025428b6e85e03b0c953c743e067cb10_JaffaCakes118 | Triage

Sharing

General

Target

025428b6e85e03b0c953c743e067cb10_JaffaCakes118
Size

16KB
MD5

025428b6e85e03b0c953c743e067cb10
SHA1

aa0ff86f90bd082c83df7c27a067d4cfbedba23e
SHA256

3683aa275acaf8c2aded632be0d2b953991fbeb19c63a401f6fbbdbbcdccb9d6
SHA512

ba0bb4069b18c3c0be43ce5f774e3df8ebd5721b58374a7cf4d87d6317c9a28e4e479fdf47949d9f09b922df1775225915e6cbf8487bf1e071f6db491b148893
SSDEEP

384:nYvTByo5UKmlt+clPykp92peCoseWzDt6a5:ncTBv5UyQ2ushDt6a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
025428b6e85e03b0c953c743e067cb10_JaffaCakes118

Files

025428b6e85e03b0c953c743e067cb10_JaffaCakes118
.exe windows:4 windows x86 arch:x86

be41b25bef36f848653f2e244552d60c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetTempPathA
GetModuleHandleA
GetModuleFileNameA
CreateFileA
ExitProcess
GetFileSize
ReadFile
CloseHandle
WinExec
GetShortPathNameA
WriteFile
TerminateProcess
GetCurrentProcess
HeapAlloc
WideCharToMultiByte
GetStdHandle
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
GetLastError
FlushFileBuffers
SetFilePointer
RtlUnwind
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Exports

Exports

FD
LL

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE