d110050f0e4016db0ae6581c7fc10597_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d110050f0e4016db0ae6581c7fc10597_JaffaCakes118
Size

39KB
MD5

d110050f0e4016db0ae6581c7fc10597
SHA1

22b2d7c2069ab26aa8c904c3161cf6ea83a93a8d
SHA256

2ced615fd32fa5096ac6e7e983f23fbbfd4534685c46e98e4f916b4eb2be6e1b
SHA512

07d1dd6f60fe34a05ca4e485968631c8c1f8220279787e5798db47863189dec859d8e10126b465f9e17c0f6fdc7cf2cbc47dbafb5f0f91b1197e4c651022bea0
SSDEEP

768:yGylKG2imuyq5O+F7qYycR+TJ+K2FKrL8FvG5ego6YdFJ5:yGYKpir5OuFyIzFmegnYzJ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d110050f0e4016db0ae6581c7fc10597_JaffaCakes118

Files

d110050f0e4016db0ae6581c7fc10597_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a6faedc6d3ff7fb988f676ef1ab95ea1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\JoXgutk\hpkxxsiSKmtr\jyYhHczezxnrb\XZTolZewxcyyGB\cANZkZqYhir.pdb

Imports

msvcrt

_controlfp
memset
__set_app_type
__p__fmode
__p__commode
_amsg_exit
_initterm
_wtoi64
_ismbblead
_XcptFilter
_exit
_cexit
__setusermatherr
__getmainargs
getc

gdi32

CreateRectRgnIndirect
PtInRegion
SetROP2
EnumFontFamiliesW
BeginPath

user32

GetWindowDC
MessageBoxW
BeginPaint
EnumThreadWindows
CreatePopupMenu
IsCharUpperW
OemToCharA
wsprintfW
AppendMenuA

kernel32

CreatePipe
GetComputerNameW
IsDBCSLeadByte
LoadLibraryA
IsDBCSLeadByteEx
LoadLibraryExW
lstrcpyA
GetModuleFileNameA
lstrlenA
GetModuleHandleA
HeapLock

shlwapi

ChrCmpIW
UrlEscapeA

Exports

Exports

?CreateDlgMessage@@YGHPAXPADK|U

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.return
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE