26603b81b46c648229d22d3b7153ce4b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26603b81b46c648229d22d3b7153ce4b_JaffaCakes118
Size

160KB
MD5

26603b81b46c648229d22d3b7153ce4b
SHA1

49d6152561d246f5b32e740c0eaf93703917bc76
SHA256

abd22b0ed309e912148a791f46ef7235371ecf8a9ce82a981bb6ab19378ec66b
SHA512

9003186bf605792720cde38e225b157e3ad25706069d4d443d0b8ebef93649220f10306020fb08752b33f4dc9974cff578844369e5d7ddf33f72bb837f53fe06
SSDEEP

3072:BNv+STu3yFSEj/t5qToJg4ZWZI+cU+fULkD41rNalxMOWfTf:Nu3GLjl5qUJgD++cUfLK45NabMNj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26603b81b46c648229d22d3b7153ce4b_JaffaCakes118

Files

26603b81b46c648229d22d3b7153ce4b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4d10f2e5aaed5b81369f2da1c9cc1c02

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW
WTSRegisterSessionNotification

oleacc

LresultFromObject
AccessibleObjectFromPoint

kernel32

GetTickCount
HeapFree
QueryPerformanceCounter
CreateFileW
GetSystemTime
GetLocaleInfoA
HeapSize
lstrlenA
GetSystemTimeAsFileTime
HeapAlloc
GetEnvironmentVariableA
lstrlenW
TerminateProcess
UnhandledExceptionFilter
CreateProcessA
IsDebuggerPresent
GetStdHandle
GetACP
LoadLibraryW
EnumResourceTypesA
HeapReAlloc
MultiByteToWideChar
GetCurrentThreadId
WideCharToMultiByte
CloseHandle
HeapDestroy
InterlockedExchange
GetProcessHeap
SystemTimeToFileTime
LocalAlloc
RaiseException
HeapFree
GetCurrentProcessId
CompareFileTime
GetStartupInfoA
InterlockedCompareExchange
GetCurrentProcess
LoadLibraryExW
GetThreadLocale
GetModuleHandleA
Sleep
SetUnhandledExceptionFilter
WriteFile
lstrcpynW

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ