4cdad83c859cbdd701e7bb1f125e3271_JaffaCakes118 | Triage

Sharing

General

Target

4cdad83c859cbdd701e7bb1f125e3271_JaffaCakes118
Size

186KB
MD5

4cdad83c859cbdd701e7bb1f125e3271
SHA1

fa270b5c0f59221db3e2f8a55dbe1ad04aba32b1
SHA256

f1ae105bf7004609c6d5f091d9bedea46f5a45e50391a600d5cea30e71eea6f7
SHA512

ba28bc1d521867e1d6a156be3b373a6d2f216b299df6efd7b171c7c30cb8332c0c68cef6f0ac61fe1798389c8a34ae403cc41e2f993b8a0c38b034de6dc4a868
SSDEEP

3072:QVv3WOytBq2yP4y5/2vuoaMbs32mzdzQIRt5L/Ev6rMF/0hx2QTkX3GOpb1Sgq:sHR2y55evums32mzdsIxzTrQ0hx2i0GY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4cdad83c859cbdd701e7bb1f125e3271_JaffaCakes118

Files

4cdad83c859cbdd701e7bb1f125e3271_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ef8efb7f123782afc24c930b1ed5efca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

T:\dIlo\tgfY\aQZaRtml\jSxQ\AWiNwd.pdb

Imports

gdi32

FillRgn
GetObjectW
CreateSolidBrush
GetWindowOrgEx
CreatePenIndirect
GetDeviceCaps
SetAbortProc
MoveToEx
RemoveFontResourceW

user32

GetScrollPos
GetMenuState
GetMonitorInfoW
GetWindow
GetDialogBaseUnits
GetCaretPos
AppendMenuW
GetWindowLongA
CharLowerBuffW
GetIconInfo
BringWindowToTop
SetCursorPos
FillRect
ScreenToClient

kernel32

VerifyVersionInfoW
GetProcAddress
CancelWaitableTimer
MoveFileW
LoadLibraryW
GlobalUnlock
lstrcmpA
lstrcmpiW
FreeResource
SetCommTimeouts
CallNamedPipeW
CreateNamedPipeW
HeapValidate

Exports

Exports

?cshaFutcZwpOqnz@@YGPAJPAM@Z

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 149KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ