e39f84c4738f5e8a1cdf4cbe25e55289_JaffaCakes118 | Triage

Sharing

General

Target

e39f84c4738f5e8a1cdf4cbe25e55289_JaffaCakes118
Size

225KB
MD5

e39f84c4738f5e8a1cdf4cbe25e55289
SHA1

a0d07204a406452f664b9894a55c963af03dbbf2
SHA256

ca6661df5965e0412f57c2609b258dbfa3d6070b13742bbee23f0da3e96c1f08
SHA512

ff706c840ba0e72e283f6a460ab74191d83b807e0390dbcdd452e77fd2dea5056eede2459f39fa7839d00aa3b90e70b1bc0df83001af441bcc16c7796d31aaa5
SSDEEP

6144:9eujFBvOJcyDM2FkANE3QE0huQUnggHTQ4mhmCLv3/G4+6:9eujvOJcylFkANE3QnY5gC846mCLv/O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e39f84c4738f5e8a1cdf4cbe25e55289_JaffaCakes118

Files

e39f84c4738f5e8a1cdf4cbe25e55289_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b3b053e27c598804dc35a9732bd43d68

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateFiberEx
SetEvent
TerminateJobObject
LocalAlloc
EnumResourceNamesW
FlushFileBuffers
FileTimeToSystemTime
GetTempPathW
RaiseException

user32

TranslateMessage
MsgWaitForMultipleObjects
DispatchMessageW
RealGetWindowClass
PostThreadMessageW
PeekMessageW

rpcrt4

UuidCreate

ole32

GetRunningObjectTable
CreateClassMoniker
CoResumeClassObjects
StringFromGUID2
CoReleaseServerProcess
CLSIDFromString
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
CoAddRefServerProcess
CoRevokeClassObject
CoRegisterMessageFilter
CoUninitialize
CoRegisterClassObject
CoInitialize
CoDisconnectObject
CoTaskMemAlloc

advapi32

EncryptFileW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
DecryptFileW

shlwapi

wnsprintfW

iphlpapi

NotifyRouteChange

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ