JaffaCakes118_6e5cf8963444efe366f705609c2952b9 | Triage

Sharing

General

Target

JaffaCakes118_6e5cf8963444efe366f705609c2952b9
Size

174KB
MD5

6e5cf8963444efe366f705609c2952b9
SHA1

52600f4cf68c7d94a023786277fa299e01e48a9e
SHA256

67bb091e1283a4cd1b0f081545c613f022c0bcc131d7abc7e77a9fa8941e3469
SHA512

c965cb93fdc207fee5de03214bac403af9f9eb3a1771864c43fdaf9df1bdc1851ba79a884c7faf80bf11e9b3690399ca69973432c30736a86382add73191c9b6
SSDEEP

3072:FpXkBisIqa2hkrLR9R6dMlL2s2IS0ZrwGLQQjifZGqcM9YJaRydAGAFfkxvfl8Fa:Fp0v6B9R62EDISSrpLQEM9XRy2Gw8vt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6e5cf8963444efe366f705609c2952b9

Files

JaffaCakes118_6e5cf8963444efe366f705609c2952b9
.exe windows:4 windows x86 arch:x86

40c6e004f1f301df72f6f42d9a8b6bf2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSUnRegisterSessionNotification
WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSFreeMemory
WTSRegisterSessionNotification

oleacc

LresultFromObject
AccessibleObjectFromEvent

kernel32

CreateFileW
UnhandledExceptionFilter
GetThreadLocale
GetStartupInfoA
LoadLibraryW
CreateProcessA
GetSystemTime
HeapFree
GetEnvironmentVariableA
GetACP
lstrlenA
GetLocaleInfoA
HeapDestroy
RaiseException
QueryPerformanceCounter
SetUnhandledExceptionFilter
InterlockedCompareExchange
GetModuleHandleA
Sleep
SystemTimeToFileTime
lstrlenW
GetStdHandle
EnumResourceTypesW
LocalAlloc
GetTickCount
WriteFile
GetProcessHeap
HeapAlloc
CompareFileTime
GetCurrentThreadId
MultiByteToWideChar
HeapReAlloc
LoadLibraryExW
HeapSize
GetCurrentProcess
InterlockedExchange
HeapFree
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentProcessId
CloseHandle
WideCharToMultiByte
TerminateProcess
lstrcpynW

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ