d772089c64fd321e88dba042688c2c79_JaffaCakes118 | Triage

Sharing

General

Target

d772089c64fd321e88dba042688c2c79_JaffaCakes118
Size

263KB
MD5

d772089c64fd321e88dba042688c2c79
SHA1

f04d764228543960458ea202a98367f5ca2556d2
SHA256

8d3e9dceb061652f03b0b89c6d98ad4e61e2b2fc2036163776a8c24607be9bcc
SHA512

d101bb43b11364d1aaa118dc2e7bfe10d88f0411e4e27c498a8c3cbf9c349c3593349a58354c6c1f9775a187601d7581ce1525f3a307b11e350e665b5534464a
SSDEEP

6144:m12GcL7LVE72xZlDS0Bo4tgoPZPomcgHwbaA61PESw:m1g7L+sTDS0i4OchVnHG61PES

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d772089c64fd321e88dba042688c2c79_JaffaCakes118

Files

d772089c64fd321e88dba042688c2c79_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fd6c81751aa1b3c57a8756204d6f2ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateSessionsW
WTSUnRegisterSessionNotification
WTSFreeMemory
WTSQuerySessionInformationW
WTSRegisterSessionNotification

oleacc

LresultFromObject
AccessibleObjectFromPoint

kernel32

GetStdHandle
GetStartupInfoA
SetUnhandledExceptionFilter
CloseHandle
GetModuleHandleA
HeapFree
LocalAlloc
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetCurrentProcess
HeapFree
GetThreadLocale
QueryPerformanceCounter
HeapDestroy
GetTickCount
GetSystemTime
WriteFile
LoadLibraryW
HeapAlloc
EnumResourceTypesA
GetCurrentProcessId
MultiByteToWideChar
lstrlenW
GetProcessHeap
CreateFileW
GetLocaleInfoA
GetEnvironmentVariableA
LoadLibraryExW
WideCharToMultiByte
UnhandledExceptionFilter
GetCurrentThreadId
CompareFileTime
Sleep
CreateProcessA
lstrlenA
TerminateProcess
SystemTimeToFileTime
RaiseException
IsDebuggerPresent
GetACP
HeapSize
HeapReAlloc
InterlockedExchange
lstrcpynW

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ