112c9debec2a76202b3cebdfed57c71f_JaffaCakes118 | Triage

Sharing

General

Target

112c9debec2a76202b3cebdfed57c71f_JaffaCakes118
Size

195KB
MD5

112c9debec2a76202b3cebdfed57c71f
SHA1

03924fc4000c1ccb186fb22cfb89fd315d65bfea
SHA256

d19917d4084dbcfc40e584cb2d42226fc290d5f645e0df27bf27ac89eb410667
SHA512

c3246b55979f3946ba187a1b39b0c3e82bb60f488231bc3814bd69cb84311879288c5bb410c6544666d975c4b26623ea62586ddc932fdcfee9208471cfc4a762
SSDEEP

6144:mSp5LjpmDs/4EcUB/c0RVp1d/MYMbfzC7G8Z36UCPq0:Lp5L8DMQU9pb/MY6fzQG036UCPL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
112c9debec2a76202b3cebdfed57c71f_JaffaCakes118

Files

112c9debec2a76202b3cebdfed57c71f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1a68c7a1f4032b34c18f42254e8e9546

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\TushitPisojoukeilkadx{\affalersmaywotnodiwax{\ebborcsmeyoreoflodebdid.pdb

Imports

user32

TranslateMessage
AttachThreadInput
ReleaseDC
InvalidateRgn
InSendMessageEx
SetActiveWindow
SetScrollPos
GetClassLongW
SetRectEmpty
GetKeyboardType
TrackPopupMenu
wvsprintfA
CharPrevA
GetKeyState
CallWindowProcW
BringWindowToTop
SetMenu
LoadCursorA

shlwapi

PathIsFileSpecW

gdi32

StartPage
EnumFontFamiliesExW
SetBitmapBits
DeleteObject
GetTextColor
GetFontData
RemoveFontResourceW

kernel32

CreateMutexW
GlobalCompact
EnumResourceLanguagesA
WaitForMultipleObjects
CreateRemoteThread
GetCurrentDirectoryW
GetOverlappedResult
GetNumberFormatW
GetTimeFormatW
TryEnterCriticalSection

Exports

Exports

LoadFileW@4
AddArgumentOld@8
IncrementVersionNew@12
LoadFolderExA@4
GetValueExA@8

Sections

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE