82151f26fd841976eacbd9d11dd92fe4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

82151f26fd841976eacbd9d11dd92fe4_JaffaCakes118
Size

622KB
MD5

82151f26fd841976eacbd9d11dd92fe4
SHA1

3dd50af504d786794c7d0ac42dba0eab6b7cf18b
SHA256

f892a49683cb8cd82ff7cafeae88fd315ef14526ee7f08a3822d4bc8113937eb
SHA512

9be24c7d2fe5703c29035d348daa3933a7aa56306b9f13bc705a864ccaac7da970baf4bb5688279a7cf2bed18e31aae006834cf75f91fe18bcb985d61e3e01a7
SSDEEP

12288:4aLzwaktB3YfMa+8Q7Ch3QPLeXr2EqrtVcz3kM/oJEO8wavSXGh/TPg+:4awacJYkcQ7iAkrkrs3kMgJEO8ZaXGH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Kunde-62-1981808265-5626025920.exe

Files

82151f26fd841976eacbd9d11dd92fe4_JaffaCakes118
.zip
Kunde-62-1981808265-5626025920.exe
.exe windows:5 windows x86 arch:x86

e6bf4eef45fc1e96099c2f672b46fd98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ctl3d32

Ctl3dCtlColor
Ctl3dEnabled

kernel32

GetCurrentThread
GetProcAddress
SleepEx
WriteFile
OpenJobObjectW
GetModuleHandleA
CreateFileMappingW
CreateProcessA
CreateFileMappingA
OpenWaitableTimerW
GetVersionExW
GetCurrentProcess
FindFirstFileA
GetModuleFileNameA
GetExpandedNameA

odbctrac

TraceSQLFetch
TraceSQLCancel
TraceSQLConnect

Sections

.text
Size: 632KB - Virtual size: 631KB

IMAGE_SCN_MEM_EXECUTE

.ydata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_WRITE

.rcrs
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ