cf2d9cc1e32e1c1f6c547efeefb1e9a4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cf2d9cc1e32e1c1f6c547efeefb1e9a4_JaffaCakes118
Size

101KB
MD5

cf2d9cc1e32e1c1f6c547efeefb1e9a4
SHA1

583adea816ebd2d3d70d19e0cf10591ca57f9eeb
SHA256

5751e450bceb112ec8a6f9e8db7631b9b5d44809a45707bb1517be3d313bc021
SHA512

a831a396200028938f18816978447b3bdfd6dc69d759e116b85c07e85f72e7c787ee13b2e3faf67ca94c1e7a43952c454f154e04d5939b5ba74d0c721c8dc723
SSDEEP

1536:9GuRXGL9sJ4LznjbM7EVCMNxuD7sKdbuljD1KZF8dQv+BlrG1+OtfW:9rXGLaJSznmuKD7VGQ8dQvui1vfW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf2d9cc1e32e1c1f6c547efeefb1e9a4_JaffaCakes118

Files

cf2d9cc1e32e1c1f6c547efeefb1e9a4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c33bfd64f0db6395e8e21ab9f9a3117e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

T:\Ysfd\OiakkOa\MnuMcKl\hTIbGpq\ksci.pdb

Imports

kernel32

SystemTimeToFileTime
IsValidCodePage
lstrcmpA
GetStartupInfoA
lstrlenW
CreateNamedPipeW
GetSystemTimeAsFileTime
SetThreadExecutionState
lstrlenA
GetSystemTime
GetThreadLocale
GetEnvironmentStringsW
GetCPInfo
FreeLibrary
FreeEnvironmentStringsW

user32

CreateDialogParamW
GetCaretPos
LoadImageW
SystemParametersInfoW
IsWindowEnabled
GetDlgItemTextW
CreateDialogParamA
RedrawWindow
AppendMenuA
CreatePopupMenu
RegisterHotKey
GetMenu
GetScrollRange

ntdll

memset

shlwapi

StrCmpW

gdi32

CreateCompatibleBitmap
CreateHatchBrush
UnrealizeObject
SetROP2
SetDIBitsToDevice
SetWindowExtEx
SetLayout
OffsetRgn

Exports

Exports

?_Sqeodm@@YGPAKDJ@Z
?_Sxbvlsthz@@YGGPAIK@Z
?GvmazrT@@YGNPAFPAI@Z
?Nlxtpli@@YGDPAE@Z
?NjqLeegnzmikg@@YGPAXHG@Z

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ