240829-qgl6estbjg_pw_infected[.]zip

General

Target

240829-qgl6estbjg_pw_infected.zip
Size

72KB
MD5

376af3d54de367f3820cf4e1f44be63e
SHA1

e830bbf9c72b7f13583ad09f67f8ad4596829258
SHA256

5359e6703b931520780d4407d6622ed7a49cd9062baba2d7b992a4641d1f6b8d
SHA512

8ad03af61983bccc6b4ee719fa9be814594c44bc4821aa03f1603244697fd918b9a7eb82e9443ac33d1cd0e525fd3ea98bb7c3ab95af0a98b31a6452e5a989f1
SSDEEP

1536:mkTDN7Yv8TN4EOZquSgxwJRfM2JOValqwHdhZsyMei9cZRw:mKDWuKLwJRfM2J6alqw92V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c8e2d7e03ae01fc662eaec4591c094fc_JaffaCakes118

Files

240829-qgl6estbjg_pw_infected.zip
.zip

Password: infected
c8e2d7e03ae01fc662eaec4591c094fc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Password: infected

ce73757af516c5fd85d858e4503db718

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
VirtualAlloc
GetCommandLineA
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LockResource
LoadResource
FindResourceA
CreateFileA
CloseHandle
SystemTimeToFileTime
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
HeapReAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetStringTypeW
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
GetStartupInfoA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW

user32

wsprintfA
LoadStringA
DestroyWindow
DialogBoxParamA
BeginPaint
GetClientRect
DrawTextA
EndPaint
PostQuitMessage
EndDialog
GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
DefWindowProcA

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

ce73757af516c5fd85d858e4503db718

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 4B

.rsrc Size: 32KB - Virtual size: 29KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 4B

.rsrc
Size: 32KB - Virtual size: 29KB