b12fa541cf3dae0821fb12e4041a1b25_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b12fa541cf3dae0821fb12e4041a1b25_JaffaCakes118
Size

263KB
MD5

b12fa541cf3dae0821fb12e4041a1b25
SHA1

0577450441339f51ac278daa415780ba15f7305e
SHA256

7d177de80631371ef37e523148f279ceec5c6a48798ccfcda6f084178468ece0
SHA512

a8dadaa3e48a6b35b45905bda840219080f79ef270cd8510d1822a9ba28b5327dd347507bc0374f9087299d20a9bc8f6e5948e405b363bc67f2bf53141dc8091
SSDEEP

6144:XoX16rMdQOYCcJFspTVi+WhszIcHwMqMy532dF8iJK05hl5nU:YX1Cy3cPs9VijhszIGwMq3yFPnZn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b12fa541cf3dae0821fb12e4041a1b25_JaffaCakes118

Files

b12fa541cf3dae0821fb12e4041a1b25_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c2fb5501e75faa11d8109770c8c62d7f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSUnRegisterSessionNotification
WTSEnumerateSessionsW
WTSRegisterSessionNotification

kernel32

Sleep
GetTickCount
HeapFree
HeapReAlloc
HeapDestroy
WriteFile
GetStdHandle
GetCurrentThreadId
GetThreadLocale
LoadLibraryW
RaiseException
GetACP
lstrlenW
GetEnvironmentVariableA
QueryPerformanceCounter
GetSystemTime
InterlockedExchange
LoadLibraryExW
IsDebuggerPresent
WideCharToMultiByte
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentProcess
SystemTimeToFileTime
EnumResourceTypesA
LocalAlloc
CompareFileTime
GetStartupInfoA
CloseHandle
HeapAlloc
InterlockedCompareExchange
CreateFileW
HeapSize
UnhandledExceptionFilter
HeapFree
lstrlenA
MultiByteToWideChar
GetProcessHeap
SetUnhandledExceptionFilter
GetLocaleInfoA
CreateProcessA
TerminateProcess
lstrcpynW

oleacc

LresultFromObject
AccessibleObjectFromPoint

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ