cfdc91d034d4aff215fdfbb403aaa9d8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cfdc91d034d4aff215fdfbb403aaa9d8_JaffaCakes118
Size

2.4MB
MD5

cfdc91d034d4aff215fdfbb403aaa9d8
SHA1

c7d5e1c4af02bd13e938500da1594e4a06d8bb87
SHA256

4aa65c3414a9c3c096c93d3eca421b587c23e7faddeeab8df68e2c13a23561ca
SHA512

fd73e1504728bbe4fc032796c1e758b7894a46370f7c0be2d8e1185b85fef9f18d0cbeb42b159131b4b6102fb4f2658d84daba608cc841914c680442498c27c6
SSDEEP

49152:aHXbqCd3G4zvBN5/MLA1S7E/Tc+Wu9fp+gf9adKEr2IjgA1Yta:a3VddvBN4AgUTc6R+uaMCtnOta

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Prego 1-2020/Propostas.exe

Files

cfdc91d034d4aff215fdfbb403aaa9d8_JaffaCakes118
.zip
Prego 1-2020/Comercial.xml
.xml
Prego 1-2020/Propostas.exe
.exe windows:5 windows x86 arch:x86

91e99f77f25b88f55c65d5b93eed18fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

oleaut32

SysFreeString

advapi32

RegCloseKey

user32

CharNextW

gdi32

Pie

version

VerQueryValueW

ole32

OleDraw

msvcrt

atol

comctl32

ImageList_Add

shell32

ShellExecuteW

comdlg32

PrintDlgW

winspool.drv

OpenPrinterW

Exports

Exports

TMethodImplementationIntercept

Sections

.MPRESS1
Size: 2.3MB - Virtual size: 10.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE