4bd1cb580c5b5275d71a4702e8bece52_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4bd1cb580c5b5275d71a4702e8bece52_JaffaCakes118
Size

46KB
MD5

4bd1cb580c5b5275d71a4702e8bece52
SHA1

5ca69f913b4cefd316d61abac395eb5db0e21289
SHA256

b3c64522a8df4c015978eb1f002db230dc878701074275ca95ff3a9ade5ce883
SHA512

22e64715ffa1f36056066dbb045f18541d75390d2c3b77b52ae7861ef26ff69cc74da36ec2fe2e3e5f3e7966aeccd256fb205a3d0bfe3c9e7d195559752dc83c
SSDEEP

768:3d2+zLyvcKdHxw1fyUW0t8EiE7kJ+mXTh6UFg7nfVl69OnnXsWard1RQBaqc:37Sckx6fyZ0t8EZ0+mjPofVlaSnX0lQA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Label_Copy_UPS.exe

Files

4bd1cb580c5b5275d71a4702e8bece52_JaffaCakes118
.zip
Label_Copy_UPS.exe
.exe windows:5 windows x86 arch:x86

ff3e0eb5fba592bb92e8c2e8944e1289

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DialogBoxParamA
SetWindowTextA
EnumWindows
GetActiveWindow
SetDlgItemTextW
IsCharAlphaA
GetWindowThreadProcessId

ole32

CoRevokeClassObject

comctl32

InitCommonControlsEx

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

kernel32

FindResourceA
GetTickCount
HeapFree
GetModuleHandleA
HeapCreate
LoadResource
DeleteCriticalSection
InitializeCriticalSection
GetStartupInfoA
GetProcAddress
FreeLibrary
LoadLibraryA
GetNumberOfConsoleMouseButtons
IsBadReadPtr
IsValidLanguageGroup
LocalFree
GetDateFormatA
LocalAlloc
SetFileAttributesA
HeapDestroy

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ