d1bc694776fc5986e627f0a35d05859c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d1bc694776fc5986e627f0a35d05859c_JaffaCakes118
Size

117KB
MD5

d1bc694776fc5986e627f0a35d05859c
SHA1

22a63a3ceb965c8801d25ad4f076efbdac2106f0
SHA256

33ca4eb7546a0b7e14c99b54496a6394142fb6fb6025a37587982397794148fb
SHA512

f4665097be1bbe69797850af3e7e0b0c627ada8c4c6067865ea01bfa2b10b90c3b1abc036479091a200d32f664f7225bc72dec6eea2867c61207a48805f661fd
SSDEEP

3072:6SUMReucc8FOtkygw6yDtJ4g+0W3qvnoDpOAL/D:HJB8FOP53p+0nnoDpOAL/D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1bc694776fc5986e627f0a35d05859c_JaffaCakes118

Files

d1bc694776fc5986e627f0a35d05859c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

19b4e25642b9c2635586930b7c1d84be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\dERKVqB\PAkhfkHy\nkmzc.pdb

Imports

ntdll

_aullrem

comctl32

PropertySheetA
ImageList_LoadImageW

gdi32

GetViewportOrgEx
GetFontData
GetTextExtentPointW
CreateCompatibleBitmap
AddFontResourceW
CreateCompatibleDC
CreatePen
GetCurrentObject

user32

FindWindowW
GetDialogBaseUnits
RemoveMenu
ChangeMenuW
GetScrollPos
MapVirtualKeyW
CharToOemW
GetClassNameW
CheckDlgButton
InvertRect
GetWindow
LoadIconW

kernel32

lstrcatW
GetModuleHandleW
VirtualQuery
SuspendThread
FindResourceW
lstrcmpiW
CloseHandle
lstrlenW
FindResourceExW
PulseEvent
GetTimeZoneInformation
GetProcAddress
IsBadReadPtr

Exports

Exports

?PdsAdlpzseLBuvXGtjbwrB@@YGGDK@Z

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ