fae3b8d14b08c5c0e5f60589150c5655_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fae3b8d14b08c5c0e5f60589150c5655_JaffaCakes118
Size

197KB
MD5

fae3b8d14b08c5c0e5f60589150c5655
SHA1

697a8c04f81b3bf91507a6f3ac5bbc91cc58cc21
SHA256

9a0e7d7927fc11260d680e3e84fb138ce54857faec5d6853df636d8a64c8bdaf
SHA512

020fb4b9256f9456275e89c73e41a8bdb6b0961eac013eed79db9996dfe85dbaf7e93ae4a59eadcc74359475d2e17824aa048729556bef030f72bb4d030a6752
SSDEEP

6144:92HxKOhmcfXjfA+5z26hyxB0rIvjACBz5N5o:kXXsY9hpAJJ5NO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fae3b8d14b08c5c0e5f60589150c5655_JaffaCakes118

Files

fae3b8d14b08c5c0e5f60589150c5655_JaffaCakes118
.dll windows:5 windows x86 arch:x86

7ce5607d9e081b672130d5f8ed324945

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\IaxoZuIm\dbawVKmL\gxeh.pdb

Imports

user32

CopyAcceleratorTableW
GetForegroundWindow
GetCaretBlinkTime
GetKeyState
CharNextA
GetWindow
MapVirtualKeyExA
SendMessageA
DestroyWindow
MonitorFromPoint
CreateWindowExA
GetUpdateRgn
IsDialogMessageA

shlwapi

ChrCmpIW
PathRemoveArgsW

gdi32

CreateCompatibleDC
SetROP2
EnumFontsW
GetCharWidth32W
SetAbortProc
SetRectRgn
GetDeviceCaps

kernel32

GetUserDefaultUILanguage
GlobalUnlock
FileTimeToDosDateTime
CreateSemaphoreW
GetTempFileNameW
GlobalAddAtomW
lstrcatA
LoadLibraryExW
OpenEventW
lstrlenA
GetThreadPriority
CreateNamedPipeW

Exports

Exports

?yupycrnNIeFJTbjxIdov@@YGXM@Z

Sections

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CODE
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 159KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ