599e17672e466a099a421478181b9ee7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

599e17672e466a099a421478181b9ee7_JaffaCakes118
Size

174KB
MD5

599e17672e466a099a421478181b9ee7
SHA1

580f0367e4eb58254e5d003d845bcbd1cb6d420b
SHA256

06bad001f1807cdf0622d2983faffbcde66d63bcf9d7b8eac74d2c033d731415
SHA512

07703b5104676806d56497b973c87063e55bf20b6371cd0ddbfe86734b852963e27d213b628640117634b1b777b269d83ee70fc32819d91cfacef1d577c4c21f
SSDEEP

3072:DLFaexhZ7L27l1o2b1/pZ+I8ZsOYCliNgzENbLoSkJgq0veJ0Biyd9h:/FJRq7Po6ZJ82OQazybLjkJZ0Biyd9h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
599e17672e466a099a421478181b9ee7_JaffaCakes118

Files

599e17672e466a099a421478181b9ee7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7ff3384b811566fbf66f98c3633bbc11

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSEnumerateSessionsW
WTSRegisterSessionNotification

kernel32

CreateProcessA
HeapFree
GetCurrentThreadId
HeapFree
GetEnvironmentVariableA
InterlockedCompareExchange
HeapDestroy
GetStartupInfoA
LoadLibraryW
SetUnhandledExceptionFilter
LoadLibraryExW
WideCharToMultiByte
RaiseException
GetStdHandle
HeapReAlloc
GetLocaleInfoA
LocalAlloc
lstrlenA
HeapAlloc
GetSystemTime
WriteFile
EnumResourceTypesA
SystemTimeToFileTime
GetTickCount
InterlockedExchange
GetACP
GetProcessHeap
GetCurrentProcessId
IsDebuggerPresent
CompareFileTime
MultiByteToWideChar
CreateFileW
GetModuleHandleA
UnhandledExceptionFilter
HeapSize
QueryPerformanceCounter
CloseHandle
GetThreadLocale
lstrlenW
Sleep
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcess
lstrcpynW

oleacc

LresultFromObject
AccessibleObjectFromPoint

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ