7ab475cb6e40330bef49eec7c17c3fc1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7ab475cb6e40330bef49eec7c17c3fc1_JaffaCakes118
Size

614KB
MD5

7ab475cb6e40330bef49eec7c17c3fc1
SHA1

aa456be548afc739bd904072bfa5d5768ec8003b
SHA256

3994ec2a7f33a8daac63f9bdcf014f9fc6a0c01978f8834b27654de42d95edfc
SHA512

f3a82f37531233a61a6c43b143fb0057e22f6a384f285645a699966e46c29e2ff955e2266267db8bf7d2fe20debf94981ce071cf2d93ae7608ffb4689d1b5073
SSDEEP

12288:bmCnVmZLiwVtGWU5IlG7HKkJqfzTTQiA2H7LU+Ta5KWMlBwcjBPiu:bAxBVtGnGE7qkJOzTcqVN7Jjliu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/226638995526-8434734241098Z85707-Abrechnung.com

Files

7ab475cb6e40330bef49eec7c17c3fc1_JaffaCakes118
.zip
226638995526-8434734241098Z85707-Abrechnung.com
.exe windows:5 windows x86 arch:x86

5ef8eea3d10bfb33960cb3b5a93e4b96

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

onex

OneXFreeMemory
OneXCopyAuthParams
OneXInitialize
OneXAddTLV

rsaenh

CPDecrypt
CPEncrypt
CPGenKey
CPDeriveKey

kernel32

GetProcessHeap
CopyFileA
GetEnvironmentVariableA
lstrcat
CreateSemaphoreW
OpenFileMappingA
LoadLibraryExW
VirtualProtect
FindResourceA
GetCommandLineW
OpenFileMappingW
GetSystemDirectoryA
lstrcpy
FindFirstFileA
GetModuleHandleA
HeapCreate
CreateFileW
FreeConsole

untfs

FormatEx
Chkdsk
Format
Extend

user32

LoadBitmapA
GetMessageW
GetClassLongA
PostMessageW
DialogBoxParamA
DrawStateW
GetPropW
PeekMessageW
LoadIconA
DispatchMessageW
InsertMenuW
IsCharLowerA
CreateDesktopA
GetDlgItemTextA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pos
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 628KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE