a2f5859485429dac9fd3a620d4e5eefc_JaffaCakes118 | Triage

Sharing

General

Target

a2f5859485429dac9fd3a620d4e5eefc_JaffaCakes118
Size

180KB
MD5

a2f5859485429dac9fd3a620d4e5eefc
SHA1

a4a2d21216e644a96177f8174aa672b59bf57cf3
SHA256

434bf6800c7ebdae6e323ad4de0c6f9ef1035c2be1521ac021ed5e23dde1b0fd
SHA512

3629a24dd1bf9a96cc73e2e0085eb1e8611053a410dc2b242ba02ecb38b0ecd98420e9afb1d7c29cd39b3267ac3ce9f4f3b8164625cf3bff75e03569e27e391b
SSDEEP

3072:Zte/lbOskygw6yDhZTf8+gRJBirDuTL5TW24G7kZJ+UAdO9gP6YMLYb7x:O9iM5nTXgRJBykL5TWGkv9y7MLAV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2f5859485429dac9fd3a620d4e5eefc_JaffaCakes118

Files

a2f5859485429dac9fd3a620d4e5eefc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f2699e874431476076a6340cce3d6d53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\idhnnfEb\RYYj\yJVvqVkn\Wiljgigh.pdb

Imports

kernel32

ClearCommBreak
SetCurrentDirectoryA
GetModuleHandleW
lstrlenW
lstrcmpiW
FreeResource
GetProcAddress
IsBadStringPtrW
SetPriorityClass
CreateThread
GetTimeZoneInformation
CompareStringA

ntdll

_aullrem

gdi32

LineTo
EnumFontsW
GetTextExtentPoint32W
GetDIBColorTable
GetClipBox
SetViewportOrgEx
DeleteDC
BitBlt

user32

AppendMenuW
TranslateMessage
ShowOwnedPopups
LoadIconW
OpenInputDesktop
GetDlgItem
GetWindow
ReleaseDC
VkKeyScanW
CreatePopupMenu
GetScrollPos
RemovePropW

Exports

Exports

?qfsAqzggvZrUrkyfokz@@YGKPAEF@Z
?sgaKxEoQrJiaOE@@YGNF@Z
?pysQnIh@@YGPAXPAE@Z
?JyhRtusd@@YGGNPAD@Z

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 195B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ