2e3deef0280e4d82e088dfa9ca9749e1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e3deef0280e4d82e088dfa9ca9749e1_JaffaCakes118
Size

542KB
MD5

2e3deef0280e4d82e088dfa9ca9749e1
SHA1

b94dbe94d45f40f6c35f8e6a685141435c558c79
SHA256

da28f718d4ba2427571e014004bb12790fae512a4d620648322aca85effd4981
SHA512

1ec3cbb81fea4a8e92b094e3cb11ddb0e6fba9d203a143a5b16275c982a1f984271c2a29cf6d1dc82a4201853867a00a055a1e82ac02555d7ee10e99b9e3d623
SSDEEP

12288:8sH3iBC66+SHgn2K9mlpj+QHPX/IH0Mr7Y4eQPR7qWi2v01xPmgRCdaH:8Oie+SA26mlM8PAUQ7Y5QPRG7vmO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MWCSetup-v650/MFF.exe

Files

2e3deef0280e4d82e088dfa9ca9749e1_JaffaCakes118
.rar
MWCSetup-v650/ChangeLog.txt
MWCSetup-v650/License.txt
MWCSetup-v650/MFF.exe
.exe windows:5 windows x86 arch:x86

637e6d34e16993b08c84170dd1901a0e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExW

user32

GetKeyboardType

msimg32

AlphaBlend

gdi32

UnrealizeObject

version

VerQueryValueW

ole32

OleUninitialize

comctl32

InitializeFlatSB

shell32

Shell_NotifyIconW

comdlg32

ChooseFontW

winspool.drv

OpenPrinterW

Sections

.text
Size: 236KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MWCSetup-v650/MWC.INI
MWCSetup-v650/MWCHelp.chm
.chm
MWCSetup-v650/新云软件.url
.url