ec18dac4fb5c97558ccc3ee735bf1f44_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ec18dac4fb5c97558ccc3ee735bf1f44_JaffaCakes118
Size

160KB
MD5

ec18dac4fb5c97558ccc3ee735bf1f44
SHA1

6efc04235a5d99d0e40cb88a0c0b0698b3f3c89c
SHA256

8d411b56143cce309a54b84780d70172f5b26083ca5696f6cbd2efbb9d54dfe6
SHA512

09f381d6a98d3ca6411362501e614849342ed00c4a291bcd707aa5ca03dad376151efc953de89ea20b7adad721cb9f566140b41ae68cf9aad2cad352c3336668
SSDEEP

3072:Ht4kwN0bxnd9TN5m0wJUOWTCGaL6+U9N5SHnydqVcMDZ3t:Ht1wqd9Z51TOzv+l5inyN+9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec18dac4fb5c97558ccc3ee735bf1f44_JaffaCakes118

Files

ec18dac4fb5c97558ccc3ee735bf1f44_JaffaCakes118
.exe windows:4 windows x86 arch:x86

61e0db8c64696024f82d76412e6d3541

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSUnRegisterSessionNotification
WTSFreeMemory
WTSRegisterSessionNotification

kernel32

LoadLibraryExW
HeapDestroy
MultiByteToWideChar
WriteFile
TerminateProcess
GetSystemTime
HeapFree
IsDebuggerPresent
GetStdHandle
HeapFree
CreateFileW
GetEnvironmentVariableA
Sleep
HeapReAlloc
InterlockedCompareExchange
WideCharToMultiByte
RaiseException
GetProcessHeap
EnumResourceTypesW
GetCurrentProcessId
lstrlenW
HeapAlloc
lstrlenA
GetCurrentThreadId
HeapSize
GetLocaleInfoA
GetCurrentProcess
CompareFileTime
SetUnhandledExceptionFilter
CreateProcessA
CloseHandle
GetTickCount
GetACP
LoadLibraryW
GetModuleHandleA
GetStartupInfoA
SystemTimeToFileTime
GetThreadLocale
LocalAlloc
QueryPerformanceCounter
GetSystemTimeAsFileTime
InterlockedExchange
UnhandledExceptionFilter
lstrcpynW

oleacc

LresultFromObject
AccessibleObjectFromEvent

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ