33f591779085e78537d0610d6b0ec43b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

33f591779085e78537d0610d6b0ec43b_JaffaCakes118
Size

187KB
MD5

33f591779085e78537d0610d6b0ec43b
SHA1

8612e52b9524cfa6b80e71f278dbaf47a132c7e5
SHA256

65ecee4705c022e6e14bcb5af675ca01ba09afde5ff5ffee0d50988ee6c19b2e
SHA512

b5cff742aa84ff6bc0010fcee39cb242bd994d504c2b683a0bdf2e3c9c4c779151cb0f35ae8ceed2bc0f47fb44d18439e3ea175881692b582647ae22f29fc7ea
SSDEEP

3072:Gb0Ho7xgMvVl8PmI14KoPxznpwYcNuKr4FXV8lAyRfQKkVRbtFemtODlVxxOriKs:9OxgXR2PxzB4uJXV8uKS5emO9KJR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33f591779085e78537d0610d6b0ec43b_JaffaCakes118

Files

33f591779085e78537d0610d6b0ec43b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

eac860c7c959233981b6b388b2aa603c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

P:\gxZmquwyi\vlngzOji\DvrAtQAmkc\xwlyhHxo\lljwSvXEiTfl.pdb

Imports

user32

ShowWindowAsync
IsMenu
SendMessageA
LoadBitmapA
mouse_event
PostThreadMessageA
GetMenuStringA
MessageBoxW
DefDlgProcA
IsZoomed
ClipCursor
DrawIcon
MapVirtualKeyA

kernel32

GetPrivateProfileIntA
GetBinaryTypeA
lstrlenW
FindResourceA
GetThreadContext
GetDateFormatW
GetProfileIntA
SetWaitableTimer
GetPrivateProfileIntW
GetProfileIntW
GetTempFileNameW

shlwapi

PathUnquoteSpacesW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ord196

Exports

Exports

?IsInstallCompleted@@YGKXZ

Sections

.itext
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE