a0ddb8a2b00a82326e69460c6cf5ef83_JaffaCakes118 | Triage

Sharing

General

Target

a0ddb8a2b00a82326e69460c6cf5ef83_JaffaCakes118
Size

356KB
MD5

a0ddb8a2b00a82326e69460c6cf5ef83
SHA1

b1209203290948df8c065e782e657c14ce92abe6
SHA256

834079a3da183e8e73edfdf09dc49f32afa02078eee7f261b0c3695291417d10
SHA512

a29dd0d9b7367c028c7e7ef44f51c6e9a1df59e55e3894f46af6df6f96dd247d6f5fca05e49e86587046ef4ee562a6461d4c8b7a6700e3b9b105191dc2f7ceba
SSDEEP

6144:WxZbR3+TPPY/WITJ3ZTMy5BbiRjcxIpUWpLpOtgs/gse3Cq2WR5mKWolqam:WfRY1ITLMqbiVhpUWpLItgs473CqPRbE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GetColor/GetColor.exe

Files

a0ddb8a2b00a82326e69460c6cf5ef83_JaffaCakes118
.rar
GetColor/GetColor.exe
.exe windows:5 windows x86 arch:x86

4710e694cbc904bbde58b1960e1a3f6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
GetModuleFileNameW
SetEnvironmentVariableW
GetCurrentProcessId
OpenFileMappingW
GetLastError
MapViewOfFile
CloseHandle
CreateFileW
CreateFileMappingW
UnmapViewOfFile
GetFileInformationByHandle
VirtualAlloc
VirtualFree
GetModuleHandleA
GetFileSizeEx
GetProcAddress
LoadLibraryW

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xcpad
Size: - Virtual size: 72KB

.idata
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GetColor/GetColor.exe.config
.xml
GetColor/如果无法运行，请先安装.NET Framework.url
GetColor/新云软件.url
.url