0ad070f6a57870f5c6b960e3b6cc4369_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ad070f6a57870f5c6b960e3b6cc4369_JaffaCakes118
Size

14KB
MD5

0ad070f6a57870f5c6b960e3b6cc4369
SHA1

6b2af5609fec6293337ad4e7d0e17857f46f7d03
SHA256

c490fa5de0a3f1f8f1e64d4db030bdecbbd71181b6c60012dff4bf56ab9fa5c0
SHA512

b86f55df588f006cd3c1337bb3813631b2cb5ffee90de512baf29eeac5fd321c6049c00ceb7f9462a269ff81fc414b235aede3ed5d286a600a9c26c5e3bc255a
SSDEEP

192:g6GvXKxkGRN1bzCI1Xn6Ot4tGZsuxbcehORSK2sL2kq/dg2QSvjZStn:g6wXaRfj136OW4s0+Rdnqlg2ZdSJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/yxFPSyhq/ϷFPSŻ.exe

Files

0ad070f6a57870f5c6b960e3b6cc4369_JaffaCakes118
.zip
yxFPSyhq/Ʈ.url
.url
yxFPSyhq/ϷFPSŻ.exe
.exe windows:4 windows x86 arch:x86

31f87ff4e629b2f695bb78d2e5244b54

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FindWindowA
SetWindowTextA

winmm

timeEndPeriod
timeBeginPeriod

kernel32

GetEnvironmentStringsW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetCommandLineA
GetVersion
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetLastError
ReadFile
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
SetFilePointer
VirtualAlloc
HeapReAlloc
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
CloseHandle

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ