0da89d8ab6d5fa468ed0787da69f8800_JaffaCakes118 | Triage

Sharing

General

Target

0da89d8ab6d5fa468ed0787da69f8800_JaffaCakes118
Size

19KB
MD5

0da89d8ab6d5fa468ed0787da69f8800
SHA1

287b055db92045211610a101a498aad28355b5d9
SHA256

2bc045f482c14210c3d4003d1c8d2ef1e24689595093bdd41a8dcd7eb0121a8f
SHA512

873c4855eff05a488b193afe40eb347eb7596d57c937fb3035a5724f5000c7774083cf264c80aa0ad9065d8a1af00dedb3d2d799e65661f953c08ce827e250c2
SSDEEP

384:njounO9HEVZnMHXxUlFlEAIU1xJ5hXWFzEQgp9ZKR0vzcMUcKPmhQoalu:njOBKZnMGbEAt1xzVIzEQgpf9AOhralu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/pompe_travaini_spa.scr

Files

0da89d8ab6d5fa468ed0787da69f8800_JaffaCakes118
.cab
pompe_travaini_spa.scr
.exe windows:4 windows x86 arch:x86

d2841f45bf71d1c069b9a0f11b63eb04

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
CreateMutexA
WriteProcessMemory
GetCurrentProcess
GetTimeFormatA
CreateSemaphoreW
LoadLibraryA
SleepEx
CreateDirectoryA
GetTickCount
WriteFile
FoldStringW
GetNumberFormatA
CompareStringA
HeapCreate

ctl3d32

Ctl3dEnabled
Ctl3dCtlColor
Ctl3dGetVer
Ctl3dUnregister
Ctl3dRegister

user32

CreateWindowExW
IsZoomed
SetCursorPos
DialogBoxParamW
GetMessageA
PostMessageA
GetCaretPos
PeekMessageA
ShowWindow
GetWindowTextA
GetWindowLongA
IsWindow
ShowWindow
CharToOemA

themeui

DllCanUnloadNow
DllGetClassObject
DllGetClassObject

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ