347adaa20574a047be6d065062904b1e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

347adaa20574a047be6d065062904b1e_JaffaCakes118
Size

629KB
MD5

347adaa20574a047be6d065062904b1e
SHA1

5541c7b23b3dd9dcc2fbf53c7fb366d6fc7f265e
SHA256

97d9142777851f2b5f7d4e3f7a959b6a6a2a9a29f8c17e1a018ef77e3078a1f8
SHA512

368756c059dcbd194a26ef62874d84d761b2cf1a05a48e2dca8837fb3e8da5ea676f3e5743062299b9258cabf4c96d7be6d9ed1458ec0489b456e4109d6cd909
SSDEEP

12288:tvgb+x+vQhtMD3Fy/7Jl0b4eCuPG4/NL5uCWYncsV:wr1IUc1u9LZpnlV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Z.20140262877339D2.com

Files

347adaa20574a047be6d065062904b1e_JaffaCakes118
.zip
Z.20140262877339D2.com
.exe windows:5 windows x86 arch:x86

a4c59f8399a53bb5c57d011baca5b971

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rsaenh

CPDecrypt
CPEncrypt
CPCreateHash
CPDeriveKey

kernel32

GetCurrentThreadId
LoadLibraryW
WriteConsoleA
GetShortPathNameA
CloseHandle
HeapAlloc
VirtualAlloc
OpenFileMappingW
CreateSemaphoreW
LoadLibraryA
CreateProcessW
OpenMutexA
lstrcmp
FindClose

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ydata
Size: 661KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE