250313-tj19xaw1by_pw_infected[.]zip | Triage

Sharing

General

Target

250313-tj19xaw1by_pw_infected.zip
Size

2.7MB
MD5

60e3b6b3a2c0c19e611281128ae589c6
SHA1

eb2587ea9c9942993dc71c562496d824fc1e6fad
SHA256

854341477672c733cc10729e9884611efe981bd9247c28775cdc315484c4e39e
SHA512

0118447beed44fc0e789dbf0fb774b95c567d17a016f279a46b41c693668eed5950d0c16de325eeff6c0a01de6bc7faebdeb8a2b3d3b11c5d2f94a66913ab21d
SSDEEP

49152:zvG4QxLEG7/uHGv2YGoCMHUCTHHEB0qxZuTid7PzGPtTjQWCUCKsp5bUrGLqP8V7:yvLEGyHGvA2g0mZu27KVXrkXAyLqEOM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/JaffaCakes118_714f91561ccf194bb1472dcd6d41e133

Files

250313-tj19xaw1by_pw_infected.zip
.zip

Password: infected
JaffaCakes118_714f91561ccf194bb1472dcd6d41e133
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 27KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 246KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Inel
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE