a9c252537feef49a1538fdfb3c92f137_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a9c252537feef49a1538fdfb3c92f137_JaffaCakes118
Size

199KB
MD5

a9c252537feef49a1538fdfb3c92f137
SHA1

8ba4cd4d331e4fb5266ed1407bf663bb781aba8c
SHA256

4d2991c16814485b6a0abc3fc937c630543c1636ce55ef31b96a6116d0503458
SHA512

0792e9ca0f418914217437bb31e038115dfeef3a4be2793899594035617d15bc356c20e1746fc68050d48fc2c5439b9c2538c921bb016d572aae6dd0326277ba
SSDEEP

6144:3kSjcyhyNG5O6f6Q03id+iM/orPNZgjcxXpXcCe:1hVI6f6X3iEiMArPNqIppXcd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ups_ct1_eml_Tracking_000000039387_2015_03_01_019382_de_version_de_0029329987268.exe

Files

a9c252537feef49a1538fdfb3c92f137_JaffaCakes118
.zip
ups_ct1_eml_Tracking_000000039387_2015_03_01_019382_de_version_de_0029329987268.exe
.exe windows:4 windows x86 arch:x86

3b7bcc86a5ff7d477f845fa752874109

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3742
ord640
ord818
ord860
ord323
ord540
ord800
ord567
ord825
ord3663
ord3626
ord2414
ord5785
ord4275
ord2152
ord3573
ord1641
ord4133
ord4297
ord5788
ord472
ord823
ord6170
ord5875
ord858
ord3619
ord816
ord562
ord2859
ord755
ord1640
ord470
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord796
ord674
ord554
ord529
ord366
ord807
ord2494
ord2627
ord2626
ord6000
ord2117
ord4163
ord6625
ord4457
ord5252
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord3259
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2558
ord6215
ord617
ord5301
ord5214
ord296
ord5503
ord2635
ord986
ord520
ord4159
ord6117
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord324
ord641
ord4234
ord1175
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord4614
ord4613
ord1920
ord4262
ord4589
ord4899
ord5076
ord4341
ord4349
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord4432
ord784
ord537
ord517
ord5260
ord6131
ord6216
ord4723
ord2535
ord2367
ord2294
ord2362
ord1576
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord2725
ord3571
ord1168

msvcrt

_controlfp
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__CxxFrameHandler
_setmbcp
_ftol
_CIpow
malloc
free
fclose
fprintf
fopen
_exit
_XcptFilter
exit
_acmdln

kernel32

Sleep
SetCommBreak
GetStartupInfoA
FreeEnvironmentStringsW
GetLocaleInfoA
GetThreadTimes
GetOverlappedResult
GetTickCount
GetEnvironmentVariableW
GetEnvironmentStrings
MulDiv
GlobalUnlock
GetModuleHandleA
lstrcpynA
FindNextFileA

user32

GetClientRect
UpdateWindow
EnableWindow
GetDC
ReleaseDC
InvalidateRect
RegisterWindowMessageA
GetKeyboardState
SendMessageA
SetForegroundWindow
MessageBoxW
SetRect
FillRect
DrawEdge

gdi32

BitBlt
CreateCompatibleBitmap
GetDeviceCaps
CreateFontIndirectA
GetTextExtentPoint32A
CreateSolidBrush
Rectangle
CreateCompatibleDC

advapi32

RegCreateKeyExW

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b7bcc86a5ff7d477f845fa752874109

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 6KB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 184KB - Virtual size: 183KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 6KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 184KB - Virtual size: 183KB

.reloc
Size: 4KB - Virtual size: 3KB