176f68e2923d59ce91085e0dbdd9c725_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

176f68e2923d59ce91085e0dbdd9c725_JaffaCakes118
Size

81KB
MD5

176f68e2923d59ce91085e0dbdd9c725
SHA1

0df5ca2af9ca36e2872d6c19a6583be098000671
SHA256

63cebb976c78c5839670a8d495bd300cd3df326700b7ba98b07d899eeb9ab880
SHA512

420f49a3a266a55f13c27e7fb498cde07b81e7f6cabcfbc98cad9c3f7accf51b42dc4357f98fad089d32ea5fef0fe9d5d4749e8ca7630c35d3e46328c8eb7113
SSDEEP

1536:vZvnMO37EhpYxUrACfi700BQDWkiUMFN193eR7Qpk4HlMOL:vZ/MI7EhpPEIssDWkSeJh4HeO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
176f68e2923d59ce91085e0dbdd9c725_JaffaCakes118

Files

176f68e2923d59ce91085e0dbdd9c725_JaffaCakes118
.exe windows:5 windows x86 arch:x86

eda7c036c1e382173addea83dbd9712e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

R:\Textify\Font\bin.pdb

Imports

user32

IsCharAlphaNumericA
IsCharAlphaA

kernel32

lstrlenA

Exports

Exports

?BeginForce##YGPAXU_RECTL###Z
?CellRinger@@YGPAXU_RECTL@@@Z
?LineHandle@@YGPAXU_RECTL@@@Z
?ProperSight@@YGPAXU_RECTL@@@Z
?TimerConnect@@YGPAXU_RECTL@@@Z

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ