0a812114175742f9669507bff8f6afcd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a812114175742f9669507bff8f6afcd_JaffaCakes118
Size

27KB
MD5

0a812114175742f9669507bff8f6afcd
SHA1

1031ddb0ddb6eac91dfccd7917dd2b0a581cbcfd
SHA256

3bc0155b8ac981579f16889a819110d03d14b8fcad54b262cb41aa8bcdfea94b
SHA512

a59d3804084acf2eed520cacbdb14b0027c375682f532ad4a3d01c8833dfb8bfe7d717e93fdb5bd8d4b4b6aed42f1aee2ab366b530d2d78569d67a245e119057
SSDEEP

768:7Hh0ijl1+Rja7UsKyw282XwpNj43NeAUtjp11WTp3:7/gHywySM3Ulmp3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/new.doc .cpl

Files

0a812114175742f9669507bff8f6afcd_JaffaCakes118
.eml
email-html-1.txt
.html
new.cab
.cab
new.doc .cpl
.dll windows:4 windows x86 arch:x86

d5ccb19341016c0e2a376e92647cacc9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
lstrlenA
CloseHandle
CreateFileA
CreateProcessA
DeleteFileA
ExitProcess
GetModuleHandleA
GetShortPathNameA
GetTempPathA
GetThreadContext
GlobalAlloc
lstrcpynA
MoveFileA
ReadFile
ResumeThread
SetFilePointer
SetThreadContext
VirtualAllocEx
WriteFile
WriteProcessMemory
lstrcatA

shell32

ShellExecuteA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 214B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ