b6040f202d05242176b1731480d7440f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b6040f202d05242176b1731480d7440f_JaffaCakes118
Size

3.5MB
MD5

b6040f202d05242176b1731480d7440f
SHA1

894fb92c00c75bb985114d5920ccd46a71b184be
SHA256

2cf69dd144ffc09985a2153fa00840f8b3f0c5c3207ba1042ce2cf7d6ac634de
SHA512

fb8d688b6ddcb98a3c94d579a18b14516b9798fe4306a5c879c8ab137c530d3de0481211c80dc2eda48d37f4322c77fbde86c3bff1899650783624f6fe6d59d1
SSDEEP

49152:4icLhfhqVJyx6GBDQEhw23T83Fv3oMzAFokLnRgKGH38YidJu:4iclXPFQEwMTkFv3oMz8FYidJu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/exloader.rar-ec79df5230.exe

Files

b6040f202d05242176b1731480d7440f_JaffaCakes118
.iso
out.iso
.iso
exloader.rar-ec79df5230.exe
.exe windows:4 windows x86 arch:x86

d790cc8bddb11a889ee4d76773e39b1c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
towlower
isalnum
_filelengthi64
fwrite
fread
_telli64
_tzset
fseek
_ftol
_timezone
_daylight
mktime
localtime
strtol
fprintf
fclose
fopen
_errno
_strnicmp
toupper
memmove
strstr
wcsstr
tolower
_stricmp
strncmp
srand
rand
strchr
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_except_handler3
_fileno

kernel32

GetStartupInfoA
GetModuleHandleA
GetFileSize
WriteFile
ReadFile
GetFileTime
CloseHandle
LocalFileTimeToFileTime
SetFileTime
CreateFileA
GetFileAttributesA
FindFirstFileW
FindNextFileW
FindClose
GetVersionExA
GetModuleFileNameA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
ExitProcess
BackupSeek
AreFileApisANSI
CreateNamedPipeW
BackupWrite
CreateDirectoryExA
CreateNamedPipeA
AllocConsole
GetQueuedCompletionStatus
RemoveDirectoryA
OutputDebugStringW
GetVolumeInformationW
DebugActiveProcess
DebugBreak
SetFileAttributesA
GetSystemDirectoryW
ClearCommBreak
CreateFileMappingW
CreateEventA
CreateDirectoryExW
CreateEventW
lstrcmpiA
CreateDirectoryW
OpenProcess
LeaveCriticalSection
CreateMutexA
CreateMailslotW
VirtualProtect
CreateDirectoryA
ResumeThread
CreateMutexW
RaiseException
GetLastError
GetCommandLineA
GetProcAddress
GetCommandLineW
GetACP
GetVersion
LoadLibraryW
DeviceIoControl
CreateFileW
GetCurrentDirectoryA
Sleep
GetOEMCP
FormatMessageA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
FileTimeToSystemTime
GetSystemTime
GetLocalTime
GetFullPathNameW
GetFullPathNameA
GetCurrentDirectoryW
MoveFileW
MoveFileA
CopyFileW
CopyFileA
DeleteFileW
DeleteFileA
SetFilePointer
GetFileAttributesW
SetFileAttributesW
SystemTimeToFileTime

user32

GetClassLongW
GetWindowLongA
CopyIcon
RegisterClassExW
IsWindowEnabled
CopyImage
CharNextW
CreateDesktopW
CharUpperBuffW
DestroyWindow
GetClassNameA
CreateDesktopA
CloseWindowStation
GetClientRect
DestroyMenu
TranslateMessage
AppendMenuA
GetSysColor
CopyAcceleratorTableA
SetClassLongA
BeginPaint
ReleaseDC
GetSubMenu
GetMessagePos
SetWindowLongW
CharNextA
SetCaretPos
CreateCursor
CreateCaret

advapi32

RegOpenKeyW
LookupPrivilegeNameA
ClearEventLogW
AdjustTokenGroups
RegSetValueExA
RegEnumValueA
AccessCheckAndAuditAlarmW
AccessCheckAndAuditAlarmA
AreAnyAccessesGranted
RegQueryValueExA
RegEnumValueW
RegDeleteKeyA
AbortSystemShutdownA
ClearEventLogA
AccessCheck
RegDeleteValueW
InitializeSid
BackupEventLogA
AddAuditAccessAce
RegQueryValueW
AreAllAccessesGranted
RegCreateKeyExA
RegCloseKey
AddAccessAllowedAce
BackupEventLogW
AddAccessDeniedAce
IsValidSid
AllocateLocallyUniqueId
OpenEventLogA
GetUserNameA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Ke2f24
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Le2f25
Size: 444KB - Virtual size: 30.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d790cc8bddb11a889ee4d76773e39b1c

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.Ke2f24 Size: 96KB - Virtual size: 95KB

.Le2f25 Size: 444KB - Virtual size: 30.4MB

.tls Size: 8KB - Virtual size: 5KB

.rsrc Size: 156KB - Virtual size: 153KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.Ke2f24
Size: 96KB - Virtual size: 95KB

.Le2f25
Size: 444KB - Virtual size: 30.4MB

.tls
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 156KB - Virtual size: 153KB