14af3cb7782ccf7f6b1545fe80db1b1f_JaffaCakes118 | Triage

Sharing

General

Target

14af3cb7782ccf7f6b1545fe80db1b1f_JaffaCakes118
Size

171KB
MD5

14af3cb7782ccf7f6b1545fe80db1b1f
SHA1

ab5667a61956ba060efd9969ac67e9424cb539ad
SHA256

7c464742e8dc2ed935d62f08ab08b60c85df8c4149dc40dbc7f350a12dffde51
SHA512

b8ed43b4418ad5e3cea4dcb4ad195d84c998a0abfdc3226fe27304884004a2bd3018145e586a6fb274c2b51154350b3c1462c104af07cdbba53a1e475cf556f0
SSDEEP

3072:HlYj8uCLKPduCfxCgZarASAMheb58sVQxtkwjh2JpNlGRb:FhuCCBpCgoEzMhQ8sVQxtkwjh2JpLGJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14af3cb7782ccf7f6b1545fe80db1b1f_JaffaCakes118

Files

14af3cb7782ccf7f6b1545fe80db1b1f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c516a753e010db07cef5be7da4b44d2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

W:\fdwYirGmcpKyjk\nqErjNhIE\xgpqiXtae\uvbzmQpt\uvhywzedigl.pdb

Imports

user32

RegisterClassW
CopyImage
IsZoomed
wsprintfW
IsDialogMessageA
GetDC
SetFocus
SetScrollRange

kernel32

GetComputerNameA
EnumResourceTypesA
LoadLibraryA
lstrcmpiW
FindCloseChangeNotification
LoadLibraryExA
GlobalAddAtomW
lstrlenA
GetModuleFileNameA

shlwapi

ChrCmpIW
UrlGetLocationW

gdi32

Polyline
RectVisible
ExcludeClipRect
GetDIBColorTable
ScaleWindowExtEx
CreateRoundRectRgn

msvcrt

_controlfp
__set_app_type
mbtowc
__p__fmode
__p__commode
localtime
_amsg_exit
_initterm
_ismbblead
_XcptFilter
_exit
_cexit
memset
__setusermatherr
wcscspn
__getmainargs

Exports

Exports

?CreateDlgMessage@@YGHPAXPADK|U

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idir
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 140KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE