25d7e2eba60f80c02bb1db4b15f894d0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25d7e2eba60f80c02bb1db4b15f894d0_JaffaCakes118
Size

153KB
MD5

25d7e2eba60f80c02bb1db4b15f894d0
SHA1

f1f34a79b082b0f851b9ce20fbc2a06ef3b2117a
SHA256

77566b11c88b61d4d86d0fca20f1e7a5760a2c719f4f89ce13fce62bfae8e670
SHA512

76e07d616ed75625ddf4ee7d1a7d290dc8f7ed56d4177c3737e72b0cabe152da338be7c8c0bdc79d0d57ce4b9993bcadacab3af8fce1352e2a2f13c644cc8f63
SSDEEP

3072:jH8+RJit0yC0B0rvXMY07cedu1vC+98ne2IqRINfl70qh9U+t9RnBMHR:z8+Wt0ytGvXd07cWuFCze2I0Ipl0gU+P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25d7e2eba60f80c02bb1db4b15f894d0_JaffaCakes118

Files

25d7e2eba60f80c02bb1db4b15f894d0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0f2d1c2fa0b2fdd4f1c86fe6d45b481d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
ExitProcess
GetACP
GetConsoleMode
GetLocaleInfoA
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GetSystemInfo
HeapAlloc
HeapCreate
UnmapViewOfFile
WriteConsoleW
lstrcmpiA

msvcrt

time
__p__commode
_cexit
_except_handler3
free
malloc
sscanf
setlocale

user32

EndPaint
EnumWindows
RedrawWindow
IsWindowVisible
DestroyIcon

oleaut32

OleIconToCursor
VarBstrCat
VarBstrCmp
OleLoadPicture

shlwapi

SHDeleteEmptyKeyA
SHDeleteValueA
StrSpnA
ChrCmpIA
PathFindOnPathA
StrStrIA

Exports

Exports

ComPlusMigrate
GetNumCaptureDevices
GetUpdateCount
StopStreaming

Sections

.text
Size: 74KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ