d49a825b7c367c8c5079c50e4846314c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d49a825b7c367c8c5079c50e4846314c_JaffaCakes118
Size

863KB
MD5

d49a825b7c367c8c5079c50e4846314c
SHA1

5bff300ea9a5b667c0a2f54a08f64d221bc8cd91
SHA256

a0cc713f22be27f8bf649968053c202c7741d66cb06f18f4463840e1117e30ca
SHA512

a19e5a6c73b4ba3a1ccf95383a93ca79e2bac3845ec2f457c9d22f35b6138ea93fff7346622136b53e7cae548fcb5079f7b1cf015e12f27d453d1903827f219b
SSDEEP

12288:HcLH090h/Manijw2Ng54ziPhoGq29LYrY29ZOVn6mhFtBhuo2HfbueQD:GH0YM1pNYVZo+k9sVn6mhFbhMVe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LemsOrder.EXE

Files

d49a825b7c367c8c5079c50e4846314c_JaffaCakes118
.zip
LemsOrder.EXE
.exe windows:5 windows x86 arch:x86

4582ffdd7eb98cb63a937096204182b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
GetModuleFileNameW
GetCurrentProcessId
OpenFileMappingW
GetLastError
MapViewOfFile
CloseHandle
CreateFileW
CreateFileMappingW
UnmapViewOfFile
GetFileInformationByHandle
VirtualAlloc
VirtualFree
GetModuleHandleA
GetProcAddress
LoadLibraryW

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xcpad
Size: - Virtual size: 604KB

.idata
Size: 1024B - Virtual size: 626B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ