625f5253e8bfdbea5cbef3322dda7459_JaffaCakes118 | Triage

Sharing

General

Target

625f5253e8bfdbea5cbef3322dda7459_JaffaCakes118
Size

191KB
MD5

625f5253e8bfdbea5cbef3322dda7459
SHA1

d7c34ff095dc7638fbacab79d74303df1bc8e704
SHA256

4c28d93b0807a7f232cf172d6bd4aa198b837655e56666d1826eab26b0f35a38
SHA512

bcf0cc854d3f59df4976a0e282709eeb933ad10001d693114800ff99d0072014fd51d6789e677a74b059fc2b2aceae67c9c30ff2b16776e40fefcbe5281acd01
SSDEEP

3072:P5gxNpv/GjrUN16Jf5sSfhl7MqetoEcLYaczyberF0/eOFf9m2EvGRUhcmHvcbU:P8bXUU+qSfhlNetoE7acOberQtVByvcI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
625f5253e8bfdbea5cbef3322dda7459_JaffaCakes118

Files

625f5253e8bfdbea5cbef3322dda7459_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0ec53792b505271c50b43cd54e9fdf5f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

GetHGlobalFromILockBytes
CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID

kernel32

GetEnvironmentVariableA
SetProcessWorkingSetSize
MultiByteToWideChar
InterlockedExchange
TerminateProcess
GetTickCount
GetCurrentProcess
GetACP
GetCurrentThreadId
lstrlenW
GetModuleHandleA
WideCharToMultiByte
EnumResourceTypesA
lstrlenA
RaiseException
GetLocaleInfoA
SetHandleCount
IsDebuggerPresent
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
LocalAlloc
GetCurrentProcessId
CreateProcessA
UnhandledExceptionFilter
GetThreadLocale

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ