b13aa8df035cd39233eec907f43783dc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b13aa8df035cd39233eec907f43783dc_JaffaCakes118
Size

56KB
MD5

b13aa8df035cd39233eec907f43783dc
SHA1

0147d1b7087725cef44c9cf9e067ebefae7a9f74
SHA256

312a1f7792e76f803989d98f32b33976dea29d3490abf847e9f22297f3fcce39
SHA512

e7fbf3c24c148f8370a10f75e446fca99af40ad33c80a770c8a9002c833def92d16081e415111786255605ff18c94ad2edd958fda20e952785a5acf5ef22af1b
SSDEEP

1536:dLJxLFaJZRhOVRU9t0U6snwRw5IyDYTPcftBOJKYP:d1WRhSU9995IyYTU12KYP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Label_Copy_UPS.exe

Files

b13aa8df035cd39233eec907f43783dc_JaffaCakes118
.zip
Label_Copy_UPS.exe
.exe windows:5 windows x86 arch:x86

be6a29a06413fb61d559e1c684dc4d1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

IsCharUpperW
EnumDesktopWindows
SetClassLongA
SetWindowRgn
ValidateRect
GetThreadDesktop
IsCharAlphaNumericA
GetActiveWindow

ole32

CoRevokeClassObject
OleSetClipboard
IIDFromString

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

kernel32

GetStartupInfoA
HeapDestroy
HeapFree
GlobalHandle
SizeofResource
LocalFree
SetFileAttributesA
HeapCreate
GetThreadContext
LoadResource
FindResourceExW
LocalAlloc
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
GetProcAddress
LoadLibraryA

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ