4447d1d3e1c79eb490cea5df69fdf93e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4447d1d3e1c79eb490cea5df69fdf93e_JaffaCakes118
Size

4.6MB
MD5

4447d1d3e1c79eb490cea5df69fdf93e
SHA1

428f1fec9c29ce44da6d8b40b9c51740f30ff7c3
SHA256

c0648ccb1ca8a1375db196bfbe451396ab8eae38fad2ae61acad58271c6d2eac
SHA512

d4735372c89230ad42287719a1029d3ca9094039141ad92a363ae2c22ebc138ce3ffd2973a274c838e91d7d9a603fed3c0b644bce2695b5d142cc007ad62d94a
SSDEEP

98304:VGetEou8wxsIGmqzZMWH2y42t1xMHdd4D5xlRic4RC9teeMawrI9qH:VGOBw+Vm2ZMWfPtrMo54stZMa4H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/iconutils.exe

Files

4447d1d3e1c79eb490cea5df69fdf93e_JaffaCakes118
.rar
iconutils.exe
.exe windows:4 windows x86 arch:x86

678986d7fe8eb1ebce8a0b924f59474d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
VirtualFree
lstrcpyA
ExitProcess
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
lstrlenA
VirtualAlloc
ReadFile
CreateFileA
GetModuleFileNameA
GetLastError
CreateMutexA

user32

SetCursor
LoadCursorA
wsprintfA
MessageBoxA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url