b25299eaa3655131ddf98f9945d29250_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b25299eaa3655131ddf98f9945d29250_JaffaCakes118
Size

154KB
MD5

b25299eaa3655131ddf98f9945d29250
SHA1

5db49c618ae986f51d703dc5fbefacd266b31412
SHA256

42b3552a2ae016d7d72da5a4c2118f5de011613705a6ea80abb90ca748a503d0
SHA512

c16f9849f8b477988cb2c01abff5e83261fe6668760cf36350578826b8c945ad037380c310484e43f1c160a6bd6fba9c9a2b6acc778c55ae8ab2071dfd8d01f0
SSDEEP

3072:g0sn1tnLtocwQVcWuKQ9TI/zJ+Aot7lyPe6Wan0UkjGhhm:g0IgQ6EQed+FtJ3WFuGhh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b25299eaa3655131ddf98f9945d29250_JaffaCakes118

Files

b25299eaa3655131ddf98f9945d29250_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0582e084f46bfb56dd1bffa64ac291cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

ole32

CreateStreamOnHGlobal
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitialize

shlwapi

SHGetValueW
PathRemoveFileSpecW
PathCombineW
PathAppendW
PathFileExistsW

kernel32

WriteConsoleInputVDMA
GetFullPathNameW
GetProcessHandleCount
MoveFileW
EnumResourceNamesA
FreeEnvironmentStringsW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime

shell32

CommandLineToArgvW
SHFileOperationW
ShellExecuteW
SHGetFolderPathW
ShellExecuteExW

oleacc

LresultFromObject
CreateStdAccessibleObject

comctl32

PropertySheetW

user32

SetWindowLongW
CreateCursor
ReleaseDC
PostMessageW
GetFocus
GetWindowModuleFileNameW
PostQuitMessage
LoadIconW
IsWindow
GetDC
SetWindowTextW
DestroyWindow
GetDlgCtrlID
IsDlgButtonChecked
MsgWaitForMultipleObjects

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idive
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ