76d32d39a2ddcd07a4dce1aaa31bf3f1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

76d32d39a2ddcd07a4dce1aaa31bf3f1_JaffaCakes118
Size

104KB
MD5

76d32d39a2ddcd07a4dce1aaa31bf3f1
SHA1

cacfed4c4454022407b78f6f956a5307e66f1aa5
SHA256

bfb0292c8b640dbfea20a75a72941db4c7691f2e1661175209ebd06957204902
SHA512

15baa8b67179e1292f649d5c428f56b337c786b98d07c6813452870c248dc529c53a8e3c43940d66104ba17cb3b2510b2e5b241a1abe10217da7f30843c3615a
SSDEEP

3072:eV71EBW8Xx5/PSBw0+xteAUkkl1UNrCLl3:u4Wix5/P3/UkyIrCp3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/emotet_payload_2.exe

Files

76d32d39a2ddcd07a4dce1aaa31bf3f1_JaffaCakes118
.zip

Password: infected
emotet_payload_2.exe
.exe windows:5 windows x86 arch:x86

709fa1a45e0b5f8a1d14a3005c8ded6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

RoundRect
GetCharWidth32A
GetRasterizerCaps

powrprof

SetActivePwrScheme

ntdll

memset

esent

JetCloseDatabase

shlwapi

SHIsLowMemoryMachine
PathCombineA

rasapi32

RasHangUpW

kernel32

GetVersion
lstrcmpiW
GetWindowsDirectoryA
FindCloseChangeNotification
GetUserDefaultLangID
IsSystemResumeAutomatic

advapi32

RegDeleteKeyW

oleaut32

LPSAFEARRAY_UserMarshal

ole32

WriteClassStm

msvcrt

fputc

user32

GetParent
GetCursorPos
GetKeyboardType
GetCursor
IsWindowVisible
DefDlgProcA
ExcludeUpdateRgn
ReleaseCapture
PostQuitMessage
GetClipboardData
PostMessageA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt1
Size: 1024B - Virtual size: 621B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WTI
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT2
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT4
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT0
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

709fa1a45e0b5f8a1d14a3005c8ded6d

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

powrprof

ntdll

esent

shlwapi

rasapi32

kernel32

advapi32

oleaut32

ole32

msvcrt

user32

Sections

.text Size: 13KB - Virtual size: 13KB

.crt1 Size: 1024B - Virtual size: 621B

.pdata Size: 2KB - Virtual size: 1KB

.rdata Size: 26KB - Virtual size: 29KB

.WTI Size: 71KB - Virtual size: 70KB

.CRT2 Size: 30KB - Virtual size: 30KB

.CRT4 Size: 1024B - Virtual size: 536B

.CRT0 Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 13KB

.crt1
Size: 1024B - Virtual size: 621B

.pdata
Size: 2KB - Virtual size: 1KB

.rdata
Size: 26KB - Virtual size: 29KB

.WTI
Size: 71KB - Virtual size: 70KB

.CRT2
Size: 30KB - Virtual size: 30KB

.CRT4
Size: 1024B - Virtual size: 536B

.CRT0
Size: 1KB - Virtual size: 1KB