ae082d54a489003d610cf5e33c2b3942_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ae082d54a489003d610cf5e33c2b3942_JaffaCakes118
Size

274KB
MD5

ae082d54a489003d610cf5e33c2b3942
SHA1

6f7d4f34d9cc251e3cd002040332231a22cfa00f
SHA256

22a9ca75329814ab9de58a3b84952727c2728f52c7b929275fb99cba0ff98e14
SHA512

836a7443d025cf651442039948ffe08b6499de75a897cd3843b5453167c791595ad68b9900e85af7de2033652114a2e34f01c26f9dd2eb679f1100cf6d7cdcde
SSDEEP

6144:hjRbqtYt8Ri6cWIJ9F+i7jYJRG4mGtUuhOt:3q2t8sWIJ90Aj8Q4FW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae082d54a489003d610cf5e33c2b3942_JaffaCakes118

Files

ae082d54a489003d610cf5e33c2b3942_JaffaCakes118
.exe windows:4 windows x86 arch:x86

041637919d18fbe19a8bb7be4448e9bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlCanonicalizeW
UrlCombineW
UrlGetPartW
PathCombineW
UrlApplySchemeW
PathAppendW

oleacc

LresultFromObject
AccessibleObjectFromEvent

msimg32

TransparentBlt

kernel32

LoadLibraryA
HeapFree
GetOEMCP
LCMapStringA
RtlUnwind
IsDebuggerPresent
GetStringTypeW
GetCPInfo
GetStringTypeA
EnumResourceTypesW
GetACP
GetCurrentProcess
SetUnhandledExceptionFilter
ResetWriteWatch
LCMapStringW
VirtualAlloc
WriteFile
InterlockedExchange
GetLocaleInfoA

wtsapi32

WTSEnumerateSessionsW
WTSUnRegisterSessionNotification
WTSFreeMemory
WTSQuerySessionInformationW
WTSRegisterSessionNotification

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ