2854a4bddbaddb3e0a40a1ed968f56aa_JaffaCakes118 | Triage

Sharing

General

Target

2854a4bddbaddb3e0a40a1ed968f56aa_JaffaCakes118
Size

1.3MB
MD5

2854a4bddbaddb3e0a40a1ed968f56aa
SHA1

098c8dd1210aa624f01980f05b3b07f07a127912
SHA256

b8045b7a2655f2ad70c452a56a99e1c3456ac827e24b7e6a459c4d891eb3aa2f
SHA512

35d86adf904605c20281f5e8ddc6847e577bfc99ee56c3843217478caff0349f6e19a3ec857a8058b121922ca785a045547c4c706ec194cd6a5e0b5b51a1ee17
SSDEEP

24576:1HYNza40GmlVMNkpYTBxuOS318YbSeJrONaVlIpPjdeyzJsLgNvrFHy:1YQ5GmlVMNkpqxsSQSTklispQFHy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/kdndkey/科鼎-诺顿KEY共享精灵.exe

Files

2854a4bddbaddb3e0a40a1ed968f56aa_JaffaCakes118
.rar
kdndkey/下载银行-提供免费绿色软件下载.url
.url
kdndkey/下载银行.txt
kdndkey/科鼎-诺顿KEY共享精灵.exe
.exe windows:4 windows x86 arch:x86

f76cbc4dfbe2d2d9a46e77eb103731df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA

user32

GetClipboardData

gdi32

SaveDC

winmm

midiStreamClose

winspool.drv

OpenPrinterA

advapi32

RegCreateKeyExA

shell32

SHGetFileInfoA

ole32

CLSIDFromProgID

oleaut32

VariantClear

comctl32

ImageList_SetBkColor

ws2_32

WSAAsyncSelect

comdlg32

ChooseColorA

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: 500KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1000KB - Virtual size: 1000KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ