Ransom;Win32[.]Cerber[.]B[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Ransom;Win32.Cerber.B.zip
Size

214KB
MD5

baaba323153d68cc844b3a0e4cc8eda7
SHA1

08ffceafbf3c75082e5d43a9ffe0a98766b68079
SHA256

edaff93456135f6d0ee3dfa6b0c28f9db2e34770ce50fa43da2d01a59b01de91
SHA512

cc3f45b7ff6457b0979afe77956e4852fc3c80b645eda6f5fb31c6bf9f80a6561d1e65a2abe9c8dc556ba9aa2b6dd66c8dcd6b23175cebdf4d0b868ea32feffa
SSDEEP

6144:0HRsVVWtIDDgNm3CmHRsVVWtIDDgNm3Ck:0sVAIfgNAPsVAIfgNA5

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/92177835733eca45f079163144a87437_JaffaCakes118.exe
unpack001/Ransom;Win32.Cerber.B.exe

Files

Ransom;Win32.Cerber.B.zip
.zip
92177835733eca45f079163144a87437_JaffaCakes118.exe
.exe windows:5 windows x86 arch:x86

e8aed45ee7d990b2de87b6fe7d2dbd5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStrings
lstrcmpW
GetThreadLocale
GetEnvironmentStringsA
GetOEMCP
LockFile
InterlockedExchange
FreeEnvironmentStringsA
CreateFileA
SetHandleCount
VirtualAlloc
GetEnvironmentStringsW
UnlockFile
GetStringTypeW
HeapCreate
lstrlenW
FileTimeToSystemTime
LCMapStringA
GetStringTypeA

user32

GetClientRect
FindWindowA
GetDlgItem
GetCursorPos
GetSystemMetrics
CharToOemBuffA
GetMenuState
GetSysColor

shlwapi

PathFileExistsW
StrCSpnA
PathRemoveBlanksA
ColorRGBToHLS
PathCompactPathExW
SHRegQueryUSValueA
PathRemoveFileSpecW
SHRegSetPathA
PathIsSystemFolderA
SHRegSetUSValueW
StrChrNW
ChrCmpIA
PathIsNetworkPathW
SHRegDuplicateHKey
HashData
StrCmpNIA
PathSetDlgItemPathW
PathRemoveBackslashA
UrlIsA
AssocGetPerceivedType
StrToIntExA
PathCombineW
AssocQueryStringW
UrlCreateFromPathA

gdi32

SetColorAdjustment
SetArcDirection
SetRectRgn
GetStockObject
SelectClipPath
SetTextJustification
CreateHatchBrush
GetPolyFillMode
GetPixel
ArcTo
SetGraphicsMode
GetTextAlign
SetMapperFlags
GetROP2
CreateICW
ModifyWorldTransform
ExtSelectClipRgn
DeleteObject
GetStretchBltMode
PolylineTo
EnumMetaFile
PlayMetaFileRecord
OffsetClipRgn
SetPolyFillMode
GetObjectType
GetViewportExtEx
CreateRectRgnIndirect
GetTextColor
SetAbortProc
GetCurrentPositionEx

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Ransom;Win32.Cerber.B.exe
.exe windows:5 windows x86 arch:x86

e8aed45ee7d990b2de87b6fe7d2dbd5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStrings
lstrcmpW
GetThreadLocale
GetEnvironmentStringsA
GetOEMCP
LockFile
InterlockedExchange
FreeEnvironmentStringsA
CreateFileA
SetHandleCount
VirtualAlloc
GetEnvironmentStringsW
UnlockFile
GetStringTypeW
HeapCreate
lstrlenW
FileTimeToSystemTime
LCMapStringA
GetStringTypeA

user32

GetClientRect
FindWindowA
GetDlgItem
GetCursorPos
GetSystemMetrics
CharToOemBuffA
GetMenuState
GetSysColor

shlwapi

PathFileExistsW
StrCSpnA
PathRemoveBlanksA
ColorRGBToHLS
PathCompactPathExW
SHRegQueryUSValueA
PathRemoveFileSpecW
SHRegSetPathA
PathIsSystemFolderA
SHRegSetUSValueW
StrChrNW
ChrCmpIA
PathIsNetworkPathW
SHRegDuplicateHKey
HashData
StrCmpNIA
PathSetDlgItemPathW
PathRemoveBackslashA
UrlIsA
AssocGetPerceivedType
StrToIntExA
PathCombineW
AssocQueryStringW
UrlCreateFromPathA

gdi32

SetColorAdjustment
SetArcDirection
SetRectRgn
GetStockObject
SelectClipPath
SetTextJustification
CreateHatchBrush
GetPolyFillMode
GetPixel
ArcTo
SetGraphicsMode
GetTextAlign
SetMapperFlags
GetROP2
CreateICW
ModifyWorldTransform
ExtSelectClipRgn
DeleteObject
GetStretchBltMode
PolylineTo
EnumMetaFile
PlayMetaFileRecord
OffsetClipRgn
SetPolyFillMode
GetObjectType
GetViewportExtEx
CreateRectRgnIndirect
GetTextColor
SetAbortProc
GetCurrentPositionEx

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8aed45ee7d990b2de87b6fe7d2dbd5b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

gdi32

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 31KB - Virtual size: 35KB

.rsrc Size: 12KB - Virtual size: 12KB

e8aed45ee7d990b2de87b6fe7d2dbd5b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

gdi32

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 31KB - Virtual size: 35KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 31KB - Virtual size: 35KB

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 31KB - Virtual size: 35KB

.rsrc
Size: 12KB - Virtual size: 12KB