397dc62bd3148c708b2df4c9679c4664_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

397dc62bd3148c708b2df4c9679c4664_JaffaCakes118
Size

263KB
MD5

397dc62bd3148c708b2df4c9679c4664
SHA1

74d758acec82d9147bfd550a752882f8777e3958
SHA256

86d6ef394016c039e5e1e4ffb9255cdc89949230b149eb4dff18a1c1743f0ec6
SHA512

4b0368ea18a3e957473af29460b19aa75938289f661849dacb5a7df06876b4885668fee05a51bd14a80ea45b83b6fc51995eaa8088ad2da5adf007f1a5ca92b8
SSDEEP

6144:QVZuLZLynPHdWYf0RWcOv3MaL2NMC7+185wv/hdwtt5M0A:0Z2If0fSKc8I/he1M0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
397dc62bd3148c708b2df4c9679c4664_JaffaCakes118

Files

397dc62bd3148c708b2df4c9679c4664_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4243e53f54f26e17d9e41b166021321b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSUnRegisterSessionNotification
WTSEnumerateSessionsW
WTSRegisterSessionNotification

oleacc

LresultFromObject
AccessibleObjectFromEvent

kernel32

SetUnhandledExceptionFilter
HeapFree
GetACP
LoadLibraryExW
LocalAlloc
HeapFree
lstrlenA
CloseHandle
HeapDestroy
GetCurrentProcessId
LoadLibraryW
GetSystemTime
GetStartupInfoA
CreateProcessA
QueryPerformanceCounter
lstrlenW
HeapReAlloc
GetStdHandle
SystemTimeToFileTime
Sleep
HeapSize
MultiByteToWideChar
TerminateProcess
EnumResourceTypesW
GetThreadLocale
WideCharToMultiByte
CompareFileTime
GetEnvironmentVariableA
RaiseException
IsDebuggerPresent
CreateFileW
InterlockedExchange
GetCurrentThreadId
InterlockedCompareExchange
GetLocaleInfoA
UnhandledExceptionFilter
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentProcess
GetTickCount
GetProcessHeap
GetModuleHandleA
WriteFile
lstrcpynW

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ