ac98653c16036fcde573c34c02cc2bf6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ac98653c16036fcde573c34c02cc2bf6_JaffaCakes118
Size

198KB
MD5

ac98653c16036fcde573c34c02cc2bf6
SHA1

adc8d9569c1dbb9fb1d39132c2f3229d9c41a638
SHA256

fc15217702b332433079ccd1b797ff2e51c5305241886b03ed7ed55265a1b8eb
SHA512

ca29ddaac8e28932ef5172c0b97b2ac38074b2cfbd8a0febd149d84e322651a04e85a3b44546d538f5b819f0e73d9ddc7370c9351a76cd536d759467dfd6609d
SSDEEP

6144:0h2cYY5O7+jkXajr/Gjwh5w4esl005XKsin:LcH5pIXajr/Gkh5wkXKsin

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/FC37F21CE836B982CA136E18953AF2B9219F526833B255A87A3FD5F6C2AFF167.exe

Files

ac98653c16036fcde573c34c02cc2bf6_JaffaCakes118
.zip

Password: infected
FC37F21CE836B982CA136E18953AF2B9219F526833B255A87A3FD5F6C2AFF167.exe
.exe windows:5 windows x86 arch:x86

10d4770e519099cd000eb141e1d4658f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadAcceleratorsW
GetMessageW
TranslateMessage
DispatchMessageW
LoadIconW
LoadCursorW
RegisterClassExW
DrawTextW
EndPaint
PostQuitMessage
DefWindowProcW
DialogBoxParamW
PostMessageW
DestroyWindow
EndDialog
LoadBitmapW
SendMessageW
CreateWindowExW
UpdateWindow
ShowWindow
BeginPaint
SetWindowTextA
LockWindowUpdate
SetDlgItemTextW
MapWindowPoints
GetCursorPos
EndDeferWindowPos
EnableMenuItem
GetActiveWindow
RegisterClassA
SetWindowLongA
GetClassNameA
ModifyMenuA

kernel32

LCMapStringEx
HeapSize
GetStringTypeW
HeapReAlloc
RtlUnwind
LoadLibraryW
OutputDebugStringW
LoadLibraryExW
IsDebuggerPresent
GetCPInfo
GetOEMCP
FlushFileBuffers
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
GetStartupInfoA
WriteFile
MapViewOfFile
CloseHandle
GetFileSize
CreateFileMappingA
CreateFileA
GetModuleHandleW
HeapFree
GetCurrentDirectoryW
HeapAlloc
Sleep
GetLastError
GetCommandLineW
lstrlenW
GetProcessHeap
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
GetACP
TerminateProcess
GetCurrentProcess
GetCommandLineA
SetLastError
InterlockedIncrement
InterlockedDecrement
CreateFileW
GetCurrentThreadId
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetStdHandle
GetModuleFileNameW
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree

gdi32

CreateCompatibleBitmap
BitBlt
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC

shell32

CommandLineToArgvW

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ndata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

10d4770e519099cd000eb141e1d4658f

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

gdi32

shell32

Sections

.text Size: 124KB - Virtual size: 120KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 16KB - Virtual size: 23KB

ndata Size: 12KB - Virtual size: 8KB

.rsrc Size: 156KB - Virtual size: 152KB

.text
Size: 124KB - Virtual size: 120KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 16KB - Virtual size: 23KB

ndata
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 156KB - Virtual size: 152KB