0d05e6e9237fa894e5ffed7a35372a95_JaffaCakes118

General

Target

0d05e6e9237fa894e5ffed7a35372a95_JaffaCakes118
Size

4.2MB
MD5

0d05e6e9237fa894e5ffed7a35372a95
SHA1

a02cf1db2a75c0c3f3dbabc93b9ba6386d3565d3
SHA256

c278a3a4cfde678a76ce73e62b07c6938abd9404998e22c9147b3b6bc440b426
SHA512

0ad0a65bd3e00191e26a0316e2ef38ee2d39bf9322b1ce4199228dbe1cdb7f10df4b789fd9f322dae0a0a56ada5bfe905e902eb7b2db08f69ab5d08e22cac889
SSDEEP

98304:4yAup2rn/1OKLgtxO1uVRRzKGGKhoZuYXzRu3rVwWYrbMJjqGjN:d/p2rnUZVRZp1hoA+8V6rbMJj5Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/UUӢ6.7/UUӢ.exe
unpack001/UUӢ6.7/updata.exe

Files

0d05e6e9237fa894e5ffed7a35372a95_JaffaCakes118
.zip
UUӢ6.7/UUӢ.exe
.exe windows:4 windows x86 arch:x86

f718718f5a298e4d9d33ef1586d63169

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetDC

gdi32

SaveDC

gdiplus

GdipDeletePen

ole32

OleRun

imm32

ImmGetContext

shell32

ShellExecuteA

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

comctl32

ord17

shlwapi

PathFileExistsA

winmm

PlaySoundA

oleaut32

UnRegisterTypeLi

oledlg

ord8

ws2_32

getpeername

wldap32

ord29

comdlg32

ChooseFontA

Sections

.MPRESS1
Size: 3.6MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UUӢ6.7/updata.exe
.exe windows:4 windows x86 arch:x86

fa93940737f1e22e8799e448996d79e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetDC

gdi32

SaveDC

gdiplus

GdipDeletePen

ole32

OleInitialize

imm32

ImmGetContext

shell32

ShellExecuteA

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

comctl32

ord17

shlwapi

PathFileExistsA

winmm

PlaySoundA

oleaut32

UnRegisterTypeLi

ws2_32

getpeername

comdlg32

ChooseColorA

Sections

.MPRESS1
Size: 573KB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
˵.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

f718718f5a298e4d9d33ef1586d63169

Headers

File Characteristics

Imports

kernel32

user32

gdi32

gdiplus

ole32

imm32

shell32

winspool.drv

advapi32

comctl32

shlwapi

winmm

oleaut32

oledlg

ws2_32

wldap32

comdlg32

Sections

.MPRESS1 Size: 3.6MB - Virtual size: 7.5MB

.MPRESS2 Size: 4KB - Virtual size: 3KB

.rsrc Size: 71KB - Virtual size: 71KB

fa93940737f1e22e8799e448996d79e9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

gdiplus

ole32

imm32

shell32

winspool.drv

advapi32

comctl32

shlwapi

winmm

oleaut32

ws2_32

comdlg32

Sections

.MPRESS1 Size: 573KB - Virtual size: 3.3MB

.MPRESS2 Size: 4KB - Virtual size: 3KB

.rsrc Size: 16KB - Virtual size: 15KB

.MPRESS1
Size: 3.6MB - Virtual size: 7.5MB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 71KB - Virtual size: 71KB

.MPRESS1
Size: 573KB - Virtual size: 3.3MB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 16KB - Virtual size: 15KB