8b81572ba557ae7a459e8a3edcccf782_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8b81572ba557ae7a459e8a3edcccf782_JaffaCakes118
Size

53KB
MD5

8b81572ba557ae7a459e8a3edcccf782
SHA1

cde9c5d866df0b19fedc5af1a4fb9ac1a0f7d270
SHA256

378ab91aba2c8773be1f818f626ca3c2e9abd099af13972f1e0971956b99a79d
SHA512

5f7970dd68fc285e71e5ad81c9cda63a7570fb9ad3361b1e25cf3c0abc22d74d109298ce9ec8a4f4dd34550deb05ae4d75f87681b0eb39cf2afbb8ff6c56ff54
SSDEEP

768:XHP3YX8KxoSYP7BeZ2Upvkzw3vq9L+gN06gbDSsFmk3HA/4KKKYliRfOpy8:3wX8VCcK8Dpgb+cmoA/45Xy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b81572ba557ae7a459e8a3edcccf782_JaffaCakes118

Files

8b81572ba557ae7a459e8a3edcccf782_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f2d89392ae260852a49c1f7e14bb4e3a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\wzDbkaE\RWws\gemnnu\vpvty.pdb

Imports

kernel32

LCMapStringW
CreateDirectoryA
GlobalLock
InterlockedExchange
LCMapStringA
LocalReAlloc
CreateNamedPipeA
GetDateFormatA
FindResourceA
FindNextFileA
GlobalFlags
SetCurrentDirectoryW
FindResourceExA
GlobalUnlock

user32

ClipCursor
CopyRect
InSendMessageEx
FrameRect
HideCaret
SetForegroundWindow
wsprintfA
GetSystemMenu
CheckRadioButton
TileWindows
GetForegroundWindow
GetWindowRect
GetWindowDC

shlwapi

PathGetArgsA

gdi32

SetViewportOrgEx
MoveToEx
AddFontResourceW
RealizePalette
CreateFontA
RectVisible
PatBlt
GetTextFaceW
Rectangle

Exports

Exports

?vcbgqtgq@@YGXH@Z
?WVgNzkgmwusysq@@YGNEE@Z
?uplfpnltycxxrszfzhjkF@@YGPAEPAEH@Z
?vtmqZhhOXtn@@YGHHPAJ@Z
?ofbjfZiJycMV@@YG_NF@Z
?pzauUljGha@@YGPAXPAN@Z

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ