JaffaCakes118_25ad4b2d733bceb409c94f35c6b48c72 | Triage

Sharing

General

Target

JaffaCakes118_25ad4b2d733bceb409c94f35c6b48c72
Size

182KB
MD5

25ad4b2d733bceb409c94f35c6b48c72
SHA1

1606ad922b658bf208670543b2661be3c478846e
SHA256

18436fdba2f902818c3da3e6bf648860796eb08ca3e1690e44a426d69783ba9c
SHA512

7dc3ff3d1051f7a5024748347d76cc832412fe2a59b85a57effc64a9eea289efe474117d44c2b2f3e22e2e78a873b1290fb27744ab75ad1616bd0ea33964b56c
SSDEEP

3072:Alo0bauokAb0msostHXjcWW5z1UlHcOsGkdC1itfpkSzPXHdm7:10baugWtHzVYO8OfGd8Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_25ad4b2d733bceb409c94f35c6b48c72

Files

JaffaCakes118_25ad4b2d733bceb409c94f35c6b48c72
.exe windows:4 windows x86 arch:x86

0f9b8002307ca994f66a3a42cd9fda83

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

NdrByteCountPointerFree
UuidCreate

winmm

timeEndPeriod

shlwapi

PathCombineW
PathAppendW
PathRemoveFileSpecW
SHGetValueW
PathFileExistsW

kernel32

GetCurrentThreadId
GetThreadContext
FlushInstructionCache
GlobalLock
WaitForSingleObject
DuplicateHandle
SetLastError
GetVersionExW
GlobalUnlock
GetCurrentProcess
ExitProcess
GlobalFree
WriteProcessMemory
SetLocaleInfoW
VirtualProtectEx
TlsSetValue
GlobalAlloc
GetLastError
CreateFileW
GetTempPathW

newdev

UpdateDriverForPlugAndPlayDevicesW

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ