d616d6309f68a4792ea187c1cb586c6a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d616d6309f68a4792ea187c1cb586c6a_JaffaCakes118
Size

1.3MB
MD5

d616d6309f68a4792ea187c1cb586c6a
SHA1

ebc83d353709a887c3d06de4bda3ba6821960405
SHA256

b630f68d9af8acbb835f4aaeb99bea789500806174c0d4d47fc1118d6f2a4d07
SHA512

9e23c9a965162a8747691d87b187dfb4414e7bcbf0f54431cf6abc484c6c6c1178ea5879440b0a282b0bf00778e6eb701256426cbb0b208313902ff85386b8c1
SSDEEP

24576:ISy8FH/900O7vOH3L9C0NABANYbgDBkJ68uMg2fH3bRYyEQKhZgKecE9ZuX4gUtD:X3/O7vOHb0+aY+ueH3C8eZg/zC4gUtGY

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1_rg_1.exe
unpack001/PWmp4.exe

Files

d616d6309f68a4792ea187c1cb586c6a_JaffaCakes118
.rar
1_rg_1.exe
.exe windows:4 windows x86 arch:x86

a492e80f508c6ff62c9b7ecb20937e74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

comctl32

ImageList_SetIconSize

winspool.drv

OpenPrinterA

Sections

CODE
Size: 271KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PWmp4.exe
.exe windows:4 windows x86 arch:x86

88ade1ff30c5c726d0d05e8d3895fccc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetLocaleInfoA
GetModuleHandleA
LoadLibraryA
VirtualAlloc
GetModuleFileNameA
ExitProcess

user32

LoadCursorA
MessageBoxA

advapi32

AdjustTokenPrivileges

oleaut32

VariantCopy

version

GetFileVersionInfoA

gdi32

GetBitmapBits

comctl32

ImageList_GetIconSize

comdlg32

GetOpenFileNameA

ntdll

ZwQueryInformationProcess

Sections

CODE
Size: - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PWmp4-0
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PWmp4-1
Size: - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PWmp4-2
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a492e80f508c6ff62c9b7ecb20937e74

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

gdi32

ole32

comctl32

winspool.drv

Sections

CODE Size: 271KB - Virtual size: 1.4MB

.rsrc Size: 11KB - Virtual size: 12KB

88ade1ff30c5c726d0d05e8d3895fccc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

comctl32

comdlg32

ntdll

Sections

CODE Size: - Virtual size: 425KB

DATA Size: - Virtual size: 6KB

BSS Size: - Virtual size: 19KB

.idata Size: - Virtual size: 9KB

.tls Size: - Virtual size: 16B

.rdata Size: - Virtual size: 24B

PWmp4-0 Size: - Virtual size: 30KB

.rsrc Size: 86KB - Virtual size: 108KB

PWmp4-1 Size: - Virtual size: 824KB

PWmp4-2 Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 512B - Virtual size: 168B

CODE
Size: 271KB - Virtual size: 1.4MB

.rsrc
Size: 11KB - Virtual size: 12KB

CODE
Size: - Virtual size: 425KB

DATA
Size: - Virtual size: 6KB

BSS
Size: - Virtual size: 19KB

.idata
Size: - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: - Virtual size: 24B

PWmp4-0
Size: - Virtual size: 30KB

.rsrc
Size: 86KB - Virtual size: 108KB

PWmp4-1
Size: - Virtual size: 824KB

PWmp4-2
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 512B - Virtual size: 168B