0845fc6f8bffbf25af613df1b6af5c1c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0845fc6f8bffbf25af613df1b6af5c1c_JaffaCakes118
Size

65KB
MD5

0845fc6f8bffbf25af613df1b6af5c1c
SHA1

b7df80901ee7422b2c4538bd4fbf610d2a6fca4f
SHA256

d99339360b38f6fd181678111f8a1b1ce54ca1c027c3fcf3ddb6ea28148e0088
SHA512

a39ea568d9952602710468060a8accace667c2cd8a06ecb3d9607a7c61ac8ba6830a76fd729dcab933d6936524536be0cf12b29e4460b988e063d1049f457336
SSDEEP

1536:19dNhY/hMn9urJV0SfPYAKcJ64SpBOvQGOq0H:19djY/h2uVVNER4SpBOmdH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0845fc6f8bffbf25af613df1b6af5c1c_JaffaCakes118

Files

0845fc6f8bffbf25af613df1b6af5c1c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

12e8e5a06b97ff3a3cfaf07cf5a2a514

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetForegroundWindow
OpenWindowStationA
GetWindowThreadProcessId
GetWindowTextA
FindWindowExA
GetCursorPos
GetMessageA
CharLowerBuffA
OpenDesktopA
EndDialog

shlwapi

PathCombineW
PathRemoveFileSpecW
StrCmpNIA
wvnsprintfW
PathFindFileNameW
StrCmpNIW

advapi32

RegCreateKeyExA
RegEnumKeyExA
RegCloseKey
CryptCreateHash
CryptDestroyHash
RegDeleteValueA
RegSetValueExA

kernel32

GetModuleHandleA
UnmapViewOfFile
GetFileAttributesW
GetVersionExW
VirtualAlloc
VirtualProtect

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE