25312f7af31cf1e0ce4502231bde17f2_JaffaCakes118 | Triage

Sharing

General

Target

25312f7af31cf1e0ce4502231bde17f2_JaffaCakes118
Size

212KB
MD5

25312f7af31cf1e0ce4502231bde17f2
SHA1

1b1abb8c7261c77836e99316090bcae50e966909
SHA256

52e08fa2554af7c5371ae0f1dc1e39c1df6a0bb4c4de9790721670f347ae88d6
SHA512

3f6abd7fe1d33f8344c3d62076ad3e6a74a4cb67dc157e3173d91919196cef873cecf9d98948f531224a0f3a5054ba58b1bcba135dc1fec35033abc37bacd1b8
SSDEEP

3072:6adeUVfekekIG2oa8W/HICkQZFRER3xpm41:6sVm8IGNY/IQZkV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25312f7af31cf1e0ce4502231bde17f2_JaffaCakes118

Files

25312f7af31cf1e0ce4502231bde17f2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

42bc782b3caf21d61a9200e58744479d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimes
lstrcatA
WriteProcessMemory
GetSystemWindowsDirectoryA
SetFileAttributesA
LocalLock
VirtualAllocEx
OpenWaitableTimerA
GetThreadContext
SetConsoleCtrlHandler
lstrcpy
ReadConsoleOutputCharacterA
ResetEvent
RaiseException
_lread
OpenThread
GetConsoleWindow
SetConsoleFont
GlobalGetAtomNameA
GlobalSize
GetExitCodeProcess
OpenSemaphoreA
SetEvent
GetVolumePathNamesForVolumeNameA
GetNumberOfConsoleFonts
IsDebuggerPresent
GetAtomNameA

wininet

InternetGetConnectedStateExA
InternetUnlockRequestFile
FtpSetCurrentDirectoryW
ResumeSuspendedDownload
FtpRemoveDirectoryW
InternetQueryDataAvailable
FtpSetCurrentDirectoryW
InternetCrackUrlA

Sections

INIT
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 200KB - Virtual size: 479KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ