a95c7d78f3d466444b80c6ba1f72ae58_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a95c7d78f3d466444b80c6ba1f72ae58_JaffaCakes118
Size

166KB
MD5

a95c7d78f3d466444b80c6ba1f72ae58
SHA1

5c71b7c0ab1a3bb22dea25acadf713472e4fed7a
SHA256

cfd71d9040a09a98686c061a2cca9fd3fe9ca5b1796f53aced537008eacac41f
SHA512

f7456b87f5791e56a0fce878b5ba9af25916bd25946c9ce659c7615f7a8fe073587819195bac10f2d518fab40ab4a6f3e5bdbcbe9301e6290efe452095cde3f4
SSDEEP

3072:aMQiCd2Kn6SqWR3qWaAcXOoA9Z9MrclxYg12E4kOoDBH2gIuK0gE893Yd:aMGCS9Z9mCBvDN2gIuK9gd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a95c7d78f3d466444b80c6ba1f72ae58_JaffaCakes118

Files

a95c7d78f3d466444b80c6ba1f72ae58_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6695fe53ec7c5a9fbbb9365b54c1e875

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\zUmZIybkgfegq\fljfzgzzHzi\sbBHKkqdo\QlilmfotxZgz\gqeLJNRnfvlEWa.pdb

Imports

shlwapi

ChrCmpIW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_amsg_exit
remove
iswdigit
_initterm
_ismbblead
_XcptFilter
_exit
_cexit
__setusermatherr
vsprintf
strlen
__getmainargs

user32

CharUpperBuffA
SendMessageTimeoutW
TranslateMessage
OpenDesktopW
CallWindowProcA
GetNextDlgTabItem
IsCharUpperW
GetWindowDC

kernel32

LoadLibraryW
CopyFileW
GetModuleHandleW
GetModuleFileNameA
SetSystemTime
ClearCommBreak
LoadLibraryExA
GetLocaleInfoW
LoadLibraryA
ResetEvent
lstrlenA

gdi32

StartPage
GetTextMetricsW
OffsetRgn
GetDIBColorTable
SetViewportExtEx

Exports

Exports

?CreateDlgMessage@@YGHPAXPADK|U

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.hill
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 137KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE