e7497d5ebdaf566996b973fcbec7742c_JaffaCakes118 | Triage

Sharing

General

Target

e7497d5ebdaf566996b973fcbec7742c_JaffaCakes118
Size

277KB
MD5

e7497d5ebdaf566996b973fcbec7742c
SHA1

6ea6c4511662ae5173727479cbf7d89d8f47e36b
SHA256

ff3c7a048129c73515dfd9678f05562f6b91e403f195a761c733fd12d9d0335a
SHA512

b1ef69ef7c5ab8e8e81f916bdf1e48252800b8c978859e3e1ee37435c11ecd6062f3efb599057e0285f188bdb1023b6d70f14f8a8d085e5f4fa7ef6616745cfc
SSDEEP

6144:vyMCJbcR0pssejZ6IF2difvWjW8BJwR7U1v3Pm0G98XfvBgD1i5PdlZvH:uJQnsej32dUvxNR7UZfm0G98XSD1i5Pp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e7497d5ebdaf566996b973fcbec7742c_JaffaCakes118

Files

e7497d5ebdaf566996b973fcbec7742c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

16d94b400d737692e7814482c1e8d570

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlGetPartW
UrlCanonicalizeW
UrlCombineW
UrlApplySchemeW
PathCombineW
PathAppendW

oleacc

GetOleaccVersionInfo
AccessibleObjectFromEvent

msimg32

TransparentBlt

kernel32

GetCurrentProcess
HeapFree
InterlockedExchange
RtlUnwind
GetStringTypeW
SetUnhandledExceptionFilter
GetCPInfo
IsDebuggerPresent
WriteFile
LoadLibraryA
EnumResourceTypesW
VirtualAlloc
LZCopy
LCMapStringA
GetACP
GetOEMCP
LCMapStringW
GetStringTypeA
GetLocaleInfoA

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

Sections

.text
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ