70dd8e4fff55ddc14d7699ff043c4bfc_JaffaCakes118 | Triage

Sharing

General

Target

70dd8e4fff55ddc14d7699ff043c4bfc_JaffaCakes118
Size

361KB
MD5

70dd8e4fff55ddc14d7699ff043c4bfc
SHA1

3f88aa7eccf24374666480f98906f68e1af941d0
SHA256

aa05c706355e6962c375ef629d1c147ec5cac6ffa415110acd1f77c562b71cd5
SHA512

f8a4a4e1c46b86031e95fe2f7045b6b43a29402a55152368448e63101d1722bf7a07526c5e5251887f1dec77b1e22fcc840d0a4120bcdb7bc7459820264e592c
SSDEEP

6144:JQ6jHaGcfc6mSdIGZVfjlPjCsYcTxitW4k0OuGCn:JBHa91mA9ZVbluWktW4k0DGCn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/lanhoologin/Login.exe

Files

70dd8e4fff55ddc14d7699ff043c4bfc_JaffaCakes118
.rar
lanhoologin/Login.exe
.exe windows:4 windows x86 arch:x86

ca0245b6ef731863e074ae876846de5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

comctl32

ImageList_SetIconSize

shell32

Shell_NotifyIconA

Sections

CODE
Size: 300KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lanhoologin/login.JPG
.jpg
lanhoologin/login.ini
lanhoologin/新云软件.url
.url