002edee0b1f12ab656c577bf6f75d312_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

002edee0b1f12ab656c577bf6f75d312_JaffaCakes118
Size

621KB
MD5

002edee0b1f12ab656c577bf6f75d312
SHA1

b69deba2e30b27c02a9a750cd37de0128fa7db4c
SHA256

e85ba973d38ea6636446d03d1d6cd7fb6e926154dfd170b1da0475c430eb2bba
SHA512

cbda6c9a15da6f51b5477dd31da657649ef0156ad56b20bf06f30f1e4c93ae8cc271c7447b8511f5f55b979c8c0f015db7f09145738ac46ec4dc7fa0ac056b8a
SSDEEP

12288:ROuZU278LFhVT5+H4gmKpf41vRWZvufOZi+0G9BBeolulMPFLq1dxW1wi:ROuKb7u1mKpf4svufAvf0olulMiEh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3151500668.com

Files

002edee0b1f12ab656c577bf6f75d312_JaffaCakes118
.zip
3151500668.com
.exe windows:5 windows x86 arch:x86

02e04c9a8ff4d398d9ba044eb59173ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rsaenh

CPDecrypt
CPGenKey

kernel32

GetFileType
GetExpandedNameW
FormatMessageA
GetEnvironmentVariableA
GetCurrentProcess
OpenWaitableTimerA
HeapAlloc
GetConsoleTitleA
CreateFileMappingA
GetModuleHandleA
GetShortPathNameA
lstrcmpi
GetProcAddress
SleepEx

Sections

.text
Size: 634KB - Virtual size: 633KB

IMAGE_SCN_MEM_EXECUTE

.ydata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_WRITE

.RSRC
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ