ea68e3037a21646fef83533fb4a688c1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ea68e3037a21646fef83533fb4a688c1_JaffaCakes118
Size

117KB
MD5

ea68e3037a21646fef83533fb4a688c1
SHA1

27a6e8dc04e03743806e2b4c2863631fd4080a5d
SHA256

5fabee17e60f23a3918ab232f402a59ba366384e079e0a067c6bff278f1be563
SHA512

899181de5adab8895a315cba1a49594dbc522d62e1c4774a419104930715a2295838fb3b262c0c56657bed6cd5594432e102a0f580034c4c2ebfa461d1cee534
SSDEEP

3072:4Cb27Etk1fuJ92A8OZFtFkTWclV1XqInA:4CCAOmL2A8OZHFcWMJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea68e3037a21646fef83533fb4a688c1_JaffaCakes118

Files

ea68e3037a21646fef83533fb4a688c1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8780c99d72b18dcd8c094d79f79314f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

U:\ZSnwXwj\mabd\TzjCRlit\tJGlla\IFpdmrR.pdb

Imports

ntdll

_aullrem

kernel32

LocalFree
GetModuleHandleW
GetCommModemStatus
GetProcAddress
GetCommState
WriteFile
FindFirstFileW
lstrlenW
GetCommandLineA
SetThreadAffinityMask
lstrcmpiA
HeapReAlloc

user32

SendMessageTimeoutW
GetKeyNameTextW
MapDialogRect
GetWindow
LoadIconW
AttachThreadInput
GetMessageTime
ValidateRect
GetScrollPos
GetClassNameW
PostQuitMessage
DrawTextA
SetPropW
FindWindowA

gdi32

CreatePalette
RemoveFontResourceW
BeginPath
SetDIBitsToDevice
AddFontResourceW
CreateDiscardableBitmap
OffsetViewportOrgEx
CreateRoundRectRgn
SetMapMode

Exports

Exports

?uxzbkXdmOahFwbvrar@@YGGJD@Z

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.crt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ