157c7eb95635a0eb7e0533f9ab98d279_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

157c7eb95635a0eb7e0533f9ab98d279_JaffaCakes118
Size

181KB
MD5

157c7eb95635a0eb7e0533f9ab98d279
SHA1

52c62a5c6adc5eba0297b03cacfbfd1e1da5c3ca
SHA256

a41f2182187aa5c062ada598f6a2228dd1a8d4088bcf6cc663b8153cbec132b3
SHA512

720804e153d322ccc033cd55276345dabadb231754d7a198f35bfa831d10aa7661aa32255e2ca3d312a34a2752c4587770e471f4fa3398bde97b7da4d22abb23
SSDEEP

3072:mDeYb3d6Tu19zHZnWvmJtr7cXAAnzupim0Te5DgtjSRx4tT:myu3dRdnPJtrOBnAcActH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
157c7eb95635a0eb7e0533f9ab98d279_JaffaCakes118

Files

157c7eb95635a0eb7e0533f9ab98d279_JaffaCakes118
.exe windows:5 windows x86 arch:x86

59b815b9c014d2e8448ed6566a1f6fb8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

U:\Boomer\Select\Intro.exe

Imports

shlwapi

StrCSpnA
StrCmpNW

kernel32

GetWindowsDirectoryW

Exports

Exports

?BallHeight**YGPAXU_POINTL***Z
?DestroyTarget@@YGPAXU_POINTL@@@Z
?HeartPulse@@YGPAXU_POINTL@@@Z
?RedirectPointer@@YGPAXU_POINTL@@@Z
?SomethingUse@@YGPAXU_POINTL@@@Z

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ