250124-pr6r5szndk_pw_infected[.]zip | Triage

Sharing

General

Target

250124-pr6r5szndk_pw_infected.zip
Size

105KB
MD5

b5f0291d97a3624403287d5d91c9b51f
SHA1

7d257ddebbc9194eaaa836b6a22bf08dca13b5dc
SHA256

c26f3cc9f4399c0950f5274abd97df89d3e7dfe70e94c2a668ed373bca42949c
SHA512

37b516b4d1f8d6aab17f38c48dd112f6dbffa0ea0810d6cc295b03eb8411ddb4d1781edc36570a369dd0b8b44fab0e4d960eb2a531142b85afc83efc309ff291
SSDEEP

3072:j5QqHuoOjW5ZeGTYNMrxkaVKkaC/AhwOn4Rt2s6:jvuoOjUZeeQkYTxs6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/JaffaCakes118_2176529b30915c8261a84c1bc4b078cb

Files

250124-pr6r5szndk_pw_infected.zip
.zip

Password: infected
JaffaCakes118_2176529b30915c8261a84c1bc4b078cb
.exe windows:65535 windows x86 arch:x86

01c346d3fd4dc239e01e38adb74cfd72

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
CreateFileA
VirtualProtect
GlobalAlloc
VirtualAlloc
GetDateFormatA

msvcrt

__setusermatherr
__p__fmode
__set_app_type
_except_handler3
__p__commode
_adjust_fdiv
_initterm

Sections

.text
Size: 60KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsr1
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE