73a6a11c2d266a38c47231cf08185cdf_JaffaCakes118 | Triage

Sharing

General

Target

73a6a11c2d266a38c47231cf08185cdf_JaffaCakes118
Size

276KB
MD5

73a6a11c2d266a38c47231cf08185cdf
SHA1

788d49570ac3369daa5ece2eda1be818f0273b10
SHA256

3ef340e711b406fba665954a9500b27a99f6940cc20a5ecf1404922c2f985a1b
SHA512

dccc86cd3e9d83785a31990c85d68df3df5e0d9f430ab8287317a674f53e72bb46d7c7130e544490904b037c172a180a3f8b4f0a71ee34f5011b9b3ecd3f930a
SSDEEP

6144:r3LzKycO8rWSfSgl5U+7KhSpuehkv8dnb9YTlCYHTR9:Xzdhg7fKYkcne119

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
73a6a11c2d266a38c47231cf08185cdf_JaffaCakes118

Files

73a6a11c2d266a38c47231cf08185cdf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5d03cb4ae64546606bf1cb70da9267ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlCombineW
PathCombineW
UrlCanonicalizeW
UrlApplySchemeW
UrlGetPartW
PathAppendW

oleacc

GetOleaccVersionInfo
AccessibleObjectFromEvent

msimg32

TransparentBlt

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSFreeMemory
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

kernel32

LoadLibraryA
HeapFree
GetACP
LCMapStringA
GetCurrentProcess
WriteFile
GetCPInfo
GetStringTypeA
GetStringTypeW
LCMapStringW
EnumResourceTypesW
LZCopy
InterlockedExchange
VirtualAlloc
IsDebuggerPresent
RtlUnwind
GetOEMCP
SetUnhandledExceptionFilter
GetLocaleInfoA

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ