539828c6570d6dec2aed0721ce7c394a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

539828c6570d6dec2aed0721ce7c394a_JaffaCakes118
Size

157KB
MD5

539828c6570d6dec2aed0721ce7c394a
SHA1

e646158a3d7664098dac74cac8b8fbde722743d1
SHA256

fc5902104f09f34fb32c4ae763d31c7511d3d7982d891fa5b753a3770b656dca
SHA512

1a7a3620e26798b95ddea7ad3209727a582a34ee70556b72d3ee88711500a4beae984609fc6815b8f3653f95bc38e4a25a5256afa2128bc808496c3dd20a75e8
SSDEEP

3072:Vp9pZqP95Oh1DDyjRvnwKU9LfnnOgW4jKIWO977dW18DjVjR:DZE5+13ylvwnDn8O9HdqqJj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
539828c6570d6dec2aed0721ce7c394a_JaffaCakes118

Files

539828c6570d6dec2aed0721ce7c394a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2a8ea0b6c41b74277cff0fe62f2ee1d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemAlloc
CLSIDFromString
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoGetClassObject

rpcrt4

RpcStringBindingComposeW
RpcStringFreeW
RpcSmDestroyClientContext
RpcBindingFromStringBindingW

shell32

SHGetFolderPathW
DragQueryFileW
DragFinish
CommandLineToArgvW
SHFileOperationW

comdlg32

GetFileTitleA

kernel32

GetLogicalDriveStringsW
HeapFree
HeapAlloc
CreateToolhelp32Snapshot
LoadLibraryW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
GlobalFree

oleaut32

LHashValOfNameSys
GetRecordInfoFromTypeInfo
VarUI4FromDec
SysFreeString

Sections

.text
Size: 90KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ