1792473a9183f31e537209eb364f801d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1792473a9183f31e537209eb364f801d_JaffaCakes118
Size

277KB
MD5

1792473a9183f31e537209eb364f801d
SHA1

1a1fc126f5c1dec0c68e8daa0bc4c64cf2f78659
SHA256

7601cc506043034b4fced519aef0019efcb933c0515d3cd70a72a2e6c1d26e4b
SHA512

2772ae0da4a70feab625c6fd5a32a0a60bffe11ceb06353f3df7a91462963ab814fbbb94c3c548143c698cceadb57d9f0e62421cdba104e8909f84707eb521ff
SSDEEP

6144:jk1v7QYNY8jnOEcRQNdV0N8q9rO7ngZR7ZWG/UICxKuUgV:WN3nOEcRQNu8q9CbG/UDKnw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1792473a9183f31e537209eb364f801d_JaffaCakes118

Files

1792473a9183f31e537209eb364f801d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9ffd7c1ba494ff27e7f7b7e54516a0f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlGetPartW
UrlApplySchemeW
UrlCombineW
UrlCanonicalizeW
PathCombineW
PathAppendW

kernel32

GetStringTypeW
HeapFree
WriteFile
GetCurrentProcess
GetOEMCP
GetStringTypeA
LoadLibraryA
LCMapStringA
EnumResourceTypesW
GetCPInfo
IsDebuggerPresent
LZCopy
GetACP
RtlUnwind
InterlockedExchange
LCMapStringW
SetUnhandledExceptionFilter
VirtualAlloc
GetLocaleInfoA

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSUnRegisterSessionNotification
WTSQuerySessionInformationW
WTSRegisterSessionNotification

oleacc

GetOleaccVersionInfo
AccessibleObjectFromEvent

msimg32

TransparentBlt

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ