86a08bd9305162fd135bad1eaa5a67f9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

86a08bd9305162fd135bad1eaa5a67f9_JaffaCakes118
Size

3.8MB
MD5

86a08bd9305162fd135bad1eaa5a67f9
SHA1

f560a757807b7d807bd6ea5f387d5257fbc58219
SHA256

f03241d4bcbc9a609dd699c7aac782607a12cec6348e99544d74b68c2874f5de
SHA512

88721e12bf65276d0f1f0de6f8e4b0dfc56b12f98aa0cf9dd11ab25e5482af33911bfb4b6d0b36dd547fa7ccec19ebd5dfaa0510dd04f451a845693136b08f90
SSDEEP

98304:8KddoSOEGz74dmUTNSJIquvwZzBPbY8A48faTImP:DNOEGz+FTNSB4wD5A48SEI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/OKGO_v4.0.exe

Files

86a08bd9305162fd135bad1eaa5a67f9_JaffaCakes118
.rar
OKGO_v4.0.exe
.exe windows:4 windows x86 arch:x86

031cc6145bf86238f01506b521b984fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

OleUninitialize

comctl32

ImageList_SetIconSize

shell32

ShellExecuteExA

wininet

InternetSetOptionA

comdlg32

GetOpenFileNameA

Sections

CODE
Size: 3.8MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
新云软件.url
.url