08b6854ac4f03dc32b035e43074324e6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

08b6854ac4f03dc32b035e43074324e6_JaffaCakes118
Size

233KB
MD5

08b6854ac4f03dc32b035e43074324e6
SHA1

90b756a15983d839c1803c3d1c18c567c1b95135
SHA256

e4249f856268361dc62ce14d4383d6e9aa1c80ca0f153143022a51c9cb241155
SHA512

c83cc3e0771761d48c045f4587550d6c77bc8dbff5435556a26862f3a9876a1e19e74253211113b770cc9b9a84c0745b525c0801c9762ee7cd4360282547f314
SSDEEP

6144:gK6HIL0IGVuAaxWlBNrPKj5LQFFJGDQXBm1mYxeZd:qHIIRax6YLQTJG0MmYxeZd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08b6854ac4f03dc32b035e43074324e6_JaffaCakes118

Files

08b6854ac4f03dc32b035e43074324e6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

636f1d8b51f42f28446df02c182f787c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

srand
atoi

shlwapi

StrCmpLogicalW

kernel32

lstrcpynW

user32

IsWindow
MapDialogRect
IsCharAlphaW
GetForegroundWindow
IsCharUpperW
GetMessagePos

Exports

Exports

?BONUSCODE@@YG_JUhydroSiegeEx@@UL
?VERIFYCONST@@YG_JUhydroSiegeEx@@UL

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ