3ba4051453adb1ee848976d87c494ef8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ba4051453adb1ee848976d87c494ef8_JaffaCakes118
Size

325KB
MD5

3ba4051453adb1ee848976d87c494ef8
SHA1

98fa1933bd7c7cb46b50651b58071962a1b73a8e
SHA256

3b7f1caa3bf6fc58c4ad0aed95fd690f3cd08ba9a4eca2022045f369e2cac8f4
SHA512

4a9d53b2f72a4d87470d98e733cdb12bce6252c85046b9a03c9e777959dced90190604df09c9d10a8d98ae08af4a5ec81fb74f1637bf546def62bdc0fdb69f85
SSDEEP

6144:jQp/SvT8qnPZ3TBrZcqTNBvxyjXFunQk9eEFgij1laNKLohQ4PPhvpIFb:8p/SvJnh3TBrZc8BvxiFunQgeW5laNKD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/modemspy.exe

Files

3ba4051453adb1ee848976d87c494ef8_JaffaCakes118
.rar
modemspy.exe
.exe windows:4 windows x86 arch:x86

916fa89f9cf7675997160449f96cf87a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

IsWindow
ShowWindow
MessageBoxA
PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA

kernel32

GetCommandLineA
WaitForSingleObject
ExitProcess
DeleteFileA
GetLastError
FormatMessageA
GetStdHandle
CloseHandle
WriteFile
CreateFileA
GetCurrentThreadId
GetTickCount
lstrlenA
GetTempPathA
lstrcpynA
LoadLibraryA
Sleep
GetVersionExA
FreeLibrary
GetProcAddress
CreateProcessA

shell32

ShellExecuteA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 328KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
新云软件.url
.url