3fa0172b7a4f72786d2e152dabbc3071_JaffaCakes118 | Triage

Sharing

General

Target

3fa0172b7a4f72786d2e152dabbc3071_JaffaCakes118
Size

15KB
MD5

3fa0172b7a4f72786d2e152dabbc3071
SHA1

6fc4f8808be95410d2534f3a7cc7c416bef42895
SHA256

a9d88deb3950e4322b1782c428e946a877590cc2ee43f1faf33aa19a5fe04c6f
SHA512

442a66d2059d508d64aee6f5117890c80a52b92de0046c71ab81b9b5f5b828934a7c87ba0ed681481dc52b336dfea0ed5d389262b3a4a08187d87f6f49e15d0c
SSDEEP

384:OKLujihCgxItR1N/K53vLzS1QQa6donko0bETT:hu+dItZYzSvoko0+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cssrss.exe

Files

3fa0172b7a4f72786d2e152dabbc3071_JaffaCakes118
.zip

Password: infected
cssrss.exe
.exe windows:4 windows x86 arch:x86

def949fe0e8ed999826e75aea6c96e77

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
MoveFileExA
VirtualAlloc
lstrlenA

user32

FindWindowA
wsprintfA

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE