a15ba2635a8f374c4abd443c0b098352_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a15ba2635a8f374c4abd443c0b098352_JaffaCakes118
Size

171KB
MD5

a15ba2635a8f374c4abd443c0b098352
SHA1

064fad0e327042cc0cbe0de2fbd5d9697eb2b5ae
SHA256

ce5a0719b1a6ed6687dd768df2634927f24ad72d4c3b6d26b4a41bebeb8fd16b
SHA512

60fccca989e2e893b9a05afa007111c1ac9eae280e271d5db05fabbb9beef54e1323930450c0d1ed24fd43d52c58f97c2ba266667e678da485d171b0d41425c9
SSDEEP

3072:LGfv6O4Wc3uSUjxNoaOHFfRdcFMLmMUg+2sPWZuYacIR+/Rw88NsxKpzW:L/F3LUjvoRHFfbm39HhYTIRNixKpK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/invoice_2318362983713_823931342io.pdf.exe

Files

a15ba2635a8f374c4abd443c0b098352_JaffaCakes118
.zip

Password: infected
invoice_2318362983713_823931342io.pdf.exe
.exe windows:5 windows x86 arch:x86

308fe2649c586660c71bc787d65e54fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveArgsA
StrCmpNIA
PathMatchSpecW
IsCharSpaceA
PathMakeSystemFolderA
PathIsRelativeA
PathIsSameRootA
PathParseIconLocationW
PathIsUNCServerA
ord14
ChrCmpIW
PathAddExtensionW
PathCombineW
PathQuoteSpacesA
ord157
PathIsRootW
ord29
PathRenameExtensionA
PathIsPrefixA
PathRelativePathToW
ChrCmpIA

kernel32

GetPrivateProfileIntW
LocalFree
WinExec
DeleteCriticalSection
GetUserDefaultUILanguage
FindNextFileA
GetOEMCP
SetCurrentDirectoryW
LocalAlloc
CreateFileMappingA
GetCompressedFileSizeA
GetEnvironmentVariableA
GetConsoleAliasExesLengthW
SizeofResource
GetDriveTypeA
WriteFile
VirtualQueryEx
IsBadReadPtr
GetCurrentThread
GetTickCount
LocalUnlock
GetEnvironmentVariableW
GetSystemDefaultUILanguage
FreeLibrary
GlobalAddAtomA
HeapFree
GetLogicalDrives
GetSystemDefaultLCID
GetModuleHandleW

user32

CallWindowProcW
GetProcessDefaultLayout
UpdateWindow
GetClipboardOwner
AppendMenuA
GetCaretPos
GetSysColor
DestroyCursor
GetClipboardData
GetScrollInfo
FlashWindowEx
GetAsyncKeyState
SetLastErrorEx
InflateRect
GetCapture
EnumClipboardFormats
ShowCaret
CopyAcceleratorTableA
IsWindowEnabled
DdeQueryNextServer
LoadBitmapA
DeleteMenu
HideCaret
GetWindowTextLengthW
SwapMouseButton
VkKeyScanA
AllowSetForegroundWindow

Exports

Exports

?AidsvowsBootFaysGiveCuesmadslallcarlwot@@YGXACMACUPelfOdasbachSlitfogymug@@UIniaAmiaMeedfohfe@@PCUDelsYagiNesskopen@@AC_W@Z
?HermArcoludeUmpsjiaoTareOhmsLimetumpdentdellAlifboosmy@@YGEACHUtagLOGFONTA@@PCU_SECURITY_ATTRIBUTES@@PCGUSagsduetLowechies@@PCUGrayEyneCombpupen@@I@Z
?MayoapoddrekheftExedqueyAlkypap@@YGXACUFlatmisscolyHantOldyspy@@UDecoappsSarigatet@@ACUtagMSG@@ACJACEHD@Z
?NegsgirlGhisKikeMeouCapeLimoslitcobsafarRyotkindbahpi@@YGEPCUDiteDadaArtyMuniod@@PCG@Z
?OilspocoShopGlutNapeTyroapedfiscjo@@YGGXZ
?PhatStumgatsli@@YGGN@Z
?RipewindCoofdoryYockFrogPertDuadfansLekezoeabranOkaydot@@YGGACUKinkKithHethon@@PCH@Z
?SpryBursApedfohnBangbes@@YGXPCIPCKUSobacruxboltRant@@ACUtagLOGBRUSH@@ACU_GUID@@H@Z
?StawpelfOdasbachSlitfogywipeIniaMeedfoh@@YGGACUtagBITMAP@@PCUtagRECT@@UDelsYagiNessBrisganaa@@PCIACKUtagLOGFONTA@@ACH@Z
?ZitsLakhmushKithHethGapeuveaMunsNoonRandJuteHuntFiconom@@YGXUHearWheymu@@D@Z
?solidStroke@@YGKXZ
AsksmaceaglyBubuPulsKaifTeasMistPeelGhisPrimChaoLyreroeno
BagsSpicDollBikeAzonPoopHamsPyasmap
BardHolyawe
BathEftsDawnvilepughThroCymakohloverMitefuzerat
BemaCadsPodsWavyCedeRadsbrioOustPerefenom
BullbonyaweeWaitsnugTierDriblibye
CameValeWauler
CedeSalsshulLimyThroliraValeDonabox
CellrotoCrudUntohighCols
DenyLubeDunssawsOresvarut
DragRoutflusCrowPeatmownNewsyaksSerfmare
Dumpcotsavo
DungBadebankBangGelthoboCocaBozotsksWheyVaryShoghoseNipsCadisi
ExitRollWoodGumsgamaSloerevsWussletssinkYearZitiryesHypout
FociTalcileador
GeneAilshe
GhisGoodHowlCoonCigscateged
GimpWadsdashHoraYardSeatDeanScanscowRantKeasfib
Haesourfe
HoggSoonLasstwaeNapeCeilBawlscopdub
Icontellnoway
ImidslatJokyCombdrubChefBilkSale
IzararfsFlamWostAirsconsMouefemelallPoretweeSacsOxidMinx
JabsNaveFateLariManyLeeksecshiesBawlwoo
KatsDoreOmerBetsKoraKeef
KineChamLows
LeerMiff
MaarSectFiscNextMattbamsErasnimstoeaBadshon
MarkMokeOsesShwaSkegpornlimemim
MeanOrrabirogirtWorkGawpSassPirnVinoLotaPledEidefe
NextLoveOralwanySurfhm
NisiBoyolineJiaoveryObiaowedblamHaetMaulweensky
OastcabskamiKartDumbInksSomsMass
PeckQuinFillrillsaw
RamilimaputtHastJobs
RemsSlaySoreAnoaaxalbuffusesemeuMapsyogaHangLoud
RidsFineZingMickMomsdue
SeminerdsoloseenYaginobox
SiretomsbritGrewIckyNapaLumsBoaren
SlabKitsSlayseptPfftjiffSabsdeskOafsNowtMemsKirnKepiMiffDunt
SoldKartAgueiliaRushWauldhal
SuitplieGunsMaidBaitFeusJiaotodycolyAlbsLuneToyspe
SungActaKopsMaarposyparefuzedeck
ToeaTailecusGeesSoliCadeSpueEndsPlaykaphall
Vavsrubepodsjadebrooli
VeerCrawFlateel
WainMeekPinyWonkpooflaudsir
WhopTestrangrapsdebsTzarNipaYins
YeukMags
ZetaBeduPirnhipsjailTingSrisTeleAposhuskNameHoerflagemuwo

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

308fe2649c586660c71bc787d65e54fd

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 45KB

.data Size: 74KB - Virtual size: 74KB

.itext Size: 2KB - Virtual size: 2KB

.pdata Size: 95KB - Virtual size: 95KB

.rsrc Size: 22KB - Virtual size: 22KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 45KB - Virtual size: 45KB

.data
Size: 74KB - Virtual size: 74KB

.itext
Size: 2KB - Virtual size: 2KB

.pdata
Size: 95KB - Virtual size: 95KB

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 5KB - Virtual size: 5KB