ffa306cda02936459e718e7a31993659_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffa306cda02936459e718e7a31993659_JaffaCakes118
Size

199KB
MD5

ffa306cda02936459e718e7a31993659
SHA1

b7f2f7cc4f48b9d388065b7adb670d0a774075ea
SHA256

d5c557eb1bb479de3e531f581814676989e31b863eab3efe83eba5abb6628094
SHA512

f1f2ad829fe77b38c5582a915f4257e751235343b0c50c31ec38afb771a593223a052ecdb98f10cdb1256ae2f360c01904a1a31997bdc49359b5167bbaa4e88b
SSDEEP

3072:9rcRvJjRjqSkZCUK/rqkTvn5IvZXafe7Ie5ORA6GMaA+ohpoZ6BuTeTn6eWC2QPt:2RvBFq82kdU9aYTmGMaA+0rGDrQS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffa306cda02936459e718e7a31993659_JaffaCakes118

Files

ffa306cda02936459e718e7a31993659_JaffaCakes118
.exe windows:5 windows x86 arch:x86

83aa32db2bf4df9207d37076c9361a94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\inxACek\ryiai\xnZwjzz\inxulsp.pdb

Imports

kernel32

TryEnterCriticalSection
SetCurrentDirectoryW
lstrcmpiA
TlsSetValue
WinExec
GetShortPathNameW
ClearCommError
lstrlenA
OpenEventW
GetCommandLineA
HeapSize
lstrcpyW

shlwapi

PathRemoveArgsW
ChrCmpIW

gdi32

WidenPath
SetBrushOrgEx
StretchDIBits
SetDIBColorTable
Escape
CreateHalftonePalette

user32

MapVirtualKeyExA
GetForegroundWindow
DrawFocusRect
CreateCaret
GetCaretBlinkTime
IsCharLowerA
CharUpperA
GetMessageTime
RegisterHotKey
GetKeyState
GetMessageA
ActivateKeyboardLayout
SendInput

Exports

Exports

?NngZaRhezwUVw@@YGMPAH@Z
?UgeojFEoerUYUouFe@@YGXJI@Z

Sections

.itext
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CODE
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 154KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ