add43c19270d9f3389b5762fc1be4f72_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

add43c19270d9f3389b5762fc1be4f72_JaffaCakes118
Size

76KB
MD5

add43c19270d9f3389b5762fc1be4f72
SHA1

5176a0c1b9707398d3d4a5457c538ac3fcb72bdb
SHA256

7b29227766775729e17f8133208bef6e2270c1e40dbdddd1e60a0580eb340fae
SHA512

17c12ca3563e03effec96dac7b84e59cf706e7cf5073fc7809f6e4988137b6e88a3c4851fe6ecef1d9f1d5786e9832fbecd8a2beafea111f4a1e3b058e7aff73
SSDEEP

1536:rkIVeZ+hJEcI7oQtSEsg4HDVSGkchcNFtuOCl03BEmCq:YIVCmRLFkfhuOG0d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/yaps.exe

Files

add43c19270d9f3389b5762fc1be4f72_JaffaCakes118
.rar
ReadMe.html
.html
index.php
yaps.exe
.exe windows:4 windows x86 arch:x86

79b3362178937bf9559741c46bb9e035

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress

Sections

.text
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 121KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.c
Size: 71KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot