f99a4ce7033cefaa73cc83babc2b1579_JaffaCakes118 | Triage

Sharing

General

Target

f99a4ce7033cefaa73cc83babc2b1579_JaffaCakes118
Size

128KB
MD5

f99a4ce7033cefaa73cc83babc2b1579
SHA1

be7a9935e4e64b09adb8aa3f431bc1baedb8bb93
SHA256

4539ff1fed008cc275d8e3b9e998332c0d04cb5e65df83131dad408b53a4efba
SHA512

7dac6fa9b4594a9e3fe0c6ad4d1631d6f39bd42e74964050887fea079b8517163bad81b1cb5a39cf96bbaf5222c08b7e571078f9946ffaa5d9bd75a3e3997a26
SSDEEP

3072:4m4oJFI01fw8HdL1otBFuJ5YXoLT/MWzFE:4mjF919LiX+5YYHkWq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f99a4ce7033cefaa73cc83babc2b1579_JaffaCakes118

Files

f99a4ce7033cefaa73cc83babc2b1579_JaffaCakes118
.exe windows:5 windows x86 arch:x86

02081436758e30fdda4ea03d6460b6db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Dozbv\CpSR\hpXsr.pdb

Imports

user32

wsprintfA
CharNextA
SetWindowLongA
GetClassInfoExA
GetActiveWindow
SendMessageTimeoutA
CharUpperW
DestroyCaret
ChildWindowFromPoint
MapVirtualKeyExW
GetCaretBlinkTime
CheckDlgButton
CloseDesktop

kernel32

WaitForDebugEvent
FindNextChangeNotification
LoadResource
WaitCommEvent
lstrlenA
LocalAlloc
GetStartupInfoW
SetCurrentDirectoryW
GetSystemDefaultLCID
lstrcatA
GetSystemWindowsDirectoryW
IsValidLocale
GetModuleFileNameA

gdi32

SetAbortProc
GetTextCharsetInfo
ExtFloodFill
ExtTextOutA
CreateRectRgnIndirect
BeginPath
SetViewportExtEx

Exports

Exports

?dnvGqnuoinyusqqJqHN@@YGFJH@Z
?UwUnmmdjhChhba@@YGXF@Z
?ciuhuiywAlUTuZMpcxzWlq@@YGHH@Z
?CdmynYcWJsx@@YGPAJPADI@Z
?UodfBdiaa@@YGPADPADF@Z
?ZbdYlhpciVzbw@@YGFNE@Z

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ