bd483a2ec807d5b070476a4f3aa69b00_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bd483a2ec807d5b070476a4f3aa69b00_JaffaCakes118
Size

586KB
MD5

bd483a2ec807d5b070476a4f3aa69b00
SHA1

dc22aa4200413429055a03ddaf130056fa60b35b
SHA256

79c2b97bae76b06154c8a4e35542439e88dba0acb2bbbeb932e0573acb5c20c9
SHA512

c075b038946ba400f869ba7b2dc3ee0c093e67e6a9bf1868b5102566c1fc07400b0432595a32c719499886a9c3d375105ab2ce41460a4c78c6d99a98091ca974
SSDEEP

12288:anWls4Lod/1z6+Jhq8WUyyACRa7cotkwmElwwEmKyB:t+/h0fyBgbmwEmKyB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/anopka4.yarn

Files

bd483a2ec807d5b070476a4f3aa69b00_JaffaCakes118
.zip

Password: infected
anopka4.yarn
.exe windows:5 windows x86 arch:x86

5d955eb36ffc1f81bc5a8b4046e5df57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\saw\wish\Cent\Them\neighbor\miss\sand\deep\silverworld.pdb

Imports

kernel32

EnterCriticalSection
CreateDirectoryA
ResetEvent
VirtualFree
VirtualProtect
VirtualAlloc
GetProcAddress
LoadLibraryA
WaitForSingleObject
GetCurrentDirectoryA
InitializeCriticalSection
HeapReAlloc
GetStringTypeW
MultiByteToWideChar
LCMapStringW
HeapSize
Sleep
FindFirstChangeNotificationA
GetOEMCP
GetACP
GetCPInfo
LoadLibraryW
GetVolumeInformationA
GetVersion
FileTimeToSystemTime
CreateEventA
ReleaseMutex
CreateMutexA
OpenMutexA
DeleteFileA
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentVariableA
GetExitCodeProcess
GetCurrentThread
PeekNamedPipe
DuplicateHandle
IsValidCodePage
GetLastError
HeapFree
HeapAlloc
RtlUnwind
RaiseException
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapCreate
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
EncodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
IsProcessorFeaturePresent
GetModuleFileNameA
FreeEnvironmentStringsW

user32

RegisterWindowMessageA
TranslateMessage
GetPropA
CreateMenu
DeferWindowPos
BeginDeferWindowPos
SetForegroundWindow
CheckRadioButton
SendDlgItemMessageA
SendMessageA
SetClipboardData
GetIconInfo
IsDialogMessageA
LoadBitmapA
SendMessageTimeoutA
SetWindowTextA

gdi32

ScaleViewportExtEx
ScaleWindowExtEx
DPtoLP
CreateDCA
GetObjectA
DeleteDC
BitBlt
OffsetViewportOrgEx

winspool.drv

DocumentPropertiesA
OpenPrinterA
DeletePrinterConnectionA
EnumPrintersA
ClosePrinter

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoInitialize
CLSIDFromString
CoCreateInstance

avifil32

AVIFileEndRecord
AVIFileInit
AVIFileOpenA
AVIFileInfoA
AVIBuildFilterA

Sections

.text
Size: 442KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

5d955eb36ffc1f81bc5a8b4046e5df57

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

ole32

avifil32

Sections

.text Size: 442KB - Virtual size: 442KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 60KB - Virtual size: 93KB

.rsrc Size: 424KB - Virtual size: 423KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 442KB - Virtual size: 442KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 60KB - Virtual size: 93KB

.rsrc
Size: 424KB - Virtual size: 423KB

.reloc
Size: 8KB - Virtual size: 7KB