76a5ab19c8bd022a8aaaf52454c548dc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

76a5ab19c8bd022a8aaaf52454c548dc_JaffaCakes118
Size

172KB
MD5

76a5ab19c8bd022a8aaaf52454c548dc
SHA1

fdb58a6c804657c78c919e83cde62cb89ace2783
SHA256

b2a1f6c999ef8d62765049f39cc68d7535590793502adc9b9e320bf2a6e35dda
SHA512

0e1f1b1c76da2b85b4f4323233f5d71ef0fe908de3feb1377e55229bc560c0716272b800b039b5ee9f4a7c1ddb6482ad10e82d35d2a0a446e404127751be5ae2
SSDEEP

3072:wUoj8uDpB+S4tnVHJkHR1PhIaP3TZg4QGYJMcIs5Q9qD2sic8FaqedsH:wsuSJkxthHP3dgFvImZzUxeK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76a5ab19c8bd022a8aaaf52454c548dc_JaffaCakes118

Files

76a5ab19c8bd022a8aaaf52454c548dc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

30ec50fc774fd5462129e8de7c8ee85c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

W:\iuCaffRpa\ffwzARgdjec\magoLsjI.pdb

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_amsg_exit
_initterm
wcscmp
memset
_ismbblead
_XcptFilter
_exit
_cexit
wcsstr
__setusermatherr
iswdigit
__getmainargs

user32

GetKeyboardLayoutNameW
GetWindowDC
wsprintfW
GetDC
IsWindowUnicode
RegisterClassW
PostQuitMessage
SendMessageW

shlwapi

UrlGetLocationW
ChrCmpIW

kernel32

MulDiv
EnumResourceNamesA
IsBadReadPtr
lstrcmpiW
GetModuleFileNameA
GetStartupInfoW
DisconnectNamedPipe
GetVersionExA
lstrlenA
LoadLibraryA
LoadLibraryExA

gdi32

SetBitmapDimensionEx
Ellipse
Escape
SetBrushOrgEx
GetLayout

Exports

Exports

?CreateDlgMessage@@YGHPAXPADK|U

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idir
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 141KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE