84cc909acf813cfb78c0810c1c67739e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

84cc909acf813cfb78c0810c1c67739e_JaffaCakes118
Size

652KB
MD5

84cc909acf813cfb78c0810c1c67739e
SHA1

3ae6712a16cb23d42eeff4ecb974aa33cfdcc0bc
SHA256

5e9a4bbe428e9b5f240e5accb2bc57485fd1a69098f0b78a10b754e30fb8d0b5
SHA512

a0a3d53810082526a8100733ab690a9723d080cdc9e8b0312f48f702eb9027e53463886935a62f950d224eb7b0ce87b71f079ccc088e04fa279ac89cb8d1166c
SSDEEP

12288:JaJ+1qYtXmyFNMckJA9AItuH5S1E2Y3UVct+7S/IcTyLkWrvQ1arDNJJ:JJ1qYtXmyocoA2O76t+7SAcTykOQqDN/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Ppt2Bmp125.exe

Files

84cc909acf813cfb78c0810c1c67739e_JaffaCakes118
.rar
Ppt2Bmp125.exe
.exe windows:4 windows x86 arch:x86

a3cd138f09c17f81fb64526d63cb2df6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
ExitProcess
DeleteFileA
FreeLibrary
lstrcpyA
GetProcAddress
LoadLibraryA
VirtualFree
CloseHandle
WriteFile
GetWindowsDirectoryA
CreateFileA
lstrcatA
CompareStringA
GetCurrentDirectoryA
lstrlenA
ReadFile
SetFilePointer
VirtualAlloc
GetModuleFileNameA
InterlockedIncrement
GetModuleHandleA

user32

SetCursor
LoadCursorA
wsprintfA
ShowWindow
FindWindowA
MessageBoxA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 766B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url