JaffaCakes118_368218137de5e445f29b93d67b9ab9d8 | Triage

Sharing

General

Target

JaffaCakes118_368218137de5e445f29b93d67b9ab9d8
Size

275KB
MD5

368218137de5e445f29b93d67b9ab9d8
SHA1

05af6ed8562831f055738bdb271517dec0ab5a64
SHA256

0732dad0befb8c2e0b7a43ddbbbef998e43d68a6d30888515446ec020bbf30d7
SHA512

a911fc9d465ddf9e3b056eac4c02d7c196ed0cece3365268deab0f37110d91a745371134df1d8eaedb50c0182d82952b3858c48d66868614770863960a8f2cf5
SSDEEP

6144:pYrCtem7bPw041CWmrNaPd7ShlfUrJvI35M2f0rla:sm/4PmrfwAM2Ea

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_368218137de5e445f29b93d67b9ab9d8

Files

JaffaCakes118_368218137de5e445f29b93d67b9ab9d8
.exe windows:4 windows x86 arch:x86

e70a5f816d6a796519b2cc2fbd5fba00

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlGetPartW
UrlCanonicalizeW
PathCombineW
UrlApplySchemeW
UrlCombineW
PathAppendW

msimg32

TransparentBlt

kernel32

HeapFree
GetACP
VirtualAlloc
WriteFile
GetOEMCP
GetCurrentProcess
GetCPInfo
SetUnhandledExceptionFilter
EnumResourceTypesW
GetStringTypeA
RtlUnwind
IsDebuggerPresent
InterlockedExchange
ResetWriteWatch
LCMapStringW
GetStringTypeW
LoadLibraryA
LCMapStringA
GetLocaleInfoA

wtsapi32

WTSUnRegisterSessionNotification
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory
WTSRegisterSessionNotification

oleacc

LresultFromObject
AccessibleObjectFromEvent

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ