f0ae79bbe8eee0f6521cddf78f9da58a_JaffaCakes118 | Triage

Sharing

General

Target

f0ae79bbe8eee0f6521cddf78f9da58a_JaffaCakes118
Size

209KB
MD5

f0ae79bbe8eee0f6521cddf78f9da58a
SHA1

b107cc16ab771802270642919ca545116ebce1e3
SHA256

96d6de4ad7e0bb8e549a3f8d211fbe909ad12099b22d24306781609b5837e74b
SHA512

05a17e9287bbbdcab07ddb16cf090afd0ea3267ea00b3339c4b50dc90fd00cbd6e73dc4a6693871707a52bbdb62704aa2815e6f07eaa6de68725b6d4802657a6
SSDEEP

3072:FuA7oFFY/p43Z4V+iU5ZHkvWcgznIYnYXBOg6OBr7X2voeJ0GJoArILaJYEmQ1Gs:Ff/eBn7vzv8BN7X2gZGBIuTmQ1P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0ae79bbe8eee0f6521cddf78f9da58a_JaffaCakes118

Files

f0ae79bbe8eee0f6521cddf78f9da58a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

109ff6d29236013440220ab4414cb04b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

shlwapi

wnsprintfW

rpcrt4

UuidCreate

iphlpapi

NotifyRouteChange

advapi32

RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
EncryptFileW
RegOpenKeyExA
RegCloseKey
DecryptFileW

kernel32

CreateFiberEx
GetTempPathW
TerminateJobObject
LocalAlloc
EnumResourceNamesW
FlushFileBuffers
FileTimeToSystemTime
SetEvent
RaiseException

ole32

CreateStreamOnHGlobal
CoRevokeClassObject
CoResumeClassObjects
CLSIDFromString
CoRegisterClassObject
CoInitialize
CoAddRefServerProcess
CoCreateInstance
StringFromGUID2
GetRunningObjectTable
CreateClassMoniker
CoTaskMemFree
CoReleaseServerProcess
CoDisconnectObject
CoUninitialize
CoRegisterMessageFilter
CoTaskMemAlloc

user32

MsgWaitForMultipleObjects
PostThreadMessageW
TranslateMessage
RealGetWindowClass
DispatchMessageW
PeekMessageW

Sections

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ