47305a1a60162df5e0bb464ad551ae60_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

47305a1a60162df5e0bb464ad551ae60_JaffaCakes118
Size

123KB
MD5

47305a1a60162df5e0bb464ad551ae60
SHA1

d71ebbda0bc077f4b1cb7ba6a673fd31783b5cbd
SHA256

d2f04c1a25ba882550539e27a270e551948af4f639ea4f676411a12d9db997ca
SHA512

b4b915a318dce7805fa473d4c7a2f76e304c2a5cb0b6163cb83340ecb35e4837a257e3c68f18070b60b34acaffc7e8cac4c841986dffdbf5bc37ada3ea7ba2d8
SSDEEP

3072:H7h0oNnmVA2HHMPbb3dq666LWH8VwQcfDVpGu8fub+ujK2qkaEP:HdTNnmV5nA33dq6pLWH8WQcfDfAG+uj/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack002/z1.exe

resource
unpack002/z1.exe

Files

47305a1a60162df5e0bb464ad551ae60_JaffaCakes118
.zip

Password: infected
e7203442015b9c806de58f35e0873fde72f58041cf28b1a0d30c8e3d0bd0f668
.zip
z1.exe
.exe windows:5 windows x86 arch:x86

ac3bacf6423a2fbf9bf42bfdff8b3f53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
UnhandledExceptionFilter
UpdateResourceA
VerifyVersionInfoW
VirtualLock
SuspendThread
WriteConsoleW
WriteFile
lstrcatW
lstrcmpiW
SleepEx
SetUnhandledExceptionFilter
SetTimeZoneInformation
SetLastError
SetFilePointer
ScrollConsoleScreenBufferA
ReleaseMutex
QueryPerformanceCounter
OpenEventW
MultiByteToWideChar
MulDiv
MoveFileExA
LocalUnlock
LocalFree
LocalAlloc
LoadLibraryW
LoadLibraryExA
IsBadWritePtr
InterlockedExchange
GetTimeZoneInformation
GetTickCount
GetThreadPriorityBoost
GetSystemTimeAsFileTime
VirtualAlloc
GetSystemTime
GetSystemDirectoryW
GetSystemDefaultLangID
GetStdHandle
GetModuleHandleW
GetLocalTime
GetLastError
GetFileType
GetFileAttributesW
GetFileAttributesExA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCompressedFileSizeW
GetCommandLineW
FreeLibrary
FormatMessageW
FindNextFileW
FindNextChangeNotification
FindFirstFileW
FindFirstChangeNotificationW
CreateRemoteThread
CreateMutexW
CreateFileW
CreateFileMappingW
CloseHandle
GetModuleHandleA
WaitForSingleObject

user32

DrawStateW
LoadStringW
SetWindowLongW
ToUnicodeEx
LoadIconA

gdi32

OffsetWindowOrgEx
MirrorRgn
GetViewportOrgEx
GetMetaFileBitsEx
GetGlyphOutline
GetCharWidthFloatW
GdiSetPixelFormat
GdiConvertBitmapV5
EngWideCharToMultiByte
EngTextOut
CreatePalette
CreateFontIndirectW
CreateMetaFileA
EndPage
CreateSolidBrush
Polyline
CreateHalftonePalette
CancelDC
GetDCPenColor
DeleteColorSpace
GetBkMode
GetPixelFormat
CloseFigure
GetObjectType
GetColorSpace
GetDCBrushColor
GetMapMode
GdiGetBatchLimit
CreatePatternBrush
GetPolyFillMode
GetFontLanguageInfo
DeleteDC
GdiFlush
GetStockObject
EndPath
STROBJ_bEnum
SelectFontLocal
UpdateICMRegKeyW
XLATEOBJ_cGetPalette
DeleteEnhMetaFile
BeginPath

advapi32

RegCreateKeyExW
RegCloseKey
RegOpenKeyW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetFolderLocation
DragQueryFileW
ExtractIconExA
CheckEscapesW
DragAcceptFiles
Shell_NotifyIconW
SHQueryRecycleBinW
SHGetSpecialFolderPathW
SHGetFolderPathA
SHGetDataFromIDListW
DragFinish

shlwapi

StrRStrIW
StrChrIW

msvcrt

_XcptFilter
__getmainargs
__initenv
__p__commode
__p__fmode
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_exit
_initterm
_iob
_vsnwprintf
_wcsdup
_wcsicmp
_wtoi
_wtol
exit
fprintf
free
fwprintf
malloc
setlocale
toupper
vfwprintf
vswprintf
wcslen
wcsncpy
wcsspn
wcsstr
wprintf

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

ac3bacf6423a2fbf9bf42bfdff8b3f53

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcrt

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 127KB - Virtual size: 127KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 127KB - Virtual size: 127KB

.rsrc
Size: 1KB - Virtual size: 1KB