25e949e69c53888b5fe6eb4da54172c7_JaffaCakes118 | Triage

Sharing

General

Target

25e949e69c53888b5fe6eb4da54172c7_JaffaCakes118
Size

164KB
MD5

25e949e69c53888b5fe6eb4da54172c7
SHA1

468efe0b9ec057ee357b7b64c387eb3ffd411192
SHA256

2114c1caeb30abafd385f3967910553a24fec1cde730850a10197b7572fc099d
SHA512

9f0ca10bfbc8fdd074a54f1ab65eb54796feb1fc7846cd7fbdf1be2fbc59c67426e126be136fb52be933c1a657847597fa9c83b0b7800163e642ec32469eb257
SSDEEP

3072:vuw+52kN2uqZgTEK36LjXVI+hbApSRUdfnYE0EJhAO0e1E6i3aa:vH+5BtqlKGVI+ucCWO0eaV3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25e949e69c53888b5fe6eb4da54172c7_JaffaCakes118

Files

25e949e69c53888b5fe6eb4da54172c7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6839595a0b22572ca50480bffcb1ff93

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

ws2_32

gethostbyname

ole32

CoTaskMemFree

wininet

InternetOpenA

urlmon

URLDownloadToFileA

user32

PostMessageA

gdi32

GetTextCharsetInfo

advapi32

RegCloseKey

oleaut32

VarUI4FromStr

Exports

Exports

Always
ConfigAd
GetADpop
GetPlayerVersion
HKbolo
HashAd
PlayAb
PrioritPutAd
PutTestSpecial
SetAdOnbk
StandYourad
adefee
heyllow
msnpop
qqadpop
sasa

Sections

.text
Size: 148KB - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE