f5a8723adc43b38d535fd72921a5109a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f5a8723adc43b38d535fd72921a5109a_JaffaCakes118
Size

198KB
MD5

f5a8723adc43b38d535fd72921a5109a
SHA1

74e0538a3cc04932bb3f40e11cc79aa146af9ff1
SHA256

1ae12a0e8654fa7aa7ef73760049eef090728bed19be32371c2ead79edf6fa29
SHA512

a74b9e6fc8b76a521ff8d467f23162c5221de11f27ea74551e3badeff1f5d97a27e09b5f6e99a245085cbc57e79d9d3db4d95029e5b4481623d13f7b7dc8b9c4
SSDEEP

3072:CsyhVMaKth/TmQBVFV53N7m70U6eh53RwpHnLRL++4RSpx3YPb6D7I/XVmk22yWR:CsQ3ysqtyw+Mt6v06b20/XVJAWX7l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/cht-aow.exe

Files

f5a8723adc43b38d535fd72921a5109a_JaffaCakes118
.zip
cht-aow.nfo
cht-aow.rar
.rar
cht-aow.exe
.exe windows:4 windows x86 arch:x86

781078caaab69fab8808b080c11b76a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
PostMessageA
PostQuitMessage
RegisterClassExA
SendMessageA
SetTimer
ShowWindow
TranslateMessage
LoadIconA
GetDlgCtrlID
GetParent
GetWindowLongA
GetWindowRect
ReleaseCapture
SetCapture
SetWindowLongA
SetWindowPos
LoadCursorA
LoadBitmapA
GetWindowThreadProcessId
GetSystemMetrics
GetSysColor
GetMessageA
GetKeyState
GetDC
FindWindowA
EndPaint
DispatchMessageA
DefWindowProcA
CreateWindowExA
BeginPaint
UpdateWindow

kernel32

VirtualProtectEx
TerminateProcess
ReadProcessMemory
OpenProcess
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
GetLastError
GetExitCodeProcess
GetCommandLineA
ExitProcess
CreateMutexA
CreateFileA
CloseHandle
WriteProcessMemory

gdi32

TextOutA
CreateFontA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cht-aow.sfv