8290670d207dfbc07c5b0c8bcb0ead2f_JaffaCakes118 | Triage

Sharing

General

Target

8290670d207dfbc07c5b0c8bcb0ead2f_JaffaCakes118
Size

176KB
MD5

8290670d207dfbc07c5b0c8bcb0ead2f
SHA1

6e850a739f941c3f593ed0af72d2237104485796
SHA256

d58e45b6dba849b407bd1b0bf9924e93a1e402e2bc6e7f6444afe34a2f76d885
SHA512

da75563f12576fe310e60fca85c8310aeff3a8e6d4fe77f21eb2de063d9b2cb3869143d8a5651f11a7214933fdbcbe8004c2121d1a3729db8175c2fd2f3c1071
SSDEEP

3072:uvBWrsRoJEmLLDesgo/WW4XoIQzFEtLOK1+bAW3t3wJHZ4R5bJ:upWAYNDf/p4XopEhL+bTCJHQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8290670d207dfbc07c5b0c8bcb0ead2f_JaffaCakes118

Files

8290670d207dfbc07c5b0c8bcb0ead2f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eecfd0cf353a2bc2e37e0f27d8c64b25

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSUnRegisterSessionNotification
WTSEnumerateSessionsW
WTSRegisterSessionNotification

kernel32

lstrlenA
CreateFileW
HeapDestroy
HeapFree
WideCharToMultiByte
LoadLibraryExW
GetStdHandle
lstrlenW
GetProcessHeap
GetStartupInfoA
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetModuleHandleA
GetCurrentProcessId
Sleep
UnhandledExceptionFilter
HeapReAlloc
GetCurrentThreadId
HeapAlloc
SystemTimeToFileTime
LoadLibraryW
RaiseException
InterlockedExchange
TerminateProcess
EnumResourceTypesA
HeapSize
CloseHandle
GetThreadLocale
GetTickCount
LocalAlloc
MultiByteToWideChar
CreateProcessA
GetSystemTime
CompareFileTime
HeapFree
GetLocaleInfoA
GetEnvironmentVariableA
GetACP
GetCurrentProcess
IsDebuggerPresent
QueryPerformanceCounter
WriteFile
InterlockedCompareExchange
lstrcpynW

oleacc

LresultFromObject
AccessibleObjectFromPoint

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ