30b871455e8e2268bd8df95f7f287f42_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

30b871455e8e2268bd8df95f7f287f42_JaffaCakes118
Size

120KB
MD5

30b871455e8e2268bd8df95f7f287f42
SHA1

f914684ea83f3310a74f79be90e676863fb1611a
SHA256

559d96d1855f9501e7d2f8a46bf4186d50de8712c95452ebc8bc5dea288fc4f9
SHA512

98314c743522e7b532c1e8c7480bcc10306fd5c92693eb9e42e8afec02eeffe4494836609a95e4160c1aa3ff6aea63ae4829765b026a370e3a8cd1bbe12bfdf5
SSDEEP

3072:q7DLn2P72VGEQ1lBVN/pzBZar1Sa59X1C5zqKQO:q7i7bpVZwcOC9qRO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/amdin

Files

30b871455e8e2268bd8df95f7f287f42_JaffaCakes118
.zip

Password: infected
amdin
.exe windows:5 windows x86 arch:x86

03c40ab39f08c704cdb9c4f7c3b37ed6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

RegisterClassA
GetMenu
ShowWindow
UpdateWindow
DestroyWindow
MessageBoxA
GetSystemMetrics
CreateWindowExA
EndPaint
LoadCursorA
LoadIconA
AdjustWindowRect
EndDialog
InvalidateRect
wsprintfA
SetWindowTextA
DrawMenuBar
BeginPaint
LoadStringA
IsIconic
MoveWindow
PostQuitMessage
GetWindowLongA
DialogBoxParamA
DefWindowProcA
EnableMenuItem
GetWindowRect
SendMessageA
SetWindowPos
PostMessageA
GetMessageA
TranslateMessage
DispatchMessageA
MessageBeep

comdlg32

GetOpenFileNameA

shell32

SHGetSpecialFolderLocation
ShellExecuteW
SHGetFileInfoW
SHGetPathFromIDListW
SHBrowseForFolderW
SHFileOperationW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemFree

advapi32

RegCloseKey
RegQueryValueExW
RegSetValueExW
RegEnumKeyW
RegOpenKeyExW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW

gdi32

GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject
SetBkColor

comctl32

ImageList_Destroy
ImageList_Create
ImageList_AddMasked

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

TlsAlloc
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
DecodePointer
EncodePointer
IsDebuggerPresent
HeapSetInformation
GetCurrentProcessId
MultiByteToWideChar
LCMapStringW
lstrcpyA
SetHandleCount
TlsGetValue
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
WriteFile
HeapFree
SetEnvironmentVariableA
Sleep
LoadLibraryW
RtlUnwind
IsProcessorFeaturePresent
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
LoadLibraryA
LCMapStringA
SetStdHandle
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetProcAddress
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
QueryPerformanceCounter
FlushFileBuffers
IsValidCodePage
VirtualQuery
GetSystemInfo
VirtualProtect
HeapSize
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetStartupInfoW
GetProcessHeap
RaiseException
GetLocaleInfoA
GetTickCount
GlobalFlags
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
GetVersionExA
GetFileTime
GetVolumeInformationW
DuplicateHandle
GetFileSize
UnlockFile
LockFile
GetStringTypeW
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStdHandle

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

03c40ab39f08c704cdb9c4f7c3b37ed6

Headers

DLL Characteristics

File Characteristics

Imports

user32

comdlg32

shell32

ole32

advapi32

gdi32

comctl32

version

kernel32

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 110KB - Virtual size: 110KB

.data Size: 3KB - Virtual size: 86KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 110KB - Virtual size: 110KB

.data
Size: 3KB - Virtual size: 86KB

.rsrc
Size: 5KB - Virtual size: 5KB