2eddd0d16ccf4e75cb3439df7a54eb8c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2eddd0d16ccf4e75cb3439df7a54eb8c_JaffaCakes118
Size

6.4MB
MD5

2eddd0d16ccf4e75cb3439df7a54eb8c
SHA1

a025dc2a281ea137b8df06684a5ca3fc485eae29
SHA256

dbdcdd27bea47eb2d1872ccf0d71f458e9c1f8c3d95e5a4fb3ca8808811ca307
SHA512

4008066b28cbf75abc3adb5e8216d70147d9be712b444eaa28e515d85b48f06e4f70d863c118bc51b7ca924a0d5b0df8b8051b262bf08771541a0c781425ec7e
SSDEEP

98304:B6YqN+HroR6Ynqqag0CmbkqSLcdjVGKD7RR+6SCOWBPXWzhtr1ddL2YLzaLihmFg:BnqIMP5ag0CmULcdjVVD7NB+TdL7zgrg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/goodname.exe

Files

2eddd0d16ccf4e75cb3439df7a54eb8c_JaffaCakes118
.rar
goodname.exe
.exe windows:4 windows x86 arch:x86

678986d7fe8eb1ebce8a0b924f59474d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
VirtualFree
lstrcpyA
ExitProcess
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
lstrlenA
VirtualAlloc
ReadFile
CreateFileA
GetModuleFileNameA
GetLastError
CreateMutexA

user32

SetCursor
LoadCursorA
wsprintfA
MessageBoxA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url