eb1b9e12e0b64a9f3daf2945199f3c86_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eb1b9e12e0b64a9f3daf2945199f3c86_JaffaCakes118
Size

108KB
MD5

eb1b9e12e0b64a9f3daf2945199f3c86
SHA1

bea548440a1789666ae84a28bcf1cf3e146b3ad0
SHA256

002663f86cc6d4e4b432fe586f9385c0daf423d3b99f407bd8d03f84357a5290
SHA512

948c6d67b643bba030c5cf448757236efdf49ec5f61b1194c545f9e153bf6d8224df3299681c7ff4afca9c05fb769cf7fb32070428de7e46bbd09b4f704eb7e5
SSDEEP

1536:G2NQfJnIhig4SD3Hmfi2w7sS2nrPQECbD/ZIWtLa+5DVyuAffvDgm:GxhbU3HcHwoSGPzC3ZI2LaY0nfXDgm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb1b9e12e0b64a9f3daf2945199f3c86_JaffaCakes118

Files

eb1b9e12e0b64a9f3daf2945199f3c86_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0fbe76faa45be199723bc67b5171a6a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
DeleteFileA
CloseHandle
GetLastError
CreateFileA
ExitProcess
MultiByteToWideChar
WTSGetActiveConsoleSessionId
GetModuleHandleA
GetStartupInfoA

advapi32

CreateProcessAsUserW

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSQuerySessionInformationA

userenv

UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileA
DestroyEnvironmentBlock

msvcrt

__getmainargs
_controlfp
_except_handler3
__set_app_type
__p__fmode
calloc
_exit
_XcptFilter
exit
_acmdln
memset
_initterm
__setusermatherr
_adjust_fdiv
__p__commode

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ