03bc3427afc1c02de5478918954bd4d9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

03bc3427afc1c02de5478918954bd4d9_JaffaCakes118
Size

787KB
MD5

03bc3427afc1c02de5478918954bd4d9
SHA1

4ca2e23184b76ee465aea86d6cd2a7e9829d5633
SHA256

4d57d1e2a32cd934b56ab0550dc478063499008bca8e33b5e2d1b8b62351d699
SHA512

ec261b4a48f3ece2cce7259d020e46660430e4d046ae3a7f8728679ae2b946fcc5f303176315f57d5c1803d35ed1bdcf0f834e49cbc0f06bce7a4dbb4fd37433
SSDEEP

24576:Ukl4UvoAwWa81RmsbG2gplZh1mGDM++3RyLu:FVoAwWaKmsqZbmEdq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/123.txt

resource
unpack001/123.txt

Files

03bc3427afc1c02de5478918954bd4d9_JaffaCakes118
.7z

Password: infected
123.txt
.exe windows:5 windows x86 arch:x86

db2b6cd08b3d2197485751512ed2b27f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\shafttt\Documents\Visual Studio 2015\Projects\cryptolocker3\1\Release\new 3.pdb

Imports

kernel32

CreateDirectoryW
FindNextFileW
FindFirstFileW
SetFilePointer
GetFileTime
SetFileTime
SetEndOfFile
ReadFile
GetFileSize
CreateFileW
LoadLibraryA
GetVersionExA
MoveFileA
GetFileAttributesW
GetFileAttributesA
SetFileAttributesW
CreateDirectoryA
DeleteFileA
DeleteFileW
GetModuleFileNameW
GetCurrentDirectoryW
GetCurrentDirectoryA
GetFullPathNameW
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FormatMessageA
GetComputerNameW
GetOEMCP
CompareStringW
WriteConsoleW
LoadLibraryW
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
SetEnvironmentVariableA
GetUserDefaultLCID
HeapSize
GetLocaleInfoW
SetStdHandle
GetStringTypeW
IsValidCodePage
GetCurrentProcessId
QueryPerformanceCounter
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetACP
GetTickCount
GetLastError
CreateThread
GetLocalTime
GetSystemTime
CompareFileTime
SystemTimeToFileTime
FileTimeToSystemTime
lstrcpyA
GetTempPathA
CloseHandle
FindNextFileA
GetModuleFileNameA
FindClose
SetFileAttributesA
GetProcAddress
GetLogicalDriveStringsA
FindFirstFileA
GetShortPathNameA
lstrcatA
CreateProcessA
Sleep
GetDriveTypeA
WriteFile
GetCurrentProcess
CreateFileA
GetFullPathNameA
GetComputerNameA
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
HeapFree
GetCommandLineA
HeapSetInformation
RtlUnwind
GetSystemTimeAsFileTime
WideCharToMultiByte
GetTimeZoneInformation
HeapAlloc
GetProcessHeap
RaiseException
LCMapStringW
MultiByteToWideChar
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
IsProcessorFeaturePresent
HeapCreate
GetModuleHandleW
ExitProcess
GetConsoleCP
GetConsoleMode

advapi32

RegOpenKeyExA
RegCreateKeyExA
GetUserNameA
RegCloseKey
CryptAcquireContextA
CryptAcquireContextW
CryptSignHashA
CryptDestroyHash
CryptSetHashParam
CryptCreateHash
RegQueryValueExA
CryptReleaseContext
CryptGenRandom
CryptEnumProvidersA
CryptGetProvParam
CryptExportKey
CryptDestroyKey
CryptGetUserKey
RegSetValueExA

shell32

ShellExecuteA

ws2_32

listen
connect
socket
accept
gethostbyname
recv
send
shutdown
bind
__WSAFDIsSet
select
closesocket
WSAGetLastError
htons
ntohs
inet_ntoa
ioctlsocket
setsockopt
getsockopt
WSAStartup
getsockname
inet_addr

crypt32

CertGetSubjectCertificateFromStore
CertGetCertificateContextProperty
CryptMsgGetParam
CryptMsgControl
CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CryptDecryptMessage
CertCloseStore
CertOpenStore
CryptEncodeObject
CryptEncryptMessage
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertSetCertificateContextProperty
CertNameToStrW
CryptDecodeObject
CertCreateCertificateContext
CertFreeCertificateContext

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 491KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

db2b6cd08b3d2197485751512ed2b27f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ws2_32

crypt32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 491KB - Virtual size: 490KB

.data Size: 76KB - Virtual size: 93KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 111KB - Virtual size: 110KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 491KB - Virtual size: 490KB

.data
Size: 76KB - Virtual size: 93KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 111KB - Virtual size: 110KB