ce4d31957ca331e7f0b359359e97dc87_JaffaCakes118 | Triage

Sharing

General

Target

ce4d31957ca331e7f0b359359e97dc87_JaffaCakes118
Size

196KB
MD5

ce4d31957ca331e7f0b359359e97dc87
SHA1

3f89e93cb817f8049b6e2cf077fc25f778990c79
SHA256

9869437456ce1dd12e8f7fda22d9db0a8e875646dc8f9c8b7fa3c176bbf82a2e
SHA512

f522eb94de456f7dd9035d890eb0e364e69955dee7093e219e2641c80f908b5ddcb47e467d226df1c5c986bd81ec8998ce8b8d5558e34b763edc872f05f5f3d1
SSDEEP

3072:w1iu+spTBssOiXLAPt/vsQlRH6UkZog4l6Ov6eoiqZd5dP0Kx3F48DvIR7S5:WDHdSsO4gvsQlRaNZoXzS3jPvTDvIRe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce4d31957ca331e7f0b359359e97dc87_JaffaCakes118

Files

ce4d31957ca331e7f0b359359e97dc87_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3b9114cee805c52ff2f4befb11e82049

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

R:\sbEKFBj\ydviCak\nmAtr\srQafisl\nXapf.pdb

Imports

gdi32

StartDocW
ScaleWindowExtEx
CreatePatternBrush
SetMapMode
GetStockObject
GetLayout
CreateFontW
CreateRoundRectRgn

shlwapi

PathRemoveArgsW
ChrCmpIA

kernel32

lstrlenW
CreateNamedPipeA
GetTickCount
CreateThread
WinExec
GlobalMemoryStatus
LockResource
GlobalHandle
WaitForMultipleObjectsEx
SetCommBreak
LeaveCriticalSection
SetPriorityClass

user32

GetMenuItemID
LoadAcceleratorsA
CreateIconFromResource
GetParent
GetForegroundWindow
GetDoubleClickTime
SetCursorPos
ScrollWindowEx
GetActiveWindow
MapVirtualKeyW
GetSystemMenu
GetKeyboardLayoutList

Exports

Exports

?tovzeBHovr@@YGEPAG@Z

Sections

.itext
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ