7432c643d01edc8e33ee699f1d64e642_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7432c643d01edc8e33ee699f1d64e642_JaffaCakes118
Size

164KB
MD5

7432c643d01edc8e33ee699f1d64e642
SHA1

d8aa243c0e0c46f80711b1eea3a2257f07e48f3e
SHA256

e21ac5ff12890d7a2484d0b576d1306e5e571b0f0ec23aafac1590ec074bcc15
SHA512

17d2964e89348a43ba3805688cd444d6a362fc0ba22d7513b26fc07062cb4f0f5e0933703fd864cd84fe5ee75288d20db9c864b0d1dc3e8c84ad0c2c37442909
SSDEEP

3072:vhiLiXtRhmAwjIvWIP8IbhKT6MK4tRJCUoB5y:rtXnwjYWIkIbAGMK4tXCUoL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7432c643d01edc8e33ee699f1d64e642_JaffaCakes118

Files

7432c643d01edc8e33ee699f1d64e642_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1caa4a5cd7a51c808f0dad5c60fbc61e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaExitEachVar
__vbaError
__vbaEraseKeepData
__vbaDateR4
__vbaCyUI1
__vbaAryRebase1Var
__vbaBoolErrVar
__vbaBoolVarNull
__vbaCyAbs
__vbaAryConstruct2
__vbaCyMul

user32

LoadBitmapA
CreateCursor
wsprintfA
SetCursor
SetMenuInfo

advapi32

LsaLookupPrivilegeDisplayName
LsaFreeMemory
LsaEnumerateAccounts
LsaCreateTrustedDomainEx
LsaClose
LsaGetQuotasForAccount
RegCloseKey

kernel32

VirtualFree
MapViewOfFile
LoadLibraryA
GetLocalTime
GetCommandLineA
CompareStringA
TlsSetValue
TlsGetValue
lstrcmpA
lstrcmpiA
lstrcpyA

dinput

DirectInputCreateEx

Exports

Exports

Bnodmekn
Ceqcsx
Cyshyyfxi
Fkvtemunf
Gkyzoi
Gmua
Hmdaydcr
Hpxb
Ijrhrjgd
Kpmhrss
Lbru
Loaefjvzp
Minfkhta
Ngmzzf
Nzdylzguhvs
Okxlau
Pzjp
Tpxzneomg
Urhfdc
Vrxw
Zclnpys
Zxvsouug

Sections

.text
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ