0b26e13be1c474b5a83bbc97cdd877e2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b26e13be1c474b5a83bbc97cdd877e2_JaffaCakes118
Size

66KB
MD5

0b26e13be1c474b5a83bbc97cdd877e2
SHA1

d42b10675c9b2f458cf4c843ebb4cf05f57b6f4f
SHA256

27f5893a604f6340e2a33638c2674c1b14d678f9c10aead70df5a722b51f72fe
SHA512

34b791e3ce09f5283955c315200cdfb08bd9605825ae9ebd3a63fce9d976e499fd9f67d4185e966851db131bbe0586603e4451e765b0c61e9429147281c77df4
SSDEEP

1536:KLHYmzkCMLoq0v8T5fQHXKk88Hj10DnIsGqhiP:wyCMLoq/lYahQjuIsG/P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dhcpapp.exe

Files

0b26e13be1c474b5a83bbc97cdd877e2_JaffaCakes118
.zip

Password: infected
dhcpapp.exe
.exe windows:5 windows x86 arch:x86

eabed63197561d3ec243aa0692dfc5ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

GGWweeEEE.pdb

Imports

msvcrt

memset

shell32

SHGetFileInfoA

user32

LoadCursorW
RegisterWindowMessageW
DestroyWindow
IsIconic
CharUpperW
RegisterClassExW
SetClassLongA
SetWindowLongA
MessageBeep
GetSystemMenu
LoadAcceleratorsW
LoadImageW
DestroyAcceleratorTable
TrackMouseEvent
GetWindowPlacement
SetWindowLongW

kernel32

GetBinaryTypeA
FlsGetValue
GetModuleFileNameA
VirtualQuery
GetModuleHandleA
WTSGetActiveConsoleSessionId
IsSystemResumeAutomatic
FlsFree
HeapFree

oleaut32

BSTR_UserSize

advapi32

OpenBackupEventLogW

netapi32

NetLocalGroupGetMembers

msi

ord29

ws2_32

htonl

msacm32

acmDriverClose
acmDriverEnum
acmDriverID
acmDriverAddA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.FXmJ
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

L
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

GBte
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TGS
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

eabed63197561d3ec243aa0692dfc5ca

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

shell32

user32

kernel32

oleaut32

advapi32

netapi32

msi

ws2_32

msacm32

Sections

.text Size: 11KB - Virtual size: 10KB

.FXmJ Size: 1024B - Virtual size: 4KB

L Size: 17KB - Virtual size: 17KB

GBte Size: 40KB - Virtual size: 39KB

TGS Size: 34KB - Virtual size: 34KB

.zdata Size: 2KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 10KB

.FXmJ
Size: 1024B - Virtual size: 4KB

L
Size: 17KB - Virtual size: 17KB

GBte
Size: 40KB - Virtual size: 39KB

TGS
Size: 34KB - Virtual size: 34KB

.zdata
Size: 2KB - Virtual size: 1KB