0b9ca9ad0a9f64b0e447ca2d8c932935_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b9ca9ad0a9f64b0e447ca2d8c932935_JaffaCakes118
Size

174KB
MD5

0b9ca9ad0a9f64b0e447ca2d8c932935
SHA1

1f70e81489c3641c73648bab0b9922e8dcb408aa
SHA256

7d0f013e08a7a77a7b079e2c1b1beb07b9def5009703da0e679e81002018c7d2
SHA512

4141fd79848639aa80f817fddac7ac1405383cd108c90a4735cf56119b5446d0822383339956ded75044e71e6ca7f993e64ede68061c75a25805ac2069ac0c3f
SSDEEP

3072:17KEkWpgqxZbQpDXfvA8uSwpmi7etazfrkGoeAb6ij+p1eSZZIZxjeWTAt8:17KEkWWqxZbWfkS0F7aaDrfH/reKIZxH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b9ca9ad0a9f64b0e447ca2d8c932935_JaffaCakes118

Files

0b9ca9ad0a9f64b0e447ca2d8c932935_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d0f25250b18dd4a6896b69670922442b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSUnRegisterSessionNotification
WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSRegisterSessionNotification

kernel32

CreateProcessA
GetCurrentProcessId
GetStartupInfoA
HeapFree
SetUnhandledExceptionFilter
CloseHandle
lstrlenW
GetTickCount
HeapDestroy
CreateFileW
HeapFree
MultiByteToWideChar
HeapAlloc
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentVariableA
TerminateProcess
lstrlenA
GetCurrentProcess
HeapReAlloc
InterlockedExchange
RaiseException
EnumResourceTypesW
LoadLibraryExW
GetStdHandle
GetProcessHeap
GetCurrentThreadId
UnhandledExceptionFilter
GetModuleHandleA
IsDebuggerPresent
InterlockedCompareExchange
CompareFileTime
GetThreadLocale
LocalAlloc
GetSystemTime
Sleep
GetSystemTimeAsFileTime
SystemTimeToFileTime
HeapSize
LoadLibraryW
WideCharToMultiByte
GetACP
WriteFile
lstrcpynW

oleacc

LresultFromObject
AccessibleObjectFromEvent

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ