0fed4351beb5ac322ae6875d87481569_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0fed4351beb5ac322ae6875d87481569_JaffaCakes118
Size

3.9MB
MD5

0fed4351beb5ac322ae6875d87481569
SHA1

0396ea64fad3ea2324d58e9d7d68c081cea05131
SHA256

4d841eec88c8785dd9a9e9f7b5cb06cac26f92c8b54ce91ba2f443334d6b581d
SHA512

4d4f8337867b1ff14dc3b67f593515d60fe8dd66c6513d6a98396d67121a88f479871f5a7766be57bd75596044acdbacbddf730a85f7f4fd160a19f96aafa017
SSDEEP

49152:Bmac9p1uzwRJeTDOrBkWhczDvJCQGnNZ9Ve++Va1pi1UH1jgCZna6w86t86US8u+:pc3iNTC1kWmvvJ8P7FGa1U1UeCi86ySO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/finebrowserfree.exe

Files

0fed4351beb5ac322ae6875d87481569_JaffaCakes118
.rar
finebrowserfree.exe
.exe windows:4 windows x86 arch:x86

678986d7fe8eb1ebce8a0b924f59474d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
VirtualFree
lstrcpyA
ExitProcess
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
lstrlenA
VirtualAlloc
ReadFile
CreateFileA
GetModuleFileNameA
GetLastError
CreateMutexA

user32

SetCursor
LoadCursorA
wsprintfA
MessageBoxA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot
安装说明.txt
非常世纪资源网.url
.url