4338594b693ed049775aee6ec6d9fd8f_JaffaCakes118 | Triage

Sharing

General

Target

4338594b693ed049775aee6ec6d9fd8f_JaffaCakes118
Size

164KB
MD5

4338594b693ed049775aee6ec6d9fd8f
SHA1

815e6c30e1a949503f42a049c385d9db62acc014
SHA256

586e8e609d855d7772d30675341c1ceb08f292de8924f08924d966462e2eec25
SHA512

53318e957a2bf8f3834999d604126a09d611f3fc9d056c3493b9751625767ea8e3d6a8254a1636e3af39fe50429e0280041b8845cd330eb18cd908cb187238dd
SSDEEP

3072:fhiLiXtRhmAwjIvWIP8IbhKT6MK4tRJCUoB5y:7tXnwjYWIkIbAGMK4tXCUoL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4338594b693ed049775aee6ec6d9fd8f_JaffaCakes118

Files

4338594b693ed049775aee6ec6d9fd8f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1caa4a5cd7a51c808f0dad5c60fbc61e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaExitEachVar
__vbaError
__vbaEraseKeepData
__vbaDateR4
__vbaCyUI1
__vbaAryRebase1Var
__vbaBoolErrVar
__vbaBoolVarNull
__vbaCyAbs
__vbaAryConstruct2
__vbaCyMul

user32

LoadBitmapA
CreateCursor
wsprintfA
SetCursor
SetMenuInfo

advapi32

LsaLookupPrivilegeDisplayName
LsaFreeMemory
LsaEnumerateAccounts
LsaCreateTrustedDomainEx
LsaClose
LsaGetQuotasForAccount
RegCloseKey

kernel32

VirtualFree
MapViewOfFile
LoadLibraryA
GetLocalTime
GetCommandLineA
CompareStringA
TlsSetValue
TlsGetValue
lstrcmpA
lstrcmpiA
lstrcpyA

dinput

DirectInputCreateEx

Exports

Exports

Bnodmekn
Ceqcsx
Cyshyyfxi
Fkvtemunf
Gkyzoi
Gmua
Hmdaydcr
Hpxb
Ijrhrjgd
Kpmhrss
Lbru
Loaefjvzp
Minfkhta
Ngmzzf
Nzdylzguhvs
Okxlau
Pzjp
Tpxzneomg
Urhfdc
Vrxw
Zclnpys
Zxvsouug

Sections

.text
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ