240830-s27c7s1gld_pw_infected[.]zip | Triage

Sharing

General

Target

240830-s27c7s1gld_pw_infected.zip
Size

3.1MB
MD5

ad6f0d9fb54e53e567133a9d646963f5
SHA1

e5c66faecc0378842dd86731ac261f1aa00197e0
SHA256

e29951ea83b803ba314a0275c4539f627c697bc358acff07b8d3bf309119691d
SHA512

9160a06ccf1286623680236cd26d955ba4c06d7de39a5544820f9c9a7994b905e0c1f839863c836e181386d6bad7bd7cbae2e4218436f3bfc56518f1543a85d3
SSDEEP

49152:yerOQiH4yPUIAQNQ5uLoGysSMHKhWdbsv5z0MC3Dy4FPZRX4hZ7vUS:CQG1AQNPovMHKhWdbWylzymhd4/3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cb211e0f58c5a58b0a035936c7d86952_JaffaCakes118

Files

240830-s27c7s1gld_pw_infected.zip
.zip

Password: infected
cb211e0f58c5a58b0a035936c7d86952_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Password: infected

2e5708ae5fed0403e8117c645fb23e5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
SizeofResource
LockResource
LoadResource
FindResourceA
CreateProcessA

msvcrt

free
_initterm
malloc
_adjust_fdiv
sprintf

Exports

Exports

PlayGame

Sections

.text
Size: 4KB - Virtual size: 652B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ