84dd80726e41f134f9c9404b78dcc157_JaffaCakes118

General

Target

84dd80726e41f134f9c9404b78dcc157_JaffaCakes118
Size

160KB
MD5

84dd80726e41f134f9c9404b78dcc157
SHA1

3214aeb276a622b17b40921d3b28a14e7dc17f36
SHA256

67071707f01f5e88ce439236c8cb80dbc61378ded8d5e857f87e820d17be5b34
SHA512

7448916d42bcd2c18037017ad62651280d401604ee9eadf4b594370de7c54c851705057aaf354f7e854488f6a17a4174897c510a463fd6a5cd95b8af9112905f
SSDEEP

3072:QMJB/WnkF7MLb2vlWpdMdkn2u+0yGs1a/Fi7sIgLrV6qPs:QnkF7bvkkfGc7gvAqP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84dd80726e41f134f9c9404b78dcc157_JaffaCakes118

Files

84dd80726e41f134f9c9404b78dcc157_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3d63d0e43cd09c6f89c3768d7966dcb3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSUnRegisterSessionNotification
WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW
WTSRegisterSessionNotification

kernel32

CreateProcessA
HeapFree
GetStdHandle
HeapFree
LoadLibraryExW
WriteFile
TerminateProcess
GetEnvironmentVariableA
lstrlenA
QueryPerformanceCounter
GetCurrentThreadId
WideCharToMultiByte
SetUnhandledExceptionFilter
GetTickCount
SystemTimeToFileTime
IsDebuggerPresent
Sleep
LoadLibraryW
RaiseException
CreateFileW
EnumResourceTypesW
LocalAlloc
GetSystemTimeAsFileTime
HeapReAlloc
HeapSize
GetStartupInfoA
GetSystemTime
LZOpenFileA
InterlockedCompareExchange
GetThreadLocale
CloseHandle
GetProcessHeap
HeapDestroy
lstrlenW
GetCurrentProcess
GetACP
GetLocaleInfoA
InterlockedExchange
GetCurrentProcessId
HeapAlloc
UnhandledExceptionFilter
GetModuleHandleA
MultiByteToWideChar
lstrcpynW

oleacc

LresultFromObject
AccessibleObjectFromEvent

msimg32

TransparentBlt

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d63d0e43cd09c6f89c3768d7966dcb3

Headers

File Characteristics

Imports

wtsapi32

kernel32

oleacc

msimg32

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 2KB - Virtual size: 409KB

.data Size: 117KB - Virtual size: 116KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 2KB - Virtual size: 409KB

.data
Size: 117KB - Virtual size: 116KB

.rsrc
Size: 512B - Virtual size: 4KB