67b576cc961dcb8b8ab52e2d91482cf5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

67b576cc961dcb8b8ab52e2d91482cf5_JaffaCakes118
Size

263KB
MD5

67b576cc961dcb8b8ab52e2d91482cf5
SHA1

372d043736fac1f4e60925eb0e8c4dfd9941aff8
SHA256

b5ef53f5b2b62741f6712700f7384198ab20a7822e624f0babab874dcfe35678
SHA512

6b676b23fc407e421202f68c4e905f0aba9994f45789be304cadeb8ed9225fcb09b4e430d8a7f0a1514b686c6d51c1f3a383a2029044595f7ca5ee57b83f91e5
SSDEEP

6144:2D8hKG6f6UFvoalr4lkz1Fxqo2GKcYEK6bSd:24wG6SUFQ321FxqZHKS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67b576cc961dcb8b8ab52e2d91482cf5_JaffaCakes118

Files

67b576cc961dcb8b8ab52e2d91482cf5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8c7f6f3d2465f0c51a6a4625b6528617

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

oleacc

LresultFromObject
AccessibleObjectFromEvent

kernel32

LoadLibraryW
GetStdHandle
GetProcessHeap
GetThreadLocale
CreateProcessA
GetStartupInfoA
GetModuleHandleA
HeapFree
HeapAlloc
GetCurrentProcessId
lstrlenW
HeapDestroy
QueryPerformanceCounter
HeapFree
CreateFileW
UnhandledExceptionFilter
MultiByteToWideChar
GetACP
GetEnvironmentVariableA
EnumResourceTypesW
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
IsDebuggerPresent
HeapSize
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
Sleep
CompareFileTime
WideCharToMultiByte
InterlockedExchange
LocalAlloc
HeapReAlloc
GetCurrentThreadId
GetTickCount
GetLocaleInfoA
InterlockedCompareExchange
TerminateProcess
RaiseException
CloseHandle
LoadLibraryExW
lstrlenA
lstrcpynW

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ