25ae5e97ccbbbb32d2e37716fa7b62c2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25ae5e97ccbbbb32d2e37716fa7b62c2_JaffaCakes118
Size

146KB
MD5

25ae5e97ccbbbb32d2e37716fa7b62c2
SHA1

89e78d9c5def08b5ed25dfdeec1d461f5fbb0479
SHA256

b663108947259b37efffd001c2820292c61b2faeb6a400892de9f62a99eed499
SHA512

860b02cf7577a4d5ba01fdbca5a7d64cbd31a6afff80a84b4c321fb6f8d7760a98c6083897336de935414634b843aaa79ddaa77d1cb0e32e7dfd22674a3e83f9
SSDEEP

3072:16mCoCc+6tLs1w+GgJDppjc9rRk9Fl4Unmat8ZMle1N5EAGBrYh:16mCLc7s1w+tqrR6l4Umat8Glef2AerY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25ae5e97ccbbbb32d2e37716fa7b62c2_JaffaCakes118

Files

25ae5e97ccbbbb32d2e37716fa7b62c2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ef42114201bd5b2ae491b792def892b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForMultipleObjects
GlobalSize
GetUserDefaultLangID
InterlockedExchange
SetLastError
GetConsoleCP
GetVersion
GlobalUnlock
LoadLibraryExA
lstrlenA
GetAtomNameA
GetTickCount
GetModuleHandleA
CompareFileTime
WaitForSingleObject
HeapCreate
VirtualProtect
GetConsoleDisplayMode
HeapReAlloc
ResumeThread
GetCommandLineA

user32

wsprintfA
DragDetect
CreateIcon
GetFocus
BeginPaint
GetWindow
ReleaseDC
GetClassNameA
GetCursorPos
DrawTextA
ShowWindow
AnyPopup
GetDC
GetParent
FillRect
FrameRect
GetTitleBarInfo
SetForegroundWindow
EndPaint

rastapi

AddPorts
DeviceDone
DeviceConnect
DeviceListen
PortClose

quartz

DllGetClassObject

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ