a36dec48c5465813866cddcd4b761515_JaffaCakes118 | Triage

Sharing

General

Target

a36dec48c5465813866cddcd4b761515_JaffaCakes118
Size

50KB
MD5

a36dec48c5465813866cddcd4b761515
SHA1

3222e893e0d786e3d66f75d98c717028db27743e
SHA256

3d362b120c197f0fa7a2acac0318b49ed67ea1ed4aa3dfac34b213e02f7606ed
SHA512

9e77787194cdffcd1e7d614ce5fb82e6788707a86f8a01b932570b64d2aeace2c676bd894c623c11b19e7f06ad843f6c6852be23e435920a7fd13cf3e60fab26
SSDEEP

1536:ahwc8R5A8tBqbaiqJ+TVk/QNjbEJDATtvSTj:6J8tB6K/QNjbEmtSTj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PPPOE095.EXE

Files

a36dec48c5465813866cddcd4b761515_JaffaCakes118
.rar
PPPOE095.EXE
.exe windows:4 windows x86 arch:x86

4550cb416fd026e64d92396f5d68f1a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
RemoveDirectoryA
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
lstrcatA
lstrcpyA
SetCurrentDirectoryA
CreateDirectoryA
GetTickCount
GetTempPathA
GetLastError
EnumResourceNamesA
lstrcmpiA
ExitProcess
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
WriteFile
CreateFileA
LockResource
SizeofResource
LoadResource
FindResourceA
Sleep
DeleteFileA

user32

wsprintfA

Sections

.text
Size: 1024B - Virtual size: 733B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 846B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
使用说明.htm
.html
使用说明.txt