06639925a08406d4d94e27b4539187ec_JaffaCakes118 | Triage

Sharing

General

Target

06639925a08406d4d94e27b4539187ec_JaffaCakes118
Size

88KB
MD5

06639925a08406d4d94e27b4539187ec
SHA1

114ea1dfcb7bebb3c786df9869265206ca43c355
SHA256

de256a8476d6d64c140e2775730b1b03a843083721fd3ae139f30e201b4dff85
SHA512

f3afdbec7082a073caec1b7b0ec033d09f20e41f247c90c08ac05da5de1115660bba61216c641aab7fa3048facd6506fdc0c26f1f21c82d95f921c4198105a85
SSDEEP

1536:5t+5ZUHZI8PSFP6bD0QtsAuo2KOEgNsspiO6CkDYQUNoLV1h6bLO2:5CZF8YP6bDtsAMblsSiDBMQUNoZ1hWf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06639925a08406d4d94e27b4539187ec_JaffaCakes118

Files

06639925a08406d4d94e27b4539187ec_JaffaCakes118
.exe windows:5 windows x86 arch:x86

239ba666d80da15afd24813d289395b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrPBrkW

kernel32

GetTickCount

user32

GetWindowDC

Exports

Exports

LowerForY
?RevekFall@@YG_JU_HALIGNLEFT@@U_REMOTECONTROL_SYS@@@Y
?ServletKon@@YG_JU_HALIGNLEFT@@U_REMOTECONTROL_SYS@@@Y

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ