28d209d9842ed61f65f9b8a1ca8d666a_JaffaCakes118 | Triage

Sharing

General

Target

28d209d9842ed61f65f9b8a1ca8d666a_JaffaCakes118
Size

18KB
MD5

28d209d9842ed61f65f9b8a1ca8d666a
SHA1

25028753f0d36d2c86301083a0acc8d56cded1e4
SHA256

b213530539c3f3fcda96e3d3dfc277aac94f03ba8aecfd56872d21d8e172af94
SHA512

80cd3ac781b1b2cecaecf112a2a12da313f4ea8cd9a28092beab42495f5e1a873b232aaf12b258225608b375ed3f70d686d57bdf8f91ff66363b4233ef223da6
SSDEEP

384:kv68YM4ZCE0FNjfF7pgM+OjoyHUXzM4fuT7fy9s:p8LYCE0FNzF1gM+Ojoyc5h9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28d209d9842ed61f65f9b8a1ca8d666a_JaffaCakes118

Files

28d209d9842ed61f65f9b8a1ca8d666a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f54a826d953d62b62f3e32c639baae8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

fread
strcmp
fgetc
feof
fprintf
fwrite
fseek
fclose
ftell
strcat
fopen
printf
exit
perror
memcmp
rand
_iob
memset
memcpy
remove
_controlfp
__set_app_type
__getmainargs

libogg

ogg_sync_init
ogg_sync_buffer
ogg_sync_wrote
ogg_sync_pageout
ogg_page_serialno
ogg_stream_init
ogg_stream_reset_serialno
ogg_stream_pagein
ogg_page_granulepos
ogg_page_packets
ogg_page_eos
ogg_stream_packetout
ogg_stream_clear
ogg_sync_clear

libspeex

speex_bits_init
speex_decoder_ctl
speex_bits_read_from
speex_decode_int
speex_bits_remaining
speex_decode_stereo_int
speex_decoder_destroy
speex_bits_destroy

sndsnd

sf_get_string
sf_set_string
sf_command
sf_readf_int
sf_writef_int
sf_open
sf_close

vorbisfile

ov_info
ov_open_callbacks
ov_seekable
ov_pcm_total
ov_clear
ov_read

kernel32

FindFirstFileA
GetLastError
FindNextFileA
FindClose

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE