e5f25c2398764d8aa62c568a74e54413_JaffaCakes118 | Triage

Sharing

General

Target

e5f25c2398764d8aa62c568a74e54413_JaffaCakes118
Size

175KB
MD5

e5f25c2398764d8aa62c568a74e54413
SHA1

73aa4998e67930ea5bcc54b047b2b68de28f8ecf
SHA256

1d794426f4cfab8eb3f0a732c0a6804acf64f03b00e442d80e47ea5725a18549
SHA512

4d21c5a3cffa684a4021d8a9038de8fb227e9ec45a4fb50113fe1338b26ed987f0da57551ae93e96e0927bc64f58d6f8988382a6df768a7857fb90fbfc865d67
SSDEEP

3072:J7otOM1Lmo9ZK9Xu7QNbOw6ucekmLet2Qe697vxzB5umMcpIOmiqtq:s/ZKxu7Q99smat2gvxB5LpIOmis

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e5f25c2398764d8aa62c568a74e54413_JaffaCakes118

Files

e5f25c2398764d8aa62c568a74e54413_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c65db5eb45bee2623312983775390380

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StringFromIID
ProgIDFromCLSID
CoTaskMemFree
StringFromCLSID

kernel32

MultiByteToWideChar
GetCurrentProcess
VirtualQueryEx
lstrlenA
UnhandledExceptionFilter
LocalAlloc
GetSystemTimeAsFileTime
WideCharToMultiByte
GetLocaleInfoA
lstrlenW
QueryPerformanceCounter
RaiseException
EnumResourceNamesW
GetStartupInfoA
InterlockedCompareExchange
GetACP
ExitProcess
IsDebuggerPresent
GetCPInfoExW
GetEnvironmentVariableA
SetUnhandledExceptionFilter
Sleep
CreateProcessA
GetTickCount
GetModuleHandleA
GetCurrentThreadId
GetCurrentProcessId
InterlockedExchange
GetThreadLocale

advapi32

RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegOpenKeyA
RegDeleteKeyA
RegSetValueExA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ