b25c8396c4e652a302103d3d0c4d4cb8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b25c8396c4e652a302103d3d0c4d4cb8_JaffaCakes118
Size

5KB
MD5

b25c8396c4e652a302103d3d0c4d4cb8
SHA1

789cd5787dab3ff323a8bc33ed48bb476d860b6f
SHA256

c309c25b459719a9a0352613c9d56bf90a3fd1fbaec6ae740fc2d29addebdb80
SHA512

a36864f2884947518cf7e681858626f9b2a441a4413857085c79919597c4bfc8b15746aa9b912d2bd218aa1a1c3a6d9c664f5c17117ec6ce83069ac2636ea2e9
SSDEEP

96:2S3dOH8PFMoAS65XB3+JMjsrLll9U201+o/dOIfsxHGELmcx:2JvHDgrLll9f0wocIfs8irx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b25c8396c4e652a302103d3d0c4d4cb8_JaffaCakes118

Files

b25c8396c4e652a302103d3d0c4d4cb8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ee143892fc612f52e399ada7a898169a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
lstrcpyA
CreateFileA
FreeLibrary
WaitForSingleObject
GetTickCount
GetCurrentThread
GetSystemDirectoryA
CreateDirectoryA
GetProcAddress
GetPrivateProfileStringA
LoadLibraryA
WritePrivateProfileStringA
GetModuleFileNameA
CloseHandle
GetVersionExA
GetComputerNameA
FindNextFileA
FindClose
GetLastError
FindFirstFileA
GetVolumeInformationA
lstrcpynA
lstrlenA
lstrcatA

msvcr71

time
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
sprintf
_splitpath
_itoa
strstr

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA

user32

wsprintfA
CharLowerA

advapi32

RegSetValueExA
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
RegCloseKey
CryptHashData
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
CryptGetHashParam

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE