6adc792da97cbdb438c512e494c6ac01_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6adc792da97cbdb438c512e494c6ac01_JaffaCakes118
Size

263KB
MD5

6adc792da97cbdb438c512e494c6ac01
SHA1

344d1311025323a640165838e5985a7c4783e971
SHA256

1576af2685f027fef31dc46cf7c91f9eeaf609e4365469cb4dcd07f2ab792f1b
SHA512

1c1b3b62c180fc6bd4be8a28c14714ab2542b9fc2e05cdad3fca0c965767d9a67c03f0445c2160d7fab88dc8f343d76de2de745ddadacc42c838a57711f48063
SSDEEP

6144:71h30Vosxc8fMpRTUQtl0YKywvXTihzh:715ScfpuQtl0KATiZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6adc792da97cbdb438c512e494c6ac01_JaffaCakes118

Files

6adc792da97cbdb438c512e494c6ac01_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ef9e1ca197652af716e46e44af5b8a2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateSessionsW
WTSUnRegisterSessionNotification
WTSQuerySessionInformationW
WTSFreeMemory
WTSRegisterSessionNotification

kernel32

lstrlenA
GetStdHandle
CreateFileW
HeapFree
InterlockedCompareExchange
CloseHandle
SystemTimeToFileTime
WriteFile
GetSystemTimeAsFileTime
GetCurrentThreadId
HeapFree
LoadLibraryW
GetModuleHandleA
GetACP
GetCurrentProcessId
LoadLibraryExW
SetUnhandledExceptionFilter
GetThreadLocale
IsDebuggerPresent
GetTickCount
GetStartupInfoA
EnumResourceTypesW
UnhandledExceptionFilter
TerminateProcess
WideCharToMultiByte
Sleep
HeapReAlloc
CompareFileTime
GetSystemTime
CreateProcessA
GetProcessHeap
GetCurrentProcess
MultiByteToWideChar
QueryPerformanceCounter
GetEnvironmentVariableA
RaiseException
lstrlenW
InterlockedExchange
HeapDestroy
LocalAlloc
GetLocaleInfoA
HeapSize
HeapAlloc
lstrcpynW

oleacc

LresultFromObject
AccessibleObjectFromEvent

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ