8469bb7b4f97ab2aa41c473e4e438436_JaffaCakes118 | Triage

Sharing

General

Target

8469bb7b4f97ab2aa41c473e4e438436_JaffaCakes118
Size

468KB
MD5

8469bb7b4f97ab2aa41c473e4e438436
SHA1

647e3cf19e1cacb6823cc98b5781c52ac7c7a0ec
SHA256

384bbebc7daf88673c850777f9d940952ad6e034a8feb93ad98a9f8c8f3684a8
SHA512

284b9d97374a48a63a4a3b8a5f5c90212530a27a388659bdd52bf8fc807d6a673c514ab57a51d64f8d87f32e3f015f0b3fffd7c745ff6e619797fd2eef59dc11
SSDEEP

12288:KI/65BHpkBm2Ibxhi9MPSDduYLLxjjOqFNC0c:z65l89dJLLpjNF1c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PdgRenamer.exe

Files

8469bb7b4f97ab2aa41c473e4e438436_JaffaCakes118
.rar
PdgRenamer.exe
.exe windows:4 windows x86 arch:x86

26ba865a58735755cbbb7bacf90a4296

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

shlwapi

PathFindExtensionA

imagehlp

MakeSureDirectoryPathExists

user32

SetTimer

gdi32

GetClipBox

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter

advapi32

RegQueryValueA

shell32

SHGetDesktopFolder

comctl32

ord17

ole32

CoUninitialize

oleaut32

VariantClear

Sections

.text
Size: 460KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
新云软件.url
.url