JaffaCakes118_42d3da1b2bc6c14e8a7c5c48be941bd5 | Triage

Sharing

General

Target

JaffaCakes118_42d3da1b2bc6c14e8a7c5c48be941bd5
Size

160KB
MD5

42d3da1b2bc6c14e8a7c5c48be941bd5
SHA1

0a53d6b09099acb7b68b16f1e74b2f90f5b17038
SHA256

fce33b5019bb0866ac8ed04dbf70cb062f1209ce2eddd51fdc307f5c46e869f2
SHA512

fd145be876cf9373cc387bc52b1c1aaf87c5457b6d0fd913a63d67dd1ccab572cafd9f957fdfe30c7ba0f433891223475f739d7d9925fbb951f19bb60fcacd97
SSDEEP

3072:Ht4kwN08xnd9TN5m0wJUOWTCGaL6+U9N5SHnydqVcMDZ3t:Ht1w/d9Z51TOzv+l5inyN+9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_42d3da1b2bc6c14e8a7c5c48be941bd5

Files

JaffaCakes118_42d3da1b2bc6c14e8a7c5c48be941bd5
.exe windows:4 windows x86 arch:x86

61e0db8c64696024f82d76412e6d3541

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSUnRegisterSessionNotification
WTSFreeMemory
WTSRegisterSessionNotification

kernel32

LoadLibraryExW
HeapDestroy
MultiByteToWideChar
WriteFile
TerminateProcess
GetSystemTime
HeapFree
IsDebuggerPresent
GetStdHandle
HeapFree
CreateFileW
GetEnvironmentVariableA
Sleep
HeapReAlloc
InterlockedCompareExchange
WideCharToMultiByte
RaiseException
GetProcessHeap
EnumResourceTypesW
GetCurrentProcessId
lstrlenW
HeapAlloc
lstrlenA
GetCurrentThreadId
HeapSize
GetLocaleInfoA
GetCurrentProcess
CompareFileTime
SetUnhandledExceptionFilter
CreateProcessA
CloseHandle
GetTickCount
GetACP
LoadLibraryW
GetModuleHandleA
GetStartupInfoA
SystemTimeToFileTime
GetThreadLocale
LocalAlloc
QueryPerformanceCounter
GetSystemTimeAsFileTime
InterlockedExchange
UnhandledExceptionFilter
lstrcpynW

oleacc

LresultFromObject
AccessibleObjectFromEvent

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ