0c511a7e5f3fcfe787c17ed6b90fc534_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c511a7e5f3fcfe787c17ed6b90fc534_JaffaCakes118
Size

629KB
MD5

0c511a7e5f3fcfe787c17ed6b90fc534
SHA1

76aadea4198d625a1e467c33a5880c272660ce30
SHA256

b4cdf671244673ac1dea193396a513d8e29101be68bfcf8a49c6d880220c10fa
SHA512

85e3e8b78e1127235a5a4098b50a35debcd14f6f37c4513794693cefcc5cd3ab6fe4dec21285a9a85b98b2dd1cc90642728977314b6076009c30a1a033ce4ae6
SSDEEP

12288:Vctl4o4HF04aNmOnhlPLSvSZoEhH7WjwUJ4fPpBHL9XTKXN+6SX0o3KHqmro:VClt4jGPLSKNCjwG4XD5XeX86Sra7E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Kunde.629258610919303.com

Files

0c511a7e5f3fcfe787c17ed6b90fc534_JaffaCakes118
.zip
Kunde.629258610919303.com
.exe windows:5 windows x86 arch:x86

3f612a85b383fc846fb2c4f939b907f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rsaenh

CPDecrypt
CPEncrypt
CPCreateHash
CPDeriveKey

kernel32

GetCurrentThreadId
LoadLibraryExW
WriteConsoleW
GetShortPathNameW
CloseHandle
HeapReAlloc
VirtualAlloc
OpenFileMappingW
CreateSemaphoreA
LoadLibraryA
CreateThread
OpenMutexW
lstrcmpi
FindClose

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.data
Size: 656KB - Virtual size: 655KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ