStdAccessibleObject

ole32

CoGetMalloc
CoTaskMemFree
CoInitializeEx
CoQueryProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket
StringFromGUID2

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ