12a1307c724a10abd3622f677bacb2a8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12a1307c724a10abd3622f677bacb2a8_JaffaCakes118
Size

82KB
MD5

12a1307c724a10abd3622f677bacb2a8
SHA1

563b59798657df6243afceff9eb68329013c740f
SHA256

a68242cebba158f2e056b595da2e77308eef9fc90b28c434cc3d0531e1cb8ee8
SHA512

9c0f4cc64e8533fd00c9b5c2b5c00b6ac64602354ac2fb46a6aec54fd2980e1ba8633c6b1815fbb8a3f19249a8c1275804a45011989e6d87820e39725cf302f6
SSDEEP

1536:ym3bhn5gPepfISTlsd03xJyzRm/m0v4BUPr9HjnYt9+hfCNBzoOC6:yChnu3STlBJqIAUJHrYtghfCnoOn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Comprovante de Pagamento - Boleto Bancario.cpl

Files

12a1307c724a10abd3622f677bacb2a8_JaffaCakes118
.zip
Comprovante de Pagamento - Boleto Bancario.cpl
.dll windows:4 windows x86 arch:x86

3e0a8157e1c359ae9935d3ff6b9aa477

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

ole32

CoTaskMemFree

wininet

InternetCloseHandle

Exports

Exports

CPlApplet

Sections

.text
Size: 78KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE