6925f3dd55d14cf02c89a4bebbf76029_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6925f3dd55d14cf02c89a4bebbf76029_JaffaCakes118
Size

197KB
MD5

6925f3dd55d14cf02c89a4bebbf76029
SHA1

64b4617de36aa6cf11b539a58b772cbd75a42c77
SHA256

ed1ba475d2a0f61ee8eb0efb300d08eefc36204002c5ad575e0b4fc9eee2f4ac
SHA512

a88a5c9e9db1661f319ef6e9367e1cf5e0b447f82dc7eb020cee16c07906d0db90c353892699729855b4760e01e34341ba128a3d9ad30262010c192f285c2e48
SSDEEP

3072:6pqlvnmNEoBW3gMwGFJQwGnpBjirCHK7nVs:6p8maoBugRGf7werCqm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6925f3dd55d14cf02c89a4bebbf76029_JaffaCakes118

Files

6925f3dd55d14cf02c89a4bebbf76029_JaffaCakes118
.exe windows:1 windows x86 arch:x86

e301f4ed9516f277ece8cd090e8eb186

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
HeapCreate
GetCurrentDirectoryW
QueryPerformanceFrequency
LoadResource
GetCurrentProcess
GetNumberFormatA
GetCommandLineW
RtlUnwind
SetStdHandle
GetStartupInfoA
SetPriorityClass
HeapAlloc
WaitForSingleObject
GetVersion
GlobalAddAtomA
FileTimeToLocalFileTime
LockResource
Sleep
GetVersionExA
GetSystemDirectoryW
DeviceIoControl
GetModuleHandleA

msvcrt

exit
_strnicoll
__p__fmode
_locking
__p__commode
_strdate
_initterm
__setusermatherr
_acmdln
_adjust_fdiv
_fputchar
_setmbcp
_controlfp
_rmdir
_wfdopen
memcpy
_XcptFilter
wcstok
_except_handler3
fread
strcoll
__set_app_type
_exit
__getmainargs

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jyqppzr
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE