5fcf78a10ec5e8e78144ef8f5a7ed206_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5fcf78a10ec5e8e78144ef8f5a7ed206_JaffaCakes118
Size

121KB
MD5

5fcf78a10ec5e8e78144ef8f5a7ed206
SHA1

5489a58f7cc5c23aed4d4966149ebf30a942d49c
SHA256

923955b0bc1dee5a99a193242481478779190515cbf52ce8d3e719b9b340108b
SHA512

9758791a6a54eb41df85fba2713f78f228a75d6119c21920c4fb908410b879227db3e07e5c5dd770fc8f0d0216e858dcc291b04f94152c89532d73d7d2fc8d26
SSDEEP

1536:Dhq1xZ+O/2Ncfg1PIpmJ0lBhaMJdNCjZ61dtzksQbZQtICvII/oZYDRPc6iEcwkp:DU5+meamPJ0cMJdCGetQWCgIA41jnc0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5fcf78a10ec5e8e78144ef8f5a7ed206_JaffaCakes118

Files

5fcf78a10ec5e8e78144ef8f5a7ed206_JaffaCakes118
.exe windows:5 windows x86 arch:x86

793da44fce8ab47ecf2968ae476fb7c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

M:\xiqlsff\yeqqhnjb\YsPGXcgR.pdb

Imports

comdlg32

GetOpenFileNameA
ChooseFontW
GetFileTitleW

kernel32

ConnectNamedPipe
lstrlenW
SetNamedPipeHandleState
ExitThread
TlsFree
GetCurrentProcessId
GetHandleInformation
CreateEventW
GlobalFlags

gdi32

RealizePalette
LPtoDP
GetStockObject
OffsetViewportOrgEx
SetWindowOrgEx
GetTextExtentPointW

user32

CharNextW
SetWindowTextA
SendMessageA
TranslateAcceleratorA
EnumThreadWindows
GetScrollInfo
CreatePopupMenu
RegisterClassA
IsCharAlphaW
GetDesktopWindow
LoadIconA
GetLastActivePopup
GetSystemMetrics

shlwapi

PathGetArgsA

Exports

Exports

?QLVUATHgbyep_ZMAP@@YGXE_N@Z
?dqhjq_WJHn@@YGEPAH@Z
?qwyjucniwau__gS@@YGXM@Z
?hc_kx_O__IJ_YErnI@@YGXM@Z
?JKKDVIhe@@YGEGH@Z

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code
Size: 1024B - Virtual size: 894B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 434KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ