8d2549e6093f3ed0184e5824c6b89384_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8d2549e6093f3ed0184e5824c6b89384_JaffaCakes118
Size

16KB
MD5

8d2549e6093f3ed0184e5824c6b89384
SHA1

36d0b2ee560cd6e933ba19b25207334c96e2922c
SHA256

12789d2e645bf9f3e23799f0aa2a844a832601e9d833e0debe29f8e98532a406
SHA512

e9f144f0247ffd4621a31dbff41341c715d04063bb54555df759917c1d9167183fef85ceaa3ee9c085a7cbed3c249d2aed1f55dda2c4f8528fa512723c0cfc3b
SSDEEP

96:aM2lrnksvoKeeUFDkDytt7yU+ZiL+lrYvoIdyR2u:aPgcRSwC+U+Zq+RYv5dc2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d2549e6093f3ed0184e5824c6b89384_JaffaCakes118

Files

8d2549e6093f3ed0184e5824c6b89384_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0bddc41d1417b8425e43aa25e0171148

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

rand
_snprintf
_beginthread
exit
strncpy
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_endthread
_CxxThrowException

kernel32

LocalFree
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
ExitProcess
WaitForSingleObject
CreateMutexA
SetErrorMode
MoveFileExA
CloseHandle
WriteFile
CreateFileA
SetFileAttributesA
GetModuleFileNameA
GetModuleHandleA

user32

CloseClipboard
BlockInput
MessageBoxA
OpenClipboard
keybd_event
SetForegroundWindow
SetFocus
ShowWindow
VkKeyScanA
EmptyClipboard
SetClipboardData

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantInit
VariantClear
SysAllocString

shell32

ShellExecuteA

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE