c220801523ba10649b36c8aefa68fa3b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c220801523ba10649b36c8aefa68fa3b_JaffaCakes118
Size

160KB
MD5

c220801523ba10649b36c8aefa68fa3b
SHA1

0c52c859fbe9dd5f9e120ae3f3af9837edc59820
SHA256

ff1c141b4cbe1fc0822c1b033277b2039c18035eaea7c5eb5da025e447ae961f
SHA512

2c465eb442e80d914b4f03a9aba50350fffcb0b21df32bb0afd095e70b1cd7f708ba39f2356f03e7a560ace39e264263012bf9d7b50964f31f2ab446d04cc308
SSDEEP

3072:x6IYJN6+3omfbZzJFxncbfqpDG+nohhCwJitVMHJfIhP0o:gIY249ZzJFxncbfqnozityih

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c220801523ba10649b36c8aefa68fa3b_JaffaCakes118

Files

c220801523ba10649b36c8aefa68fa3b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4f7afa2466d38051342f8d460ecd2afb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateSessionsW
WTSUnRegisterSessionNotification
WTSFreeMemory
WTSQuerySessionInformationW
WTSRegisterSessionNotification

kernel32

HeapAlloc
HeapFree
GetStartupInfoA
GetSystemTime
RaiseException
LoadLibraryExW
LocalAlloc
GetCurrentProcess
HeapDestroy
GetSystemTimeAsFileTime
lstrlenW
GetModuleHandleA
GetThreadLocale
CreateProcessA
GetLocaleInfoA
WriteFile
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
QueryPerformanceCounter
CreateFileW
UnhandledExceptionFilter
InterlockedCompareExchange
LoadLibraryW
EnumResourceTypesW
GetCurrentProcessId
GetTickCount
CompareFileTime
GetProcessHeap
CloseHandle
HeapReAlloc
Sleep
lstrlenA
HeapSize
SystemTimeToFileTime
IsDebuggerPresent
HeapFree
GetEnvironmentVariableA
GetACP
GetStdHandle
SetUnhandledExceptionFilter
InterlockedExchange
GetCurrentThreadId
lstrcpynW

oleacc

LresultFromObject
AccessibleObjectFromEvent

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ