fa0fda2cfd15321efa2cce4293de66ea_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa0fda2cfd15321efa2cce4293de66ea_JaffaCakes118
Size

263KB
MD5

fa0fda2cfd15321efa2cce4293de66ea
SHA1

c95f2fb5eea079c834f1ba2c1a559c72bdf5a94c
SHA256

a03e6a9022405a10e2745b79019c0266ff578f0a90962e4edee3807519bc10c4
SHA512

519fec78356c8059f4066422dc113c9d429b99231a1fb36ef7bb72bc4839cc4ea9fb2462cd6e56e164f09674a034e208fdec93642aaf4572c86ddaeafd159a68
SSDEEP

6144:laFQhmJkIeOL6oo9OUJhkwWmD60npC40kEKn:laqhwLZowUbkwWmD74j1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa0fda2cfd15321efa2cce4293de66ea_JaffaCakes118

Files

fa0fda2cfd15321efa2cce4293de66ea_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c6527d7588c0861f7f4eba02c9ad55b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateSessionsW
WTSUnRegisterSessionNotification
WTSFreeMemory
WTSQuerySessionInformationW
WTSRegisterSessionNotification

kernel32

HeapReAlloc
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetLocaleInfoA
TerminateProcess
HeapFree
HeapFree
GetCurrentProcess
CreateProcessA
GetModuleHandleA
GetStartupInfoA
GetProcessHeap
IsDebuggerPresent
WideCharToMultiByte
InterlockedExchange
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
CloseHandle
HeapAlloc
HeapDestroy
GetACP
HeapSize
Sleep
lstrlenW
EnumResourceTypesW
GetCurrentProcessId
CompareFileTime
GetThreadLocale
lstrlenA
WriteFile
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
GetTickCount
GetEnvironmentVariableA
GetCurrentThreadId
LocalAlloc
GetStdHandle
CreateFileW
InterlockedCompareExchange
GetSystemTime
LoadLibraryExW
lstrcpynW

oleacc

LresultFromObject
AccessibleObjectFromEvent

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ