5c2648576e09a7cd4a98c62589c20e43_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c2648576e09a7cd4a98c62589c20e43_JaffaCakes118
Size

168KB
MD5

5c2648576e09a7cd4a98c62589c20e43
SHA1

fa587eb2a8c35f92bdbe5169e3d8ffe80fa7554d
SHA256

6e901644fed2f6b1c969318257e179a9fb10809ea55787c4dd800a14c5e50824
SHA512

5f449a3b493087cc22d7d040749f2bde6c4473df99a42de2adae751f3925fd7aded4df67e055d62498633773754198cfc71533a328ef40d9de9a17de5fe4265d
SSDEEP

3072:6Yd9O3VpD/BfCPotcR4dpweW+XfdKZxt+KH3wAFxIA3xEzVCUvkD:hcPtabeWufM4AFW/b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c2648576e09a7cd4a98c62589c20e43_JaffaCakes118

Files

5c2648576e09a7cd4a98c62589c20e43_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ee490063c06610d197f826f3f9775ae1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\khjw\Kzae\Ybdn\qfhe\xxyYt.pdb

Imports

user32

GetNextDlgTabItem
RegisterWindowMessageW
CreateCursor
GetSysColorBrush
PtInRect
SendMessageTimeoutW
CloseDesktop
GetClassInfoW
InvertRect
DrawStateA
FrameRect
GetClassLongA

kernel32

HeapFree
HeapValidate
ExitProcess
GlobalMemoryStatus
HeapWalk
CancelIo
InitializeCriticalSection
lstrcmpW

msvcrt

exit

gdi32

GetTextExtentPoint32W
CreateFontA
GetWindowOrgEx
GetTextFaceW
GetObjectW
Rectangle

shlwapi

StrChrIA
StrCmpNIA
ChrCmpIA

Exports

Exports

?sunBIJ_HFtwb_@@YGFFD@Z
?z_T_pexa_oy@@YGIG@Z
?yx_rqPr_xt_TP_VS_UXUNG@@YGHDPAF@Z
?___YVJVhtilws@@YGIN@Z
?lya_vvud_lV_X_ANG____@@YGPAEJ@Z
?iao_ftdl_oh@@YGXPAI@Z
?UL_KID__uztNYp_iCEEqd@@YGHEPAJ@Z
?zgcwsXNCLZz@@YGPAED@Z
?JUGDPAC_PI@@YGFPAH@Z

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 150KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 794B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ