8cbaf1737f4d6a410e62d02c3dc04966_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8cbaf1737f4d6a410e62d02c3dc04966_JaffaCakes118
Size

20KB
MD5

8cbaf1737f4d6a410e62d02c3dc04966
SHA1

b4589232571c7cf0b3bf5d1cf2f9cc05a4e48263
SHA256

b17407220f99bcead44f77fd8bfeb78cc6e0235c06d4a31043e10d3bed43028e
SHA512

06e51e91f2efebaf1c2a27993aa4a5667f64c02e5a64c383a4d319eed3769c56f988533eaa6e7ae586f1aef24e8017fd9ea3b4b38015b20f55559a5812822ea1
SSDEEP

384:6mVdbLX2gOxs8EPOTdFPgrnzrOPgVMRkIeWTt6P3vzyA50SxgFw:6ad3cOT+dFPaOPaWBt6PfuUxf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Overdue state bill.exe

Files

8cbaf1737f4d6a410e62d02c3dc04966_JaffaCakes118
.zip

Password: infected
Special pt document.zip
.zip
Overdue state bill.exe
.exe windows:1 windows x86 arch:x86

f05acd1fa51ad1f3ecaa062a696076f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
FormatMessageW
GetModuleHandleA
GetProcessHeap
GetSystemTimeAsFileTime
GetTickCount
HeapAlloc
HeapFree

user32

CharUpperW
DefWindowProcA
DefWindowProcW
DestroyWindow
DialogBoxParamW
GetClientRect
GetDC
GetForegroundWindow
GetKeyboardLayout
GetMessageA
GetWindowPlacement
IsIconic
LoadStringW
MessageBeep
MessageBoxA
MessageBoxW
PostQuitMessage
RegisterClassA
ReleaseDC
SetActiveWindow
SetCursor
ShowWindow
TranslateMessage
wsprintfW

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xksrpi
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xvqtncus
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE