f28e4afeca447621090e109cfd9d8b15_JaffaCakes118 | Triage

Sharing

General

Target

f28e4afeca447621090e109cfd9d8b15_JaffaCakes118
Size

278KB
MD5

f28e4afeca447621090e109cfd9d8b15
SHA1

6afd229c821e9e96e8df04eea769d7f955d04ccc
SHA256

f549929323b9c59ec622156869edb3b0b2c09d398551a4c910f7a6e7afff7e90
SHA512

e41eb697833ce0e20b5e1f72ab9218705d048800519d4a37c93559ed15fbf44d318bedde393a49e7f592303d5c43b84dfd833dac08796da42d781f15ba662693
SSDEEP

6144:6HLAsNioYVF5nt1ZuY0UryRxFLcHE7Kb8uOI9NP1CF1EKNox5FIxLZwc:yBinTt1Zp1oLc0or9NP1CzW50Zw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f28e4afeca447621090e109cfd9d8b15_JaffaCakes118

Files

f28e4afeca447621090e109cfd9d8b15_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0552579d7a2ffbff7cee6e96206f299f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlGetPartW
UrlApplySchemeW
PathCombineW
UrlCanonicalizeW
UrlCombineW
PathAppendW

kernel32

RtlUnwind
IsDebuggerPresent
HeapFree
LoadLibraryA
GetCurrentProcess
VirtualAlloc
GetStringTypeW
InterlockedExchange
LCMapStringW
GetOEMCP
EnumResourceTypesW
SetUnhandledExceptionFilter
GetACP
LZCopy
LCMapStringA
WriteFile
GetStringTypeA
GetCPInfo
GetLocaleInfoA

wtsapi32

WTSQuerySessionInformationW
WTSUnRegisterSessionNotification
WTSEnumerateSessionsW
WTSFreeMemory
WTSRegisterSessionNotification

oleacc

GetOleaccVersionInfo
AccessibleObjectFromEvent

msimg32

TransparentBlt

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ