d66a8791c2c9d309f22f51bcb832f4a4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d66a8791c2c9d309f22f51bcb832f4a4_JaffaCakes118
Size

1.5MB
MD5

d66a8791c2c9d309f22f51bcb832f4a4
SHA1

4e403e04d20071ede859351fd3f201769d8dd21a
SHA256

7ab9cbdcf1641ab66760359b9809f46451c882e4300987798f3270c2a3e31852
SHA512

286680a4d103fda6fbb517e56d2b679905544a44ed753a183f491dac4f8529724374505c2db3b1662aa40affb7fbe7331acaccebe2f646a20adc041434ae5d7d
SSDEEP

24576:an+fDwCbk2d6qMR6AGGrp4P2q4QUrx8OpkTGOrHYHH7H3V3kiLAkfG51vtmF9rF/:an+MCb5E7Gmp4P2qErxZpyGw8r3VUvk7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/tabbyFile212-setup.exe

Files

d66a8791c2c9d309f22f51bcb832f4a4_JaffaCakes118
.rar
tabbyFile212-setup.exe
.exe windows:4 windows x86 arch:x86

8347d9a360f01229df71f0509ce223ba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
ExitProcess
lstrcatA
lstrcpyA
RemoveDirectoryA
DeleteFileA
FreeLibrary
CloseHandle
GetProcAddress
LoadLibraryA
WriteFile
CreateFileA
GetModuleHandleA
lstrcmpA
GetFileAttributesA
lstrlenA
GetTempPathA
GetFileSize
GetLastError
CreateMutexA
GetModuleFileNameA
VirtualAlloc
VirtualFree

user32

wsprintfA
MessageBoxA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.gentee
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url