3792b93561387bf96c092e781a33c400_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3792b93561387bf96c092e781a33c400_JaffaCakes118
Size

56KB
MD5

3792b93561387bf96c092e781a33c400
SHA1

61d8884a77d458214f6a0f25ffc5db4eb2453a4a
SHA256

92cc3d7374f06e4ac1fe32d5de6972e35448b85c46c721a125a2d91b1f460498
SHA512

4cca2d34caef1c1f98845727dc682c821e12af9b7807037d4456a31fd252561ed3e8b616158a1ebd71a5c98446e1a41f9f68b4f6870817d2d112a770d79d91fa
SSDEEP

1536:rDBeAi+XTGSEK2QVWGWC5ZPi/vFL/Vwkwae:rDBeAFj8uZ76/dLdbwF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3792b93561387bf96c092e781a33c400_JaffaCakes118

Files

3792b93561387bf96c092e781a33c400_JaffaCakes118
.exe windows:5 windows x86 arch:x86

26b020c83f795ffedfef699381d9f499

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

R:\OvaVDdWh\TEgadrlvpdX\wgilnJal\mkGvbudsV\DzLNsGm.pdb

Imports

msvcrt

_controlfp
memset
__set_app_type
__p__fmode
__p__commode
_amsg_exit
_initterm
_ismbblead
_XcptFilter
_exit
_cexit
__setusermatherr
__getmainargs
strchr

user32

EndPaint
GetDC
CharPrevW
IntersectRect
CreateCursor
wsprintfW
SetWindowLongW
GetClassInfoW

kernel32

lstrlenA
SetThreadLocale
HeapAlloc
LoadLibraryExA
SetEvent
GetModuleFileNameA
lstrcmpiW
IsBadCodePtr
LoadLibraryA
HeapUnlock
GetHandleInformation

gdi32

EndPage
GetDIBColorTable
SetLayout
AddFontResourceW

shlwapi

UrlGetLocationW
ChrCmpIW

Exports

Exports

?CreateDlgMessage@@YGHPAXPADK|U

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idir
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 26KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE