JaffaCakes118_526b835901b8b4f60b93fdde9ff3ab24 | Triage

Sharing

General

Target

JaffaCakes118_526b835901b8b4f60b93fdde9ff3ab24
Size

197KB
MD5

526b835901b8b4f60b93fdde9ff3ab24
SHA1

8ef4c3b70b17c3b4365100c69a041e925c416352
SHA256

eb09ec619fcd2b6cf3f241f7b9558ebdbfaeaa50c9cf09487c1b4bb7053cd7a0
SHA512

87e4a30eec10af67d05c088aeaef42c874ac586d48a4ab719d919d0bdd638617d41acea22036afb20f6fe1cea5360b8bab4d8ccc2d6aa6a634092689056be788
SSDEEP

6144:NNfMDnq7e4/YmA5DT33jaQN5HnKvnFeDwOac8:rfM7q7LAhTHjzVnOwDwOn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_526b835901b8b4f60b93fdde9ff3ab24

Files

JaffaCakes118_526b835901b8b4f60b93fdde9ff3ab24
.exe windows:4 windows x86 arch:x86

19f14becfde17b7a6b27c6d75373fda4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
RegQueryValueExW
EncryptFileW
DecryptFileW

shlwapi

wnsprintfW

kernel32

CreateFiberEx
FileTimeToSystemTime
TerminateJobObject
GetTempPathW
EnumResourceNamesW
FlushFileBuffers
SetEvent
LocalAlloc
RaiseException

ole32

CreateClassMoniker
StringFromGUID2
CoUninitialize
CoAddRefServerProcess
CreateStreamOnHGlobal
GetRunningObjectTable
CoRegisterClassObject
CoDisconnectObject
CoInitialize
CoReleaseServerProcess
CoTaskMemFree
CLSIDFromString
CoCreateInstance
CoRevokeClassObject
CoRegisterMessageFilter
CoResumeClassObjects
CoTaskMemAlloc

user32

DispatchMessageW
PostThreadMessageW
RealGetWindowClass
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW

rpcrt4

UuidCreate

iphlpapi

NotifyRouteChange

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ