JaffaCakes118_48a82a96f04c08a6d97a128c65b6e334 | Triage

Sharing

General

Target

JaffaCakes118_48a82a96f04c08a6d97a128c65b6e334
Size

201KB
MD5

48a82a96f04c08a6d97a128c65b6e334
SHA1

7fb1459224a9510db5fa5da1c23f940467be9602
SHA256

cfe85bd1b45e2c88ff7fe9f0eaaaa332855ac57420a2e5407ae23ca3f375c534
SHA512

847e08e01708d46d1d1d3f2ecc8885aa2d9662fe18ee7aa2871b436fe51d672ca4f0b5eadd931573a7d42a3b6f293a741065e022cfdbd8727a214f50b0999284
SSDEEP

6144:r6chrPR1SsXlg++3GOw57MJbUIToOiAev/a:r9r1SsXlHdb57MSMoF/a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_48a82a96f04c08a6d97a128c65b6e334

Files

JaffaCakes118_48a82a96f04c08a6d97a128c65b6e334
.exe windows:4 windows x86 arch:x86

c33bacea6947f3c32492c068d735190c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

rpcrt4

UuidCreate

kernel32

CreateFiberEx
SetEvent
TerminateJobObject
LocalAlloc
EnumResourceNamesW
FlushFileBuffers
FileTimeToSystemTime
GetTempPathW
RaiseException

advapi32

RegCloseKey
EncryptFileW
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
DecryptFileW

shlwapi

wnsprintfW

iphlpapi

NotifyRouteChange

ole32

CoResumeClassObjects
CoInitialize
CoDisconnectObject
CreateStreamOnHGlobal
CoTaskMemFree
CoUninitialize
CreateClassMoniker
CoRegisterClassObject
StringFromGUID2
CoReleaseServerProcess
CoAddRefServerProcess
GetRunningObjectTable
CoRegisterMessageFilter
CoCreateInstance
CLSIDFromString
CoRevokeClassObject
CoTaskMemAlloc

user32

MsgWaitForMultipleObjects
RealGetWindowClass
DispatchMessageW
TranslateMessage
PostThreadMessageW
PeekMessageW

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ