25ee021fde22f4bd7bba0ba9182116cf_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25ee021fde22f4bd7bba0ba9182116cf_JaffaCakes118
Size

131KB
MD5

25ee021fde22f4bd7bba0ba9182116cf
SHA1

0388de9a65b25b1d7bc0696afd7b0c90b6568cd3
SHA256

961112d54f3ad08d2c84a6a0162fdf990168c68a335d22c51cafcac45f887d25
SHA512

9f48c26abfd0788359785f28917db4eeab9be5d345dba30b41f11a08657fc97a7994d50cd0411d57276b2e0b8a03a050e4d7784e116cc163c5b737ced3e2103e
SSDEEP

3072:cts05j5nf7X5B4Uo9+V/wDIXAbSeVIT+6Bm2vxWMrFCdB:DANnfNBxowVYAiEBmGYMrFM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25ee021fde22f4bd7bba0ba9182116cf_JaffaCakes118

Files

25ee021fde22f4bd7bba0ba9182116cf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ab6ac6bc95eda690ad2e31e9c53bee97

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperA
CharNextA
GetMessageA
SetTimer
PeekMessageA
KillTimer
PostThreadMessageA
LoadStringA

kernel32

ClearCommError
ExitProcess
CreateFileMappingA
ClearCommError
QueryPerformanceCounter
GetExitCodeProcess
EnumResourceNamesW
CreateMutexA
ExitProcess
GetStartupInfoA
CreateProcessW
ReleaseMutex
MapViewOfFile
GetModuleFileNameW

shlwapi

PathFindExtensionA

rpcrt4

RpcBindingFromStringBindingA
RpcBindingSetAuthInfoA
RpcStringBindingComposeA
NdrClientCall
RpcStringFreeA

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ