c0d08a4a149b4feddb5f5ddcbeaa370c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c0d08a4a149b4feddb5f5ddcbeaa370c_JaffaCakes118
Size

40KB
MD5

c0d08a4a149b4feddb5f5ddcbeaa370c
SHA1

595956f5959be6cbd15f18e82782c1e8a85747c0
SHA256

5980847253b8533acb4372052ffcad6bd96ebe396281483a6b1e962a447b0a3f
SHA512

a17ecdb671ce983f7098b61d1f5a2ba89732cc24737f488a7c3f5ce6d65548fc05661bd0e2d495e46751bac65af8078a85027d10805391d5f296576bee4a1ef2
SSDEEP

768:y65VW2bfYE8LKWOX5BPwm5ZQg1yEmF9j36Yctq1xSq1Ac8nsjqzROQsXVIY:yGVLzx8FOXiOY/6fg1xSqDmQqzROQsXH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Update.exe

Files

c0d08a4a149b4feddb5f5ddcbeaa370c_JaffaCakes118
.zip
Action sought against Pakistan army officers for.doc
.doc windows office2003
Update.exe
.exe windows:4 windows x86 arch:x86

f57aaa90aa9e55a081368b6bb10655ad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
GetProcAddress
CopyFileA
SetFileAttributesA
FindClose
FindFirstFileA
GetModuleFileNameA
FindNextFileA
WinExec
CloseHandle
DeleteFileA
CreateDirectoryA
ReadFile
CreateEventA
GetVolumeInformationA
SetEvent
WaitForSingleObject
CreateFileA
LoadLibraryA
GetComputerNameA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetModuleHandleA
ExitProcess
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
WriteFile
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
RaiseException
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
Sleep
HeapSize
RtlUnwind
MultiByteToWideChar
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW

advapi32

SetServiceStatus
StartServiceA
CreateServiceA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CloseServiceHandle
OpenServiceA
OpenSCManagerA

wininet

InternetCloseHandle
InternetOpenA
HttpAddRequestHeadersA
HttpEndRequestA
HttpOpenRequestA
InternetWriteFile
InternetReadFile
InternetConnectA
InternetOpenUrlA
HttpQueryInfoA
HttpSendRequestExA

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
info.bat
info.vbs
.vbs

Sharing

General

Malware Config

Signatures

Files

f57aaa90aa9e55a081368b6bb10655ad

Headers

File Characteristics

Imports

kernel32

advapi32

wininet

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 176B

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 176B