25a62b57d4f4ed8e2afaf2284614d8fe_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25a62b57d4f4ed8e2afaf2284614d8fe_JaffaCakes118
Size

249KB
MD5

25a62b57d4f4ed8e2afaf2284614d8fe
SHA1

19a3401d5fe195928c6717345d2b4e6cf07c5db3
SHA256

8480e4976d319dff1677b7e49f30ef62da5aedca86937087cf648a27546e6761
SHA512

a0acbb4de50ae710beb0c3e6cbf9f6b923f464a90754813a75e16ee7909d5ff390801b197b82e4fe5f71cf7e299aa37701f71ca9b4f6492071287ebf30920416
SSDEEP

3072:M8CPPGc6xNPmAljktyA19ce+etWW4DesGuup8/Z:gGc6eAlQtt19cgWW4DF1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25a62b57d4f4ed8e2afaf2284614d8fe_JaffaCakes118

Files

25a62b57d4f4ed8e2afaf2284614d8fe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9cf0c60491e31e940819541096fe8cd0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
ExitProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
InterlockedExchange
IsDebuggerPresent
LoadLibraryA
LoadLibraryExW
SizeofResource
VirtualAlloc
VirtualFree
WaitForSingleObject

user32

DestroyMenu
GetSubMenu
GetWindowRect
MessageBoxA
PostMessageA

gdi32

CombineRgn
CreatePalette
GetDeviceCaps
GetTextExtentPoint32A
SelectObject

shell32

DragQueryFileA
DragQueryPoint
SHChangeNotify
SHGetDesktopFolder
SHGetFileInfoW
SHGetFolderPathW
SHGetSpecialFolderLocation

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 981B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE