ab91e3e9af1ddd8defbc8cce00423c12_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab91e3e9af1ddd8defbc8cce00423c12_JaffaCakes118
Size

32KB
MD5

ab91e3e9af1ddd8defbc8cce00423c12
SHA1

26800a7459cbaa053f13f2d15b20db23da5bf515
SHA256

f72b4e3a952e433dce1b80b8722ea4f022e7cb5b416234e5bc44502d8b06c7ed
SHA512

786d72477fc75797258108981c95ff063ab74364d770ef0133aa3b2a02eba891bdcf3a71d53983f0138580fe14d9813afe22cc363d3358957603fdd89b45069f
SSDEEP

384:gaGycYw4BAFyrqZ0+sLNvEHUGl24KWqhpNbBUrGWSpho2M9wBzDWPZP:gVyfYopLNaUNpZ+Gadwm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab91e3e9af1ddd8defbc8cce00423c12_JaffaCakes118

Files

ab91e3e9af1ddd8defbc8cce00423c12_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e85d02c85d8cc795395de0cd179dd85d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

uhdera.pdb

Imports

kernel32

TlsGetValue
GetDiskFreeSpaceA
GetProcessHeap
GetPrivateProfileSectionA
CompareStringW
lstrcmpA
FindFirstVolumeW
GetSystemTime
HeapAlloc
ReplaceFileA
GetPrivateProfileSectionA
GetProcAddress
GetPrivateProfileSectionA
GetVolumePathNameA
GetShortPathNameA
QueryDosDeviceA
CreateEventW
GetModuleHandleW
GetEnvironmentVariableW
GetPrivateProfileSectionA
SetEnvironmentVariableA
GetLocalTime
FileTimeToSystemTime
WaitForSingleObject
GetPrivateProfileSectionA
lstrcpynW
SetErrorMode

user32

EnumDesktopsA
CreateDialogParamW
DrawTextA
wsprintfA
DialogBoxParamW
IsDialogMessageA
SetFocus
CreateDesktopA
LoadImageA
LoadCursorA
GetMessageW
GetCaretPos

cryptdll

CDLocateRng
CDBuildVect
MD5Update
MD5Init

clbcatq

CoRegCleanup
ComPlusMigrate
DowngradeAPL

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ