0f7f045e724f914800551f3761e5fe98_JaffaCakes118 | Triage

Sharing

General

Target

0f7f045e724f914800551f3761e5fe98_JaffaCakes118
Size

208KB
MD5

0f7f045e724f914800551f3761e5fe98
SHA1

8f4be014d7b9f50d674ea10d54b5b39b8726f073
SHA256

bbbca3e9a08af94f0970b2ef175ba180d40e903a46591ae7ffbecfacb187e6d6
SHA512

159156c25d40b1afbd925ab27369dea6def3f31e1d2af58cd784238b08dd6273c445d0736e3c54a2e748cd63bf9ab5954d68c188681297fde7def4e99c60600b
SSDEEP

3072:/eM2X9HjyffpPBXpjYwCmCn8X0lJw+D6TiKceOmVUPduh0kUp6BYJLlROocGsDa2:/AH2n19pEwCp8IRj7PI0MBYPchGFLd6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f7f045e724f914800551f3761e5fe98_JaffaCakes118

Files

0f7f045e724f914800551f3761e5fe98_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b1421dd37fa86f6aad2711b7adf5f157

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
lstrcatA
OpenProcess
GetCurrentThreadId
WaitForSingleObject
CreateProcessA
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
lstrcmpA
GetTempPathA
lstrlenA
VirtualAlloc
GlobalAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
VirtualQueryEx
GetModuleHandleA
GetThreadContext
GlobalFree
TerminateProcess
ResumeThread
VirtualFree
lstrcpyA
ExitProcess
FindAtomA

user32

GetFocus
IsWindowVisible
CloseDesktop
GetWindowThreadProcessId
ClientToScreen
SetThreadDesktop
GetThreadDesktop
OpenInputDesktop
GetCursorPos
FindWindowA
wsprintfA
EqualRect
InflateRect

shlwapi

SHGetValueA

advapi32

CreateProcessAsUserA
OpenProcessToken

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE