08145849d0cf840878013d0a35393442_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

08145849d0cf840878013d0a35393442_JaffaCakes118
Size

92KB
MD5

08145849d0cf840878013d0a35393442
SHA1

e0a80c3979e48cff1627662b08cae92482755e5c
SHA256

d2f5ce0cf914fab3858f62862b5e60d9cf80d843d9b175454c8ec36868fa0138
SHA512

e9f4c09ba483f894bd8b950b753a5ec8bc8dc02c4878e1daf0e17073dea39e005587915f2e3ccf57ac09bd2ccd50f241c81d1cde0da281cdda6dd3a48b9614de
SSDEEP

1536:YKjFDqMzJGOMig2gJ0xkzrLq2J6sZaieBtZ8PjyC5+ETpbvZu6ZYHV2pFK:YQeepgh9XOu6sZMzyjDXFbvZu6ZUYpFK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08145849d0cf840878013d0a35393442_JaffaCakes118

Files

08145849d0cf840878013d0a35393442_JaffaCakes118
.exe windows:5 windows x86 arch:x86

153484190fd79a69f2bbc8b4b3c2ca45

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFileEx
GetStringTypeA
VirtualAllocEx
GetLocaleInfoA
HeapAlloc
GetDiskFreeSpaceA
GetCPInfoExA
WriteConsoleOutputCharacterA
DeleteFileA
GetProcessIoCounters
GetLongPathNameW
SetPriorityClass
ProcessIdToSessionId
SuspendThread
ExpandEnvironmentStringsA
LZInit
AllocConsole
GetProcessPriorityBoost
GetTickCount
VirtualProtectEx
GetCommandLineA

user32

SetWindowsHookA
SetWindowLongA
RegisterMessagePumpHook
MenuItemFromPoint
DeregisterShellHookWindow
ShowStartGlass
GetWindow
TabbedTextOutA
FindWindowExW
ReasonCodeNeedsBugID
CloseWindowStation
EnumChildWindows
EnumDisplayDevicesA
SetMenuItemInfoA
ShowCursor
EnableScrollBar
AnyPopup
SetWindowsHookExA
GetGuiResources
GetMenuItemID

gdi32

SetAbortProc

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ