ec22b24cdd18a6a9e1e79c7bb164b0ec_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ec22b24cdd18a6a9e1e79c7bb164b0ec_JaffaCakes118
Size

186KB
MD5

ec22b24cdd18a6a9e1e79c7bb164b0ec
SHA1

e711c6101be601e569d3bae01dfb0d0a9c3adf43
SHA256

6c3ddce190e7a5b7ed075b484845f441abb28f50913c7c18f5623966502d5e32
SHA512

6f6485224328c202dc3883e469e0eec9698564661a3be14a00502872f185a928c1f35762e8a41e569ba5191fd72b6a70b3ae6bd1dcdd34c01177c3643d3d24e2
SSDEEP

3072:r93RNeRaG73yhVUeBcNPuxxd26TxNKx2vI/n1zYwljMy:9cBby3Bcaxc6dKWI9VlH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec22b24cdd18a6a9e1e79c7bb164b0ec_JaffaCakes118

Files

ec22b24cdd18a6a9e1e79c7bb164b0ec_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5c9e8bd0fb78f93d103ef0445c27ff2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\txfcuYQvoqMz\yxWgDclvldCp\xgqxBnm\mvdRLqGetqcbxf\eokKujuYAJ.pdb

Imports

shlwapi

StrRChrA
StrFormatByteSize64A

user32

IsCharAlphaW
CascadeWindows
SendNotifyMessageW
InternalGetWindowText
SendMessageTimeoutA
LoadCursorW
wsprintfA
GetIconInfo

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_amsg_exit
_initterm
_ismbblead
_XcptFilter
iswctype
_exit
_cexit
__setusermatherr
__getmainargs

gdi32

PatBlt
GetSystemPaletteEntries
RemoveFontResourceW
GetBkMode

kernel32

LoadLibraryExW
FileTimeToDosDateTime
GetDateFormatW
OpenEventA
GetShortPathNameA
LocalReAlloc
AddAtomA
GetModuleHandleA

Exports

Exports

?FutureProspect@@YGHPADK|U

Sections

.text
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE