20eef6c537a7c6cff0b1c2925672f241_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20eef6c537a7c6cff0b1c2925672f241_JaffaCakes118
Size

633KB
MD5

20eef6c537a7c6cff0b1c2925672f241
SHA1

a2fb9da0e377a554bdb8b3154c974f1f111c7a01
SHA256

060ff811a3c206e3989c7fea48d5e2d425971d91f02f0ef5e8a75c4476172791
SHA512

873422eeb12285a0022783c482c5d57efc1bbcbfb8227585094b07902a7d5ed30861f1affbc38f8d65c207de2cb777070f51ad29f4b3fec00ec69a45cbeab9aa
SSDEEP

12288:eZxH4VdKLMJEDxkpGLirQ62acf8or6S+jbnoTJlPG7PwiCq:eXH4VGJ9UuirQ7B/+j70QPl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ftpnavigator.exe

Files

20eef6c537a7c6cff0b1c2925672f241_JaffaCakes118
.rar
ftpnavigator.exe
.exe windows:4 windows x86 arch:x86

a3cd138f09c17f81fb64526d63cb2df6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
ExitProcess
DeleteFileA
FreeLibrary
lstrcpyA
GetProcAddress
LoadLibraryA
VirtualFree
CloseHandle
WriteFile
GetWindowsDirectoryA
CreateFileA
lstrcatA
CompareStringA
GetCurrentDirectoryA
lstrlenA
ReadFile
SetFilePointer
VirtualAlloc
GetModuleFileNameA
InterlockedIncrement
GetModuleHandleA

user32

SetCursor
LoadCursorA
wsprintfA
ShowWindow
FindWindowA
MessageBoxA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 766B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
安装说明.url
.url