efe062c3e140fb5fe08f2ec9cdae220b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

efe062c3e140fb5fe08f2ec9cdae220b_JaffaCakes118
Size

122KB
MD5

efe062c3e140fb5fe08f2ec9cdae220b
SHA1

5722e9b5b4dd6d764d63febd4fb941d96b815132
SHA256

d3525e4836b495c9ccbd409eacacd33c3816919b9fea1676d113bc645e97716d
SHA512

9a2042047166a631f1fe14924fd61fef2305d9e6aa7b73bc6ddd91cc361d3024dc7df99f6ec94194e321239e785ec36e51a6c18b3ca40d3e728927b1f24dce11
SSDEEP

3072:wpp7Tm++XA1Yh5f0llh65Yw8sfsECaq56/ajc3LTPKipA3af8KpZT:aa+QAy5sfE9Hsw/TPKmA3a0UT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PasswordsPro.exe

Files

efe062c3e140fb5fe08f2ec9cdae220b_JaffaCakes118
.zip
Belarusian.lng
Bulgarian.lng
German.lng
History_Eng.txt
History_Rus.txt
PasswordsPro.chm
.chm
PasswordsPro.exe
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 72KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Russian.lng
Slovenian.lng
Spanish.lng
Test/MD4(Base64).txt
Test/MD4.txt
Test/MD5(APR).txt
Test/MD5(Base64).txt
Test/MD5(RAdmin_v2.x).txt
Test/MD5(Unix).txt
Test/MD5.txt
Test/MySQL.txt
Test/SHA-1(Base64).txt
Test/SHA-1.txt