323c398a2c08819ce3ad8bbe19c42da4_JaffaCakes118 | Triage

Sharing

General

Target

323c398a2c08819ce3ad8bbe19c42da4_JaffaCakes118
Size

50KB
MD5

323c398a2c08819ce3ad8bbe19c42da4
SHA1

8a03fbb392ad7c9a1606cc31740ce26320b61287
SHA256

b653aad0e37025ea331382ba994a7ada94850113da9799fc22d5429a0e332ccd
SHA512

22b0d55a96fbe025e31691fdc35803e6ceadafca5b802cf87741edc2f95edab531f8abd7faa70271e031c792975b1c921fd89b9dcad59c2febc144981ba290d4
SSDEEP

1536:zne8v3lUGTtrn3UmzuuyzywoxpbWQCvMx:zeClLTpUOuuyzyw4XCUx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Label_Copy_UPS.exe

Files

323c398a2c08819ce3ad8bbe19c42da4_JaffaCakes118
.zip
Label_Copy_UPS.exe
.exe windows:5 windows x86 arch:x86

b08cdf0b73a5829fec6d8ab644f87103

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ValidateRect
SetWindowPos
GetActiveWindow
IsCharAlphaNumericW
SetWindowTextA
SetClassLongA
OemKeyScan

ole32

OleGetAutoConvert
CoLoadLibrary
OleLockRunning

kernel32

GetSystemTimeAsFileTime
CopyFileW
CreateProcessW
SizeofResource
GetStartupInfoA
SetFileAttributesA
HeapFree
GlobalUnlock
GlobalLock
LocalAlloc
HeapCreate
LocalFree
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
FreeLibrary
GetProcAddress
LoadLibraryA
IsSystemResumeAutomatic

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ