6fd1a474c56272de47bdf1c8b49eb58a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6fd1a474c56272de47bdf1c8b49eb58a_JaffaCakes118
Size

59KB
MD5

6fd1a474c56272de47bdf1c8b49eb58a
SHA1

9bb09cb2f03e6c5d351585f49eee5849fd8f3e69
SHA256

970aed723bc21a20e4aa4420f7df5a478f34a4dab82c0d956457bae5530626d3
SHA512

c1bc8dfc09fd052dbae45ca6d4fc403fabd51e61d216bb7907ca4c989318de12e4bc4e7e56b3177da2533063e70e8ef3d59aae1d18212397a97f51c5121cada9
SSDEEP

1536:UjSL4CdiGkG8HdrNZY+vG77AOwDQkoJUD3FX:uSHnh8HHZY3fAxQkoJUZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WizApp.exe
unpack001/virusmkr.exe

Files

6fd1a474c56272de47bdf1c8b49eb58a_JaffaCakes118
.zip
WizApp.exe
.exe windows:4 windows x86 arch:x86

6541afb9f594cb0af541c3cc47291ea4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

comdlg32

GetOpenFileNameA

gdi32

DeleteObject

kernel32

AddAtomA
CreateMutexA
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineA
GetCurrentDirectoryA
GetEnvironmentVariableA
GetModuleHandleA
GetStartupInfoA
InterlockedIncrement
ReleaseMutex
SetUnhandledExceptionFilter
Sleep
WaitForSingleObject

msvcrt

_stricmp
_strnicmp
__getmainargs
__p__environ
__set_app_type
_cexit
_fileno
_fmode
_iob
_onexit
_setmode
abort
atexit
atoi
exit
fclose
feof
fgets
fopen
fprintf
free
malloc
memmove
memset
realloc
signal
sprintf
strcat
strchr
strcmp
strlen
strtok
strtoul

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

user32

CheckDlgButton
CheckRadioButton
DestroyIcon
DialogBoxParamA
EndDialog
GetClassInfoA
GetDlgItem
GetSystemMetrics
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
IsDlgButtonChecked
LoadIconA
LoadImageA
MessageBoxA
RegisterClassA
SendDlgItemMessageA
SendMessageA
SetClassLongA
SetDlgItemTextA
SetFocus
SetWindowPos
SetWindowTextA
ShowWindow
UnregisterClassA

winmm

PlaySoundA

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 448B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
autoexec.bat
bat2exe.com
bitmap.bmp
changelog.txt
readme.txt
virusmkr.exe
.exe windows:4 windows x86 arch:x86

e31ce200c1d23c59640a83780b431261

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
SetConsoleTitleA
GetConsoleTitleA
GetModuleFileNameA
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
HeapFree
GetLastError
CloseHandle
GetFileAttributesA
SetFilePointer
GetProcAddress
GetModuleHandleA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
GetTickCount
VirtualFree
RtlUnwind
WriteFile
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
ReadFile
CreateFileA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
LCMapStringA
LCMapStringW

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6541afb9f594cb0af541c3cc47291ea4

Headers

File Characteristics

Imports

comdlg32

gdi32

kernel32

msvcrt

shell32

user32

winmm

Sections

.text Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 256B

.rdata Size: 1024B - Virtual size: 876B

.bss Size: - Virtual size: 448B

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 21KB - Virtual size: 21KB

e31ce200c1d23c59640a83780b431261

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 2.2MB

.text
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 256B

.rdata
Size: 1024B - Virtual size: 876B

.bss
Size: - Virtual size: 448B

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 21KB - Virtual size: 21KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 2.2MB