179973ffaf9f77537f4f31c7e788b5a7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

179973ffaf9f77537f4f31c7e788b5a7_JaffaCakes118
Size

115KB
MD5

179973ffaf9f77537f4f31c7e788b5a7
SHA1

dc8a87ca40215d680c869035fb0c11c78dd27ab9
SHA256

f6335c73aff4f7ea85d15e55dda6a83c7d7080625e29bd145842b52331222287
SHA512

dc6d54a0e7029fd3d3314eb79c0bf7caabbbd4d311cf499a19b17fc3bf8da41ec7ffe12397cde17ea6213a2ce23b8a9076be517d67a356c5f285091f44ab5f2e
SSDEEP

1536:Vzbiwm/5OuFyI4WzbGwMDIlgynF+v+bQglQ2MigKwJktEJBxfezMjqL89wu/JCfS:ZbiocW6tMMltFwWQ2x4ktEJXWzNk/Vr7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
179973ffaf9f77537f4f31c7e788b5a7_JaffaCakes118

Files

179973ffaf9f77537f4f31c7e788b5a7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c15e915e73cb7ce0fff1d9e7ea107510

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\UsmdrsgXDOuyEC\nZjetTuVUqxb\CIelkDmzMypIdh.pdb

Imports

user32

LoadMenuA
IsCharUpperW
SendInput
GetWindowDC
HideCaret
GetKeyboardLayout
wsprintfW
FindWindowExA
PostThreadMessageW

shlwapi

UrlEscapeA
ChrCmpIW

gdi32

SetMapMode
GetTextExtentPoint32A
GetTextExtentPoint32W
DPtoLP
LineDDA
SetBkColor

kernel32

GetUserDefaultLCID
lstrlenA
HeapCreate
GetModuleFileNameA
OpenFileMappingA
LoadLibraryA
GetModuleHandleW
FileTimeToSystemTime
lstrcpyA
LoadLibraryExA
HeapReAlloc
ClearCommBreak

msvcrt

_controlfp
__set_app_type
isspace
__p__fmode
fread
__p__commode
_amsg_exit
_initterm
fseek
_ismbblead
_XcptFilter
_exit
strlen
_cexit
__setusermatherr
__getmainargs

Exports

Exports

?CreateDlgMessage@@YGHPAXPADK|U

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xyz
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 86KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE