JaffaCakes118_6ee89bf51d49c0f521aac20517ce6821 | Triage

Sharing

General

Target

JaffaCakes118_6ee89bf51d49c0f521aac20517ce6821
Size

160KB
MD5

6ee89bf51d49c0f521aac20517ce6821
SHA1

c26cca3f537478437b824278c95e1174aadb8e8e
SHA256

58402f0af858873033f1edfcfc1e7ad727ef9b6f8ad3e8903508c410be5a77ba
SHA512

1a557b70b1ed99527e696cb7967ef999c0d0366d00793c91e92f76e0a91f42ff702820c72da39327160af72ff642dbd59981848ee05b69e9d9ff21479660733d
SSDEEP

3072:2bzOJ9VacUKG42tEplNc4rLqpssNX5SkG/zrfTG9WqvUEJmUwMKM2:2saR4EAnc4rLq6c5ZG/3fovvJmUYM2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6ee89bf51d49c0f521aac20517ce6821

Files

JaffaCakes118_6ee89bf51d49c0f521aac20517ce6821
.exe windows:4 windows x86 arch:x86

1b5e1da1c08071d699c7e55a758c0810

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSFreeMemory

oleacc

LresultFromObject
AccessibleObjectFromPoint

kernel32

GetThreadLocale
CreateProcessA
GetTickCount
HeapFree
GetModuleHandleA
RaiseException
MultiByteToWideChar
InterlockedExchange
QueryPerformanceCounter
CreateFileW
HeapDestroy
WideCharToMultiByte
GetProcessHeap
WriteFile
GetCurrentProcessId
GetEnvironmentVariableA
GetStartupInfoA
HeapReAlloc
EnumResourceTypesA
GetLocaleInfoA
GetACP
GetCurrentThreadId
Sleep
LoadLibraryW
HeapAlloc
TerminateProcess
CompareFileTime
IsDebuggerPresent
lstrlenW
GetStdHandle
SetUnhandledExceptionFilter
LoadLibraryExW
SystemTimeToFileTime
LocalAlloc
CloseHandle
HeapFree
HeapSize
GetSystemTime
GetSystemTimeAsFileTime
GetCurrentProcess
lstrlenA
InterlockedCompareExchange
UnhandledExceptionFilter
lstrcpynW

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ