08c8692cdc6b983b2e173c80567585e2_JaffaCakes118 | Triage

Sharing

General

Target

08c8692cdc6b983b2e173c80567585e2_JaffaCakes118
Size

177KB
MD5

08c8692cdc6b983b2e173c80567585e2
SHA1

8c81ec4a3895440f79ddb1e076f22c8361944944
SHA256

f03500abcd68771c376bd47e8939b9fa53b0fe1195786fcfad36c6d5fad57ec6
SHA512

497a158df265d6d9c9e0adaafe57b3b108bab9d016c5284476c593f4f5461d375624fd412e317f202a7473fb7a818d1ac7185bf0cf3ae492805b5326856ebe03
SSDEEP

3072:c215dgfPPJjaQ7JZVBGldlIzc6SBCuW7JiZuuP1AfSc5C2kHX:wnBys/i1AiZuuP1AKcQ2kHX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08c8692cdc6b983b2e173c80567585e2_JaffaCakes118

Files

08c8692cdc6b983b2e173c80567585e2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ab2eba6327ee17e76b8d1a5029c61597

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
GetOEMCP
HeapFree
GetSystemInfo
GetFileType
VirtualProtect
SetHandleCount
TlsFree
EnumSystemLanguageGroupsW
VirtualAlloc
TlsSetValue
GetWriteWatch
HeapSize
VirtualQuery
GetCPInfo
GetStdHandle
TlsGetValue
GetStartupInfoA

winmm

mciSendCommandA
sndPlaySoundA

ole32

ProgIDFromCLSID
CoTaskMemFree
StringFromCLSID

oleacc

CreateStdAccessibleObject
AccessibleChildren

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

user32

FillRect
GetWindowLongA
GetDlgItem
MoveWindow
LoadCursorA
SetWindowPos
GetDC
ReleaseDC
GetWindowInfo
ReleaseCapture
SetCursor
GetSysColor
SetWindowLongA
IsWindow
SetCapture

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ