703e87492193d7eaebcca34f228e7ca2_JaffaCakes118

General

Target

703e87492193d7eaebcca34f228e7ca2_JaffaCakes118
Size

263KB
MD5

703e87492193d7eaebcca34f228e7ca2
SHA1

a8db4aa708adf8895fd2bcc8519410cc6f698c34
SHA256

d108776e02645333939d3f2b822a7f775465922a578029086a54ba30c6ca76b5
SHA512

f161cb5c5feeeef2d44b3bc6d48eb85ff181177849fce14631f6651bbcddefe340c71690ffabeac4512492d53526f7178cdf0b7bd9ae3bb65578dbc7f9ddb781
SSDEEP

3072:TDNdTYgAdbAunnJn0jpOkrIY/2TOlf4z2yrd1ZJn/UFOMnd94VsX0p1Kdl0DuA61:LY+BJ2iVKLZp8FXd942X0pwdCDufd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
703e87492193d7eaebcca34f228e7ca2_JaffaCakes118

Files

703e87492193d7eaebcca34f228e7ca2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

18b6f7bdf3100acdea09e1f402e91aff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSUnRegisterSessionNotification
WTSEnumerateSessionsW
WTSRegisterSessionNotification

oleacc

LresultFromObject
AccessibleObjectFromEvent

kernel32

HeapReAlloc
HeapFree
QueryPerformanceCounter
lstrlenW
Sleep
GetCurrentProcess
GetThreadLocale
HeapDestroy
WriteFile
GetLocaleInfoA
InterlockedCompareExchange
HeapAlloc
GetProcessHeap
GetSystemTime
GetEnvironmentVariableA
GetACP
LoadLibraryExW
MultiByteToWideChar
CreateProcessA
EnumResourceTypesW
TerminateProcess
CreateFileW
GetCurrentProcessId
LoadLibraryW
GetModuleHandleA
SystemTimeToFileTime
GetStdHandle
LZOpenFileA
GetTickCount
HeapFree
UnhandledExceptionFilter
lstrlenA
GetCurrentThreadId
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
HeapSize
IsDebuggerPresent
RaiseException
WideCharToMultiByte
InterlockedExchange
SetUnhandledExceptionFilter
LocalAlloc
lstrcpynW

msimg32

TransparentBlt

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18b6f7bdf3100acdea09e1f402e91aff

Headers

File Characteristics

Imports

wtsapi32

oleacc

kernel32

msimg32

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 2KB - Virtual size: 145KB

.data Size: 202KB - Virtual size: 202KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 2KB - Virtual size: 145KB

.data
Size: 202KB - Virtual size: 202KB

.rsrc
Size: 512B - Virtual size: 4KB