297cc54f643402a8eedb353012d7719b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

297cc54f643402a8eedb353012d7719b_JaffaCakes118
Size

385KB
MD5

297cc54f643402a8eedb353012d7719b
SHA1

38a5051dbb66baf948f4effc3fba5d9028023776
SHA256

7ed5dd28fec2866f48f47dfb0e3f7dc44f933eed0db67e14b196cc13852bb765
SHA512

a96d18e28a957ec03681130b1bf278a2f29f6eb491ec2dad15dc269ec06e34bd6d21f4d8c26a076a68d9dba74864b598820c7bd3235ee032cc9dc9042c14f90c
SSDEEP

6144:8hl7rqvSlmnwlkINgOKn0RF+6GidH+rNneFGkBeb2CWaTlahxqWkEGN8clKf7lHg:67rqDwlkogH0RF+Yt0eYkFMUqAGLQP4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Boleto Numero 16438-2013.cpl

Files

297cc54f643402a8eedb353012d7719b_JaffaCakes118
.zip
Boleto Numero 16438-2013.cpl
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CPlApplet

Sections

CODE
Size: 638KB - Virtual size: 638KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ