ce64830c8ce061dff07f4351195ea820_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ce64830c8ce061dff07f4351195ea820_JaffaCakes118
Size

144KB
MD5

ce64830c8ce061dff07f4351195ea820
SHA1

a50b3eddb7545575403fdf2547b1f3e77cc3f442
SHA256

bed9e92a87e0ad4dc1b1e6daaab5574c3bff4c2f12fd366e39babfd4fc847d71
SHA512

7f8c4a359a927c576602623071759963283914d71f606daaa57f429cd83357b0c956d1618a509033410f365e6f702eb2d9388b6c166daaa9c25c7b967aa0b28d
SSDEEP

3072:lZ3Gysvzv4srv3ha2XV5yL9GXCwOfTW9cJ8ckrVu1rfMRYRN6V9d8:lZ3GykUsrfhaN8XjoQWYrVuyYRAV9d8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/NOD32 Brontok-fixed/Brontok.exe

Files

ce64830c8ce061dff07f4351195ea820_JaffaCakes118
.zip
NOD32 Brontok-fixed/Brontok.exe
.exe windows:4 windows x86 arch:x86

12ae5f7e40332ef0e351e4f536f4911b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strlen
_getch
malloc
_strlwr
strcpy
strcat
strcmp

kernel32

FindResourceA
GetCommandLineA
GetModuleHandleA
GetStdHandle
CreatePipe
SetStdHandle
GetCurrentProcess
DuplicateHandle
DeleteFileA
WaitForSingleObject
CreateProcessA
CreateFileA
GetModuleFileNameA
GetTickCount
LockResource
LoadResource
CloseHandle
GetTempPathA
WriteFile

user32

LoadStringA
wsprintfA

shlwapi

StrToIntA

Sections

.bss
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NOD32 Brontok-fixed/Howto-remove-brontok.b.doc
.doc windows office2003
NOD32 Brontok-fixed/NOD32_Brontok_Fix.inf
NOD32 Brontok-fixed/Readme.txt
NOD32 Brontok-fixed/brontok_fix.bat