011254500481564dd04f2bceabd12418_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

011254500481564dd04f2bceabd12418_JaffaCakes118
Size

174KB
MD5

011254500481564dd04f2bceabd12418
SHA1

529b1fad6de0f34f28d12b26fac6c15678c4bd04
SHA256

e8ba55db7924f5f94cfd95a1252c75198e13febca8fae5588ba7b8aea74f4e13
SHA512

b6a1151490f5e96ba7fba08ed35f684ec53ce3951123c761499c0430a040668d06a2a533cde473ddbfbf0e7ddb693faaeb36994e4a43a703ef7a0e7e38939a8d
SSDEEP

3072:O1woANfMqPj3o14nVBW0k1ZAyHaWy+1Gh6qdS/bad1NWOycNv/u0URSUD70fA7VV:OWFfhO4VBW0kUyHqoA6q9/vTd80fARD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
011254500481564dd04f2bceabd12418_JaffaCakes118

Files

011254500481564dd04f2bceabd12418_JaffaCakes118
.exe windows:4 windows x86 arch:x86

10c562d3b07784c741ab31b02697ca0d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory

kernel32

GetStartupInfoA
TerminateProcess
GetACP
HeapFree
LocalAlloc
HeapDestroy
RaiseException
lstrlenA
HeapSize
GetSystemTime
GetModuleHandleA
GetCurrentProcessId
CloseHandle
HeapReAlloc
InterlockedExchange
GetEnvironmentVariableA
GetCurrentProcess
Sleep
LoadLibraryW
IsDebuggerPresent
GetThreadLocale
SystemTimeToFileTime
MultiByteToWideChar
GetStdHandle
EnumResourceTypesA
UnhandledExceptionFilter
CompareFileTime
SetUnhandledExceptionFilter
InterlockedCompareExchange
GetCurrentThreadId
lstrlenW
GetProcessHeap
GetTickCount
HeapAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
WideCharToMultiByte
GetLocaleInfoA
WriteFile
CreateFileW
CreateProcessA
HeapFree
LoadLibraryExW
lstrcpynW

oleacc

LresultFromObject
AccessibleObjectFromPoint

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ