68dca0cd70d1a4b67352214b74619c46_JaffaCakes118 | Triage

Sharing

General

Target

68dca0cd70d1a4b67352214b74619c46_JaffaCakes118
Size

614KB
MD5

68dca0cd70d1a4b67352214b74619c46
SHA1

94b961ba2631135e88a5dbf61bf083b93416959a
SHA256

5a24e418f9a297a6fbc397443b18410cabe88c15e54e8e4dabdc12da82f6b4b4
SHA512

3212729b88bd1a04338d2ceadba3f001b4465ce0d714d33f1cf800e42cf091fd68cfab6c562e79e8d52ce1689bc2f70dfab6f3b8d7fef0e5fd002374eb16629b
SSDEEP

12288:BPeK4LiwVtGWU5IlG7HKkJqfzTTQiA2H7LU+Ta5KWMlBwcjBPi5:heK2BVtGnGE7qkJOzTcqVN7Jjli5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/46-678807G56682-10903063861103G51897-Rechnung.com

Files

68dca0cd70d1a4b67352214b74619c46_JaffaCakes118
.zip
46-678807G56682-10903063861103G51897-Rechnung.com
.exe windows:5 windows x86 arch:x86

5ef8eea3d10bfb33960cb3b5a93e4b96

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

onex

OneXFreeMemory
OneXCopyAuthParams
OneXInitialize
OneXAddTLV

rsaenh

CPDecrypt
CPEncrypt
CPGenKey
CPDeriveKey

kernel32

GetProcessHeap
CopyFileA
GetEnvironmentVariableA
lstrcat
CreateSemaphoreW
OpenFileMappingA
LoadLibraryExW
VirtualProtect
FindResourceA
GetCommandLineW
OpenFileMappingW
GetSystemDirectoryA
lstrcpy
FindFirstFileA
GetModuleHandleA
HeapCreate
CreateFileW
FreeConsole

untfs

FormatEx
Chkdsk
Format
Extend

user32

LoadBitmapA
GetMessageW
GetClassLongA
PostMessageW
DialogBoxParamA
DrawStateW
GetPropW
PeekMessageW
LoadIconA
DispatchMessageW
InsertMenuW
IsCharLowerA
CreateDesktopA
GetDlgItemTextA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pos
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 628KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE