3d52e790f814eb194e53fda3d35a85ab_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3d52e790f814eb194e53fda3d35a85ab_JaffaCakes118
Size

174KB
MD5

3d52e790f814eb194e53fda3d35a85ab
SHA1

1e21322e0d4a884a1623065a564ac10547b14491
SHA256

382a304d1b40d515676314295f1d0b3fcdc7f6f7bef8667724adf9fa6f4333ef
SHA512

b3326cf2080ccb31fc117a8f67c417d13790d0feaa50f50a73f524a352d720665d9efad87ca9086c17501416f2c46ae0164bbe537481c69db85be489b765aa3c
SSDEEP

3072:Z6DY2zNaob/vjnnBN/rJ4XubDrosTfOwSyx0c6Cb9PfP9RapDnxTt6Iy:Z32AI/bBNZb5awLrFbBVopDnZy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d52e790f814eb194e53fda3d35a85ab_JaffaCakes118

Files

3d52e790f814eb194e53fda3d35a85ab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d2bc14b37cf40de6af8cc90491e528b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSFreeMemory
WTSRegisterSessionNotification

oleacc

LresultFromObject
AccessibleObjectFromPoint

kernel32

SystemTimeToFileTime
UnhandledExceptionFilter
LoadLibraryW
HeapFree
LocalAlloc
HeapAlloc
CloseHandle
CreateProcessA
GetLocaleInfoA
IsDebuggerPresent
HeapFree
Sleep
SetUnhandledExceptionFilter
GetModuleHandleA
GetCurrentThreadId
HeapSize
GetTickCount
GetThreadLocale
RaiseException
WideCharToMultiByte
EnumResourceTypesA
QueryPerformanceCounter
GetACP
lstrlenA
InterlockedExchange
MultiByteToWideChar
GetSystemTimeAsFileTime
CompareFileTime
GetProcessHeap
lstrlenW
HeapReAlloc
InterlockedCompareExchange
LoadLibraryExW
GetSystemTime
GetStdHandle
GetEnvironmentVariableA
GetCurrentProcessId
GetStartupInfoA
HeapDestroy
TerminateProcess
GetCurrentProcess
CreateFileW
WriteFile
lstrcpynW

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ