76a0e56b3362deef0548ab6f96909e49_JaffaCakes118 | Triage

Sharing

General

Target

76a0e56b3362deef0548ab6f96909e49_JaffaCakes118
Size

614KB
MD5

76a0e56b3362deef0548ab6f96909e49
SHA1

05ce88cb0ff81254c208407a46f6d6fff5ed9b28
SHA256

3075871a200cbd860ac883349d0187b8a4e0ff2d34804274bf2e3d8526cfc2d0
SHA512

0ce3e07e9bf7f4e0e705f35df42c85e4e4ee19577e30446168e60ffa612661a222c205d4cf1b830f32a2321e3589d12ea3c3bdbf66075bdc5fd71d9bdb182c09
SSDEEP

12288:38LiwVtGWU5IlG7HKkJqfzTTQiA2H7LU+Ta5KWMlBwcjBPiU:CBVtGnGE7qkJOzTcqVN7JjliU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/90423126H7478-8098122565709G12992-Abrechnung.com

Files

76a0e56b3362deef0548ab6f96909e49_JaffaCakes118
.zip
90423126H7478-8098122565709G12992-Abrechnung.com
.exe windows:5 windows x86 arch:x86

5ef8eea3d10bfb33960cb3b5a93e4b96

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

onex

OneXFreeMemory
OneXCopyAuthParams
OneXInitialize
OneXAddTLV

rsaenh

CPDecrypt
CPEncrypt
CPGenKey
CPDeriveKey

kernel32

GetProcessHeap
CopyFileA
GetEnvironmentVariableA
lstrcat
CreateSemaphoreW
OpenFileMappingA
LoadLibraryExW
VirtualProtect
FindResourceA
GetCommandLineW
OpenFileMappingW
GetSystemDirectoryA
lstrcpy
FindFirstFileA
GetModuleHandleA
HeapCreate
CreateFileW
FreeConsole

untfs

FormatEx
Chkdsk
Format
Extend

user32

LoadBitmapA
GetMessageW
GetClassLongA
PostMessageW
DialogBoxParamA
DrawStateW
GetPropW
PeekMessageW
LoadIconA
DispatchMessageW
InsertMenuW
IsCharLowerA
CreateDesktopA
GetDlgItemTextA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pos
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 628KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE