fd0abbcb12e032f0e15168d037c8b747_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fd0abbcb12e032f0e15168d037c8b747_JaffaCakes118
Size

534KB
MD5

fd0abbcb12e032f0e15168d037c8b747
SHA1

47809536ce005336baabac4811e3eba48a0d7955
SHA256

cb09a8d04dec243655242e980a8e0666546a87d473765ec68a6b4c0b89bcce8e
SHA512

0072f7fe35af06824313049b03e05a6ab113733994a055d2332447e549c8ca1c947a47b744a18779c94ddb36bdf39d95b89b7898f41a4080813126f214984f1a
SSDEEP

6144:tB1zEFkvmGQOYAwf+w86bweahI89KZo7olhxqjF/k87ZB8Ft4a6EA+hCoJwH3wLK:tumwVbwbc+72hAQ0d+fSH+ANBA9E4+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Mz_UT.exe

Files

fd0abbcb12e032f0e15168d037c8b747_JaffaCakes118
.rar
Mz_UT.exe
.exe windows:4 windows x86 arch:x86

c9749513208288305099900ce01b1603

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
ExitProcess
lstrcatA
lstrcpyA
RemoveDirectoryA
DeleteFileA
FreeLibrary
CloseHandle
GetProcAddress
LoadLibraryA
WriteFile
CreateFileA
lstrcmpA
lstrlenA
GetFileAttributesA
GetTempPathA
GetModuleHandleA
GetFileSize
GetModuleFileNameA
VirtualAlloc
VirtualFree

user32

wsprintfA
MessageBoxA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.gentee
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url