ffe3ba3ec44213d4668885b026efc86e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffe3ba3ec44213d4668885b026efc86e_JaffaCakes118
Size

132KB
MD5

ffe3ba3ec44213d4668885b026efc86e
SHA1

86fa930081002fb7f5baa2f493534c5b81267247
SHA256

df3b93765439ea36064c9f4f308a68b5cc4a07f898e1164cdd362b5fe2594547
SHA512

9cc851bfc1630b7b9ba74349de29746093d0473a0edda7ce03872696fd680986f48daac91f67af7eed2fde42353839ca42abfb1f39d7e6248d41a204608fcf90
SSDEEP

3072:K82q1Cd+ySqHEvgUFal9Q6wmDfbnvl/Pcfqa:5NXySh4UFasvmLbnvhxa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffe3ba3ec44213d4668885b026efc86e_JaffaCakes118

Files

ffe3ba3ec44213d4668885b026efc86e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d64d7083d5bfa054919931f5537b3746

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\yaoqCsVq\esCI\xDhzpW.pdb

Imports

kernel32

GetThreadTimes
GetCommandLineA
SetSystemTime
SetCommTimeouts
lstrlenW
GlobalAddAtomW
RemoveDirectoryW
HeapUnlock
GetUserGeoID
GetSystemDefaultUILanguage
lstrcmpiW
lstrcatW

comdlg32

PrintDlgW
GetOpenFileNameA
GetOpenFileNameW

user32

SetWindowTextA
GetSysColorBrush
IsMenu
AppendMenuA
SetCaretBlinkTime
GetMonitorInfoW
SendInput
SwitchToThisWindow
GetParent
GetFocus
CloseDesktop
wsprintfW

gdi32

SetDIBits
CreateCompatibleDC
CreatePolygonRgn
GetStockObject
CombineRgn
OffsetRgn
CreateSolidBrush
ExtTextOutA
GetObjectA

Exports

Exports

?wEfvvyjeYbvkLMAzfJpbu@@YGEJ@Z
?ohuhjxkY@@YGHPAF@Z
?uBriaOzDjXzKbhwe@@YGDPAH@Z
?FlydNYblhYxgo@@YGPAIJ@Z
?ejetuygO@@YGPAFF@Z

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ