0156ab3c1c1b5bf6a50cae2801d65ce7_JaffaCakes118 | Triage

Sharing

General

Target

0156ab3c1c1b5bf6a50cae2801d65ce7_JaffaCakes118
Size

3.5MB
MD5

0156ab3c1c1b5bf6a50cae2801d65ce7
SHA1

f25073fe8e8c0af21e76b7f6b1040c79981cf335
SHA256

6a641b64d3a7bfda7f2edbd800a38f284894752e4f278c4cb479e480f8470e55
SHA512

b38111cab9962d803b1f30f28221634389321e797e325b8e00f8772e890bd149f2f71a44492136865a88d77eeb0b0e87d51403ad8f1ddc497b86da4204ffa141
SSDEEP

49152:U9pg2pAJXQR1ggDpTzOZAc1FGoCM5K6LgD22gvb2GL63zplEVfyQz2YUCs1rwf2w:s5pDmgBvcaoC0DpqGul+fyS2YUp9aZh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/kodywarface.exe

Files

0156ab3c1c1b5bf6a50cae2801d65ce7_JaffaCakes118
.rar
kodywarface.exe
.exe windows:4 windows x86 arch:x86

c6af044273b55539500b99e0e41bcdb3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
WaitForSingleObject
GetStringTypeA
GetProcAddress
LCMapStringA
MultiByteToWideChar
HeapReAlloc
LCMapStringW
LoadLibraryA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
GetStringTypeW

user32

PeekMessageA

gdi32

SetBitmapDimensionEx

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ