3a92c3d7051a9296d9dd52fbf4dba24a_JaffaCakes118 | Triage

Sharing

General

Target

3a92c3d7051a9296d9dd52fbf4dba24a_JaffaCakes118
Size

621KB
MD5

3a92c3d7051a9296d9dd52fbf4dba24a
SHA1

d4094790e8bd59895f80eb1ec62296f5c5474d69
SHA256

5c544463178dd733c4b40f1ae6812c013b97aeecd76d8fc0fb893eb602be1db1
SHA512

f3a6639a4c5f869248a1e153136cd35b40478717837df0bc097a005693e704fee29d6d6f0c92179a685e26b7d0f6a1c52ed3c23f30746476d0b951dd0135c2f1
SSDEEP

12288:50jhw51alVGuAODM6qDy9CSl7zsf7MQduWQTl9U3I0/FgeoDmf5uFL10tC:6VwaDpqD4BVim3DmfOh0tC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/49-982941-264563188-Nummer.com

Files

3a92c3d7051a9296d9dd52fbf4dba24a_JaffaCakes118
.zip
49-982941-264563188-Nummer.com
.exe windows:5 windows x86 arch:x86

6780ce4944e66311213167035ae008dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

untfs

Extend
Recover

kernel32

GetFileType
GetExpandedNameW
FormatMessageA
GetEnvironmentVariableA
GetCurrentProcess
OpenWaitableTimerW
HeapAlloc
GetConsoleTitleA
CreateFileMappingA
GetModuleHandleA
GetShortPathNameA
lstrcmpi
GetProcAddress
SleepEx

Sections

.text
Size: 634KB - Virtual size: 633KB

IMAGE_SCN_MEM_EXECUTE

.ydata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_WRITE

.RSRC
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ