250d79b5fe24d255a3e76320954e43be_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

250d79b5fe24d255a3e76320954e43be_JaffaCakes118
Size

30KB
MD5

250d79b5fe24d255a3e76320954e43be
SHA1

22bbe8310da3e2c554e0abab28834bbf0f9c1246
SHA256

2cf6ee8db910a0c517939fdd32ba08a2d343750359a444c7722f664c05285ffe
SHA512

a26bfb54dd45190336c6a5c7dbb3034e8c414fd3a3fb3074d2703379763f9e6d820fdefa6d7a1d3927573d1757bfb21e7cad181703484a7f431b0e5778f24078
SSDEEP

768:Y6PNPMQ+DNUTH4Yma9Fp5XrHVmQthN2KFvjVpn8Bex:CD+H4Xa9H5VH2KFvTnEex

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
250d79b5fe24d255a3e76320954e43be_JaffaCakes118

Files

250d79b5fe24d255a3e76320954e43be_JaffaCakes118
.exe windows:5 windows x86 arch:x86

07bc9461d030f0e58b9a8cae46f3fcb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
DeleteFileA
GetSystemDirectoryA
SetFileTime
GetTempPathA
GetTempFileNameA
GetCurrentProcessId
GetSystemTime
CreateThread
FindFirstFileA
EnumSystemLocalesA
FindNextFileA
GetTickCount
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleHandleA

advapi32

RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegCloseKey

ole32

CoCreateGuid

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 81B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ