b0a12d417a11a0b002e63d04a55579fb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b0a12d417a11a0b002e63d04a55579fb_JaffaCakes118
Size

111KB
MD5

b0a12d417a11a0b002e63d04a55579fb
SHA1

b24b2cacd96ac45323c962982e4f68b51f857035
SHA256

79d91fcd17eb6a3537079805e23dece2e33b6d188c1645d100e7ae3981397010
SHA512

3c90fa3027bb7a03e40ee94e8668f263fb2a31a90e31c09c31c0626a94caedb02a364e9ae8c8ed6ec53bbc4400a218ca08b5a1842cada056d25112a8ca05bc38
SSDEEP

3072:boPfpDXIIvE62bLtI5uu8otM50Z60NwtCC:boPRXIIvErIPM6Z60W7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/UNheil_/UNheil 01/1unhe1l.exe

Files

b0a12d417a11a0b002e63d04a55579fb_JaffaCakes118
.rar
UNheil_/UNheil 01/1unhe1l.exe
.exe windows:4 windows x86 arch:x86

a6e6f9cdd81c0d4c0d6ee4f96278eb59

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
LoadLibraryA
CloseHandle
VirtualFreeEx
Process32Next
ReadFile
GetProcAddress
GetCompressedFileSizeA
WriteProcessMemory
CreateRemoteThread
CreateToolhelp32Snapshot
Process32First
GetFileAttributesA
VirtualProtectEx
VirtualAllocEx
WaitForSingleObject
OpenProcess
GetModuleFileNameA
Module32First
Module32Next
CreateFileA
GetModuleHandleA
GlobalFree
WriteFile
GlobalAlloc
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.modu
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UNheil_/UNheil 01/standard.ini
.vbs

Sharing

General

Malware Config

Signatures

Files

a6e6f9cdd81c0d4c0d6ee4f96278eb59

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 4KB

.modu Size: 192KB - Virtual size: 192KB

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 4KB

.modu
Size: 192KB - Virtual size: 192KB