faf362c2d0cd71a6dab35417c8a3f5e3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

faf362c2d0cd71a6dab35417c8a3f5e3_JaffaCakes118
Size

944KB
MD5

faf362c2d0cd71a6dab35417c8a3f5e3
SHA1

dec6b95a3dc684934c6096048d8670a33d3fcebd
SHA256

922c0989f150625567e4122255bd44e5eb1bceb9e4cf4059f404c92c5a713574
SHA512

6c3bdad00aa5d5fdab6816734e40b6089fcea6e33653d2abb1ad74001d57abdf6f1b3614296297400eea3ade60925d1e5cbf67d4e74802a5caedab060c9ebdc3
SSDEEP

24576:2dSfnEadYJqqcNfGii8b9W8iryy47APxYAU0W98Db:2sfEasqqahia9WpmrAe98H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dfm2html.exe

Files

faf362c2d0cd71a6dab35417c8a3f5e3_JaffaCakes118
.rar
dfm2html.exe
.exe windows:4 windows x86 arch:x86

263f2c74198635066e799ddd460d8fcf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
ExitProcess
lstrcatA
lstrcpyA
RemoveDirectoryA
DeleteFileA
FreeLibrary
CloseHandle
GetProcAddress
LoadLibraryA
WriteFile
CreateFileA
CreateDirectoryA
lstrcmpA
GetFileAttributesA
GetTempPathA
GetModuleHandleA
GetFileSize
GetLastError
CreateMutexA
GetModuleFileNameA
VirtualAlloc
VirtualFree

user32

wsprintfA
MessageBoxA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.gentee
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url