e825fb14e0adbf63d46d996e09cc514c_JaffaCakes118 | Triage

Sharing

General

Target

e825fb14e0adbf63d46d996e09cc514c_JaffaCakes118
Size

263KB
MD5

e825fb14e0adbf63d46d996e09cc514c
SHA1

5e9a73b97a1f03942b3d2914e7a5a26f6c543546
SHA256

aeeb5a595d666baf0cfc5f8b3dcf012e987c0bdbcad1ca4e5aa48f919c461f2d
SHA512

f7646987d1f593bc8ceb86da806603d9033a1c9448ad7d596eb8f2ee65545f1ba6c723c91c378cec9410b263ec4b84a8a29e8a5c3a454dc2f50fd6e71f52ab1a
SSDEEP

6144:f4SqA668fRuBXRJmGWtpQ2GCsTG07/3HZWX/8ZHPJUsPB:f4ST66DX2GmQjbG07/ZWv8ZHPJR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e825fb14e0adbf63d46d996e09cc514c_JaffaCakes118

Files

e825fb14e0adbf63d46d996e09cc514c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fdb2f9c94a84b725102e7bf09f296718

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSUnRegisterSessionNotification
WTSQuerySessionInformationW
WTSFreeMemory
WTSEnumerateSessionsW
WTSRegisterSessionNotification

kernel32

QueryPerformanceCounter
SystemTimeToFileTime
HeapFree
GetSystemTimeAsFileTime
WideCharToMultiByte
GetCurrentProcessId
LoadLibraryExW
GetModuleHandleA
HeapReAlloc
InterlockedCompareExchange
GetACP
GetCurrentThreadId
CreateProcessA
HeapDestroy
IsDebuggerPresent
GetTickCount
TerminateProcess
GetSystemTime
EnumResourceTypesA
WriteFile
LocalAlloc
Sleep
HeapSize
lstrlenA
CreateFileW
lstrlenW
CompareFileTime
GetStdHandle
GetStartupInfoA
InterlockedExchange
GetLocaleInfoA
GetThreadLocale
HeapFree
GetEnvironmentVariableA
HeapAlloc
LoadLibraryW
GetProcessHeap
GetCurrentProcess
MultiByteToWideChar
SetUnhandledExceptionFilter
RaiseException
CloseHandle
UnhandledExceptionFilter
lstrcpynW

oleacc

LresultFromObject
AccessibleObjectFromPoint

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ