bae04e9739da90e06b82ce6660e76fb7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bae04e9739da90e06b82ce6660e76fb7_JaffaCakes118
Size

174KB
MD5

bae04e9739da90e06b82ce6660e76fb7
SHA1

0b29b46e5054b278690ceebc37e92c0c1e30da5e
SHA256

b5a67ed3df57317c11f12d04f93437955541b330f94d03f85318fd7acca6e40e
SHA512

6fac0fd6db8992f189f5ec2787992d5b25185d75a6ecd9d3589f35cb34c8ffa91921f982335a5715b2657f9cc729ef0e5f09baa27358b825592343e04b526231
SSDEEP

3072:yCAscj6ftSJ5IF7Cz9yB6F/Fm4W5p0sOuRbHk1o5J9bZ/gBO2WCWAIvDl:y/pJ4Cz8Yu5p00lHG49bF2WCWA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bae04e9739da90e06b82ce6660e76fb7_JaffaCakes118

Files

bae04e9739da90e06b82ce6660e76fb7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

00c4d4724293ae9e4efc469b6e5b1fc5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSFreeMemory

kernel32

InterlockedCompareExchange
GetCurrentProcessId
HeapFree
RaiseException
HeapReAlloc
LoadLibraryExW
QueryPerformanceCounter
HeapSize
WriteFile
SystemTimeToFileTime
HeapAlloc
GetModuleHandleA
WideCharToMultiByte
LoadLibraryW
CreateFileW
LocalAlloc
HeapFree
GetCurrentProcess
EnumResourceTypesA
GetStartupInfoA
GetACP
GetLocaleInfoA
lstrlenW
GetProcessHeap
Sleep
IsDebuggerPresent
MultiByteToWideChar
InterlockedExchange
GetThreadLocale
lstrlenA
CompareFileTime
TerminateProcess
GetSystemTimeAsFileTime
CloseHandle
GetStdHandle
UnhandledExceptionFilter
GetEnvironmentVariableA
HeapDestroy
GetSystemTime
GetCurrentThreadId
CreateProcessA
SetUnhandledExceptionFilter
GetTickCount
lstrcpynW

oleacc

LresultFromObject
AccessibleObjectFromPoint

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ