af7e90fdf44a08301cf60b13c1e66a8e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

af7e90fdf44a08301cf60b13c1e66a8e_JaffaCakes118
Size

287KB
MD5

af7e90fdf44a08301cf60b13c1e66a8e
SHA1

8745502f5c33df834f75224c666e0876fbe296b0
SHA256

15b40205dd32e168508de6705acfabb0c367a9a605bef27b0de378a7ab4e4a31
SHA512

58424f9a33365e6fe1df28847242e9ed16c2c761834a4846117b95ea40e3dadf3ca5cef0c7ba21eedd6b9d72a3eb6f6aa2a37197fc49ccf608af0aaaab068bb8
SSDEEP

6144:gXvJo8jqDI9J8/5UoDaoWTX4XgGefVg2eGsmDXMrCkBLXyHNF6QaXAiwpHc:gX7uDIr8xDeSyVgBIDi/BuH7UXSHc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af7e90fdf44a08301cf60b13c1e66a8e_JaffaCakes118

Files

af7e90fdf44a08301cf60b13c1e66a8e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a08bd3429d69ac5119931522e648a43e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
VirtualAlloc
VirtualFree
OpenEventA
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
HeapDestroy
GetVersionExA
FreeLibrary
LoadLibraryW
GetProcAddress
GetCurrentThreadId
GetLastError
LocalFree
GetVersionExW
HeapFree
HeapReAlloc
HeapAlloc
FindResourceExW
FindResourceW

oleaut32

OleSavePictureFile
OleCreatePropertyFrame
SafeArrayGetRecordInfo
SysReAllocStringLen
OleLoadPictureFileEx
CreateTypeLib
OleLoadPictureFile

wtsapi32

WTSRegisterSessionNotification

Sections

.text
Size: 189KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 282B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ