5c2cb113f5fef1b813ee3939dc163c2f_JaffaCakes118 | Triage

Sharing

General

Target

5c2cb113f5fef1b813ee3939dc163c2f_JaffaCakes118
Size

174KB
MD5

5c2cb113f5fef1b813ee3939dc163c2f
SHA1

9c4afe03cd24930965970fd59c492aa66c194a74
SHA256

0bbab2f7cb93084b2fdd0595904d9391cd5a83c4e73b6cbc6314a2cc46c21645
SHA512

640eb286f99a1e7bd5aface0e8252677607af1b1edacba5c55c710cefe01c9096dab8e168bfc56263f02ebc266fc9e9b1abb56fe30cdb5c4b8423f0ff707b9e0
SSDEEP

3072:gpc3MyQEOZxhVvSMsYRfcwcgZGgDIYtis8Q/2rd5E2a:gpNyQE+iC9cwZGA6Qv2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c2cb113f5fef1b813ee3939dc163c2f_JaffaCakes118

Files

5c2cb113f5fef1b813ee3939dc163c2f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6ba4ff418082698e4e5ab2f6d4e379dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

kernel32

HeapFree
WriteFile
QueryPerformanceCounter
GetStdHandle
TerminateProcess
RaiseException
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetCurrentProcessId
GetModuleHandleA
SetUnhandledExceptionFilter
GetCurrentProcess
LoadLibraryExW
GetACP
UnhandledExceptionFilter
Sleep
GetCurrentThreadId
HeapDestroy
IsDebuggerPresent
lstrlenA
EnumResourceTypesA
MultiByteToWideChar
CloseHandle
HeapAlloc
lstrlenW
GetLocaleInfoA
WideCharToMultiByte
CreateProcessA
HeapFree
GetSystemTime
CompareFileTime
GetEnvironmentVariableA
LoadLibraryW
GetStartupInfoA
GetTickCount
GetProcessHeap
GetThreadLocale
CreateFileW
HeapSize
InterlockedCompareExchange
LocalAlloc
InterlockedExchange
HeapReAlloc
lstrcpynW

oleacc

LresultFromObject
AccessibleObjectFromPoint

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ