JaffaCakes118_897cb147efd1d13ce433ef6fefa1a94d | Triage

Sharing

General

Target

JaffaCakes118_897cb147efd1d13ce433ef6fefa1a94d
Size

33KB
MD5

897cb147efd1d13ce433ef6fefa1a94d
SHA1

8c17ccd39cda879db649e1a8c7ad8085c5b8a719
SHA256

9ffaae7cfb1b1d4efc62fbaeeb2bd03023007c51a39b6316b4a01c21e4027ab7
SHA512

9fe1a61e0677104945a56683628bbbf88c8fc2fb1d0919d7f52ef6395714590aa2ae17a14338dcc059b5a7a34a87721857fdc6bd7b1f09e935b590d0f344be05
SSDEEP

768:LO3/ueuLtYDB2adeTYQITMFejvIKNUxlk4YqyUVgoJ5q:LOGeup+8abJwejwKyk1qjgoJ5q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack003/Hotel-Booking_Confirmation.exe

Files

JaffaCakes118_897cb147efd1d13ce433ef6fefa1a94d
.rar
[Spam-Mail]Hotel Reservation [0660437].eml
.eml
- http://www.booking.com
attachment-3
.zip
Hotel-Booking_Confirmation.exe
.exe windows:5 windows x86 arch:x86

e9aba22210f763248853d6da72b1032a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DialogBoxParamA
EnumChildWindows
SetWindowLongW
IsCharAlphaA
GetDesktopWindow
GetActiveWindow
MoveWindow

ole32

CoRevokeClassObject
CoCreateFreeThreadedMarshaler

comctl32

InitCommonControlsEx

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

kernel32

HeapCreate
FindResourceExA
GetDateFormatA
LocalAlloc
HeapFree
GetTickCount
LoadResource
GetStartupInfoA
ExitProcess
HeapDestroy
LoadLibraryA
FreeLibrary
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
SuspendThread
LocalFree
GetTimeZoneInformation
SetFileAttributesA
IsBadStringPtrA

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
email-html-2.txt
.html
email-plain-1.txt