a49460067beaaf69557d19f40896c782_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a49460067beaaf69557d19f40896c782_JaffaCakes118
Size

77KB
MD5

a49460067beaaf69557d19f40896c782
SHA1

a3e81e8a5db341f473268d8cee16c7f76fad640d
SHA256

e47baeb744ac3a76c16eca9189223c3671d1527e782c402464ebdecc02df963f
SHA512

58e72eb1b9886459c8030b4716f503ff0d12d027549b08833038db7f739d3f05e46ed0feed7ab57f795a8d98f8706908e8985374d7bee847bb95175a1e74f2e5
SSDEEP

1536:7u5gcZpa9mAchX4nqDSfjNoGWWKh1ee7R4NsNEieH+6HTD+qdoeoHl1Vr:78LZpadK4wSfjeVWKhkmSrvoF1p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/302219068/Release/ShowPass.exe

Files

a49460067beaaf69557d19f40896c782_JaffaCakes118
.rar
302219068/AnimEffect.cpp
302219068/AnimEffect.h
302219068/KEY.ICO
302219068/Main.cpp
302219068/Release/ShowPass.exe
.exe windows:4 windows x86 arch:x86

71e3479c7861f54d9690ddf9b68233ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

user32

ReleaseDC

gdi32

PolylineTo

winmm

mciSendStringA

Sections

pec1
Size: 20KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
302219068/Res.aps
302219068/Res.rc
302219068/ShowPass.dsp
302219068/ShowPass.dsw
302219068/ShowPass.ncb
302219068/ShowPass.opt
302219068/ShowPass.plg
.html
302219068/on.mid
302219068/resource.h
302219068/下载说明.htm
.html .js polyglot