JaffaCakes118_04f267894521a8d39bbde35d76731ffa | Triage

Sharing

General

Target

JaffaCakes118_04f267894521a8d39bbde35d76731ffa
Size

263KB
MD5

04f267894521a8d39bbde35d76731ffa
SHA1

88f91ef42b098fe1c7464af64240cabf5c7ce242
SHA256

56b7ac433c616dabcc4f7095bab3135658a07aadc8d9a78d753c110f68018495
SHA512

d956692d9d6f8438e1679fc9b6184d7df6289d6e95bb443a2f918afe9ab60bd1bf015facc14b2a04b7cc784d1ed15203067649e72240561665d82a570c5ca4e2
SSDEEP

6144:p434ACPSt9dUY54TuVhA74nKJt0RbKPaLvjlgAlLUzrlr0GU+y2:pGtNLmYvh+l4bKSLvjlBZUz56+y2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_04f267894521a8d39bbde35d76731ffa

Files

JaffaCakes118_04f267894521a8d39bbde35d76731ffa
.exe windows:4 windows x86 arch:x86

aa5bacb273363b3da53801769b7e0cb4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSUnRegisterSessionNotification
WTSEnumerateSessionsW
WTSRegisterSessionNotification

kernel32

GetTickCount
HeapFree
HeapReAlloc
TerminateProcess
SetUnhandledExceptionFilter
GetCurrentProcessId
HeapFree
SystemTimeToFileTime
GetProcessHeap
CreateProcessA
Sleep
QueryPerformanceCounter
InterlockedExchange
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetLocaleInfoA
GetModuleHandleA
GetCurrentThreadId
LoadLibraryExW
InterlockedCompareExchange
GetStdHandle
LocalAlloc
HeapDestroy
GetACP
MultiByteToWideChar
EnumResourceTypesW
CreateFileW
LoadLibraryW
lstrlenA
GetThreadLocale
IsDebuggerPresent
GetSystemTime
GetEnvironmentVariableA
CompareFileTime
GetCurrentProcess
HeapAlloc
WriteFile
RaiseException
CloseHandle
HeapSize
WideCharToMultiByte
GetStartupInfoA
lstrlenW
lstrcpynW

oleacc

LresultFromObject
AccessibleObjectFromEvent

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ