25e754547f0e610988ea9609e24bb080_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25e754547f0e610988ea9609e24bb080_JaffaCakes118
Size

7KB
MD5

25e754547f0e610988ea9609e24bb080
SHA1

619a94538e6a512b64d0c0a9994ee9ba12e1345a
SHA256

16f810964dbd6d69fbd0907b2de7f7dad77992258fd43cc6bf515dcafb7faee6
SHA512

2a7f2916061e9649e73eabd5f1b31c8c54e3fe94ce15ca0e71d06eaa95e19fa7a3678be1de35487c9e096e65c3e42b3b58dc87db62566dfb4e856dbcadfd8680
SSDEEP

96:qLuDSXjoXcshX9X7X+oX8Or7SQhxPDYoAeja0/KsoYVK661s/7:owSXkXRX9X7XDX8U2QDPUiAsox6V/7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25e754547f0e610988ea9609e24bb080_JaffaCakes118

Files

25e754547f0e610988ea9609e24bb080_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fb2e390a1d0a20eb41c03340d5ecfcff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
Sleep
GetModuleHandleA
CreateThread
ExitThread
WriteProcessMemory
GetCurrentProcess
LoadLibraryA
GetSystemDirectoryA

user32

FindWindowA
GetWindowTextA

ws2_32

recv

urlmon

URLDownloadToFileA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 338B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ