25b499bf3f5ecb691624bd1eadc9ed76_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25b499bf3f5ecb691624bd1eadc9ed76_JaffaCakes118
Size

159KB
MD5

25b499bf3f5ecb691624bd1eadc9ed76
SHA1

fc08cffc1ba788547dc393f937618dcbbcb82c9c
SHA256

e346af3d3ca0a8bf36be0ff36cbdc625d1e72c689af72659f998f1865b977fc2
SHA512

57c0027f065399162b04fe9a7b00789c34500e644c4727b1588c67bd83c9263d57f7b668f677f3fa36e321c3c56b267af6febeef74e53b9d44c042095262e3f2
SSDEEP

1536:FtyFXl33DiTz6/DAX9c/xNzZe4Wcn1Yn2L56KhDVQVgd54vWZ:FCmv6sUNz845n2856KhDVL7JZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25b499bf3f5ecb691624bd1eadc9ed76_JaffaCakes118

Files

25b499bf3f5ecb691624bd1eadc9ed76_JaffaCakes118
.exe .pdf windows:4 windows x86 arch:x86 polyglot

1de833b658612a7e0ad70f2351d202a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
CreateDirectoryA
GetModuleFileNameA
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceA
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleHandleA
GetStartupInfoA

shell32

ShellExecuteA
ShellExecuteExA
SHChangeNotify

msvcrt

_initterm
fclose
fwrite
fopen
sprintf
strrchr
_exit
_XcptFilter
exit
_acmdln
__getmainargs
fflush
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ