37868c0815810d8da9ede9051fd0091f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37868c0815810d8da9ede9051fd0091f_JaffaCakes118
Size

129KB
MD5

37868c0815810d8da9ede9051fd0091f
SHA1

23799d585ab5c84d26695067d7bbc42e6b070039
SHA256

125dc4a24fd444a82fb2e5391949c322a39b648b1646dcedd50c9f9e5e89e852
SHA512

02e150c87dabaf1d33bb3c993ae1feeaac917237fe7fd45e7aa2cf702452f14fbc1bcef96c4b159eaa10f91cfcbf6578ac6fe2e70de0bb339458762b9a1bbfe3
SSDEEP

3072:MhOW8cBQE6TcoHdLnj+66Fwk+3/YfHVfDb7FtbuyQ:MhOwiHd9LWe3Y/V7XFtb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37868c0815810d8da9ede9051fd0091f_JaffaCakes118

Files

37868c0815810d8da9ede9051fd0091f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ab01383632ac728acbcb2582671e389f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

N:\lqFPgz\Qhwbl\oqwefnzp\doiaXVV.pdb

Imports

gdi32

Polyline
ScaleViewportExtEx
GetCurrentObject
TranslateCharsetInfo
SetRectRgn
CreateEllipticRgnIndirect
RectVisible

comdlg32

PrintDlgExW
ChooseFontW

kernel32

SetCurrentDirectoryW
GetTickCount
GetStartupInfoW
AreFileApisANSI
IsValidLocale
lstrlenA
DeleteAtom
LoadLibraryExA
GetStringTypeExW
GetOEMCP
OpenFileMappingW
lstrcatA
GetFileTime

comctl32

ImageList_Create
ImageList_Read
ImageList_Remove
CreatePropertySheetPageW

user32

GetShellWindow
SetActiveWindow
SetWindowPos
InSendMessage
AppendMenuW
GetActiveWindow
IsWindowVisible
IsWindowEnabled
MessageBoxA
GetCaretBlinkTime
wsprintfA
DialogBoxParamA
RegisterHotKey

Exports

Exports

?ouvwoatTlBFz@@YGEIF@Z
?vvSOqsltEEnkal@@YGXH@Z
?LjcbWiCzscrAfpdf@@YGEPADI@Z
?hvnxkmqfl@@YGPAMHPAK@Z
?qnbvgWdoKomfZppndkub@@YGPAEJ@Z

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ