08c775d16393c3e5db869c727618005e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

08c775d16393c3e5db869c727618005e_JaffaCakes118
Size

40KB
MD5

08c775d16393c3e5db869c727618005e
SHA1

7c9267cd7de15752b509d9b9b67c021068d27218
SHA256

b807d1cc0c31942667e8c749749bacd93769c226a2a08713d9a1c5116748dc2d
SHA512

b34b97c9eaa406a02a4f5910de1e2572283487ef809830ad7ca51241502ac0241d9f446a9abd82520a8be6f14123e8a9ac46e288b5ff3a413d3fec10c8e29915
SSDEEP

768:7ZaZr7Mg7GHJ4QO9g39Mbe/EEIS09bxdrq50EVClTJa8oM62GI5y4avcGm1FWIU0:7ol7veCQO9Mp/EEKbxdPEV1Zt2GR4aU/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08c775d16393c3e5db869c727618005e_JaffaCakes118

Files

08c775d16393c3e5db869c727618005e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ec988221db792f22145899afbdfe7fb1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetConsoleTitleA
GetQueuedCompletionStatus
GetStdHandle
GetThreadLocale
LoadModule
Module32First
SetCommMask
SetEnvironmentVariableA
TlsSetValue
WaitForSingleObject

advapi32

AddAuditAccessAce
AreAnyAccessesGranted
BackupEventLogW
CreateServiceA
CryptDestroyKey
GetNamedSecurityInfoExW
GetSidLengthRequired
GetTokenInformation
GetUserNameA
IsValidAcl
LockServiceDatabase
RegQueryValueA

shell32

FindExecutableA
RealShellExecuteExW
SHBrowseForFolderW
SHLoadInProc
SHQueryRecycleBinA
SheFullPathA
SheGetPathOffsetW
ShellExecuteExA

gdi32

CreateFontA
CreateFontW
DeleteColorSpace
GdiFlush
GetBitmapDimensionEx
GetPaletteEntries
GetRegionData
GetTextMetricsW
GetViewportExtEx
ScaleWindowExtEx
SetBrushOrgEx
SetICMProfileW

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE