25c91dcae4731a5c4a08d9246b836add_JaffaCakes118 | Triage

Sharing

General

Target

25c91dcae4731a5c4a08d9246b836add_JaffaCakes118
Size

278KB
MD5

25c91dcae4731a5c4a08d9246b836add
SHA1

2264683af0d4938bbbc9098a24d915aa56e1d849
SHA256

05189b6b9b7467fdf9a1f5386216d1952c2c6b9bd0b108418362bbdaeb09f885
SHA512

608549b840bad775760837cd72e40554951b6d2e4f491dde0fdce836058f0fd0b9b8cbe86268ab0ca25db9a26ae4ddff2890e243ba480cf699b6b7d04c6b29f8
SSDEEP

6144:ow/S1DB/lBBcuI5h29W5jvKfRo67/mEH6FjR:owqlAuIrQaR6CeK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25c91dcae4731a5c4a08d9246b836add_JaffaCakes118

Files

25c91dcae4731a5c4a08d9246b836add_JaffaCakes118
.exe windows:4 windows x86 arch:x86

535c5ff4f8dd0858b9b0383c7ddd5328

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
GetModuleHandleW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetOEMCP
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
HeapFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
HeapReAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
WriteFile
GetCPInfo
GetACP
GetStringTypeW

shlwapi

ord276

ntdll

RtlUnwind
NtQueryVirtualMemory

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ