31a89f11a1ebce2f5defe16fec62ff4e_JaffaCakes118 | Triage

Sharing

General

Target

31a89f11a1ebce2f5defe16fec62ff4e_JaffaCakes118
Size

621KB
MD5

31a89f11a1ebce2f5defe16fec62ff4e
SHA1

82d2e10930e2e803e660a5c5899e2a2226c036b1
SHA256

6006d2e3d15a2c232207356fcf727a196cdae8ce36107591baa4a1a4d38837bf
SHA512

143f549976a0dc6b32d1b74bcc108be911f7361c9e8fcd0026b9eee2d98b47e78c7aa2b931722c8b2f5c60e7924262fc7cc15b36ce4458b8a4cb4553591f1902
SSDEEP

12288:EOuZU278LFhVT5+H4gmKpf41vRWZvufOZi+0G9BBeolulMPFLq1dxW1w0:EOuKb7u1mKpf4svufAvf0olulMiEl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/67888361.com

Files

31a89f11a1ebce2f5defe16fec62ff4e_JaffaCakes118
.zip
67888361.com
.exe windows:5 windows x86 arch:x86

02e04c9a8ff4d398d9ba044eb59173ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rsaenh

CPDecrypt
CPGenKey

kernel32

GetFileType
GetExpandedNameW
FormatMessageA
GetEnvironmentVariableA
GetCurrentProcess
OpenWaitableTimerA
HeapAlloc
GetConsoleTitleA
CreateFileMappingA
GetModuleHandleA
GetShortPathNameA
lstrcmpi
GetProcAddress
SleepEx

Sections

.text
Size: 634KB - Virtual size: 633KB

IMAGE_SCN_MEM_EXECUTE

.ydata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_WRITE

.RSRC
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ