ddd5dce6007fca6c2aeec92b90d3cf10_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ddd5dce6007fca6c2aeec92b90d3cf10_JaffaCakes118
Size

265KB
MD5

ddd5dce6007fca6c2aeec92b90d3cf10
SHA1

2e2afe18782928cbf4fa3327cdaea4eebe8145b7
SHA256

27e1c71d7c109fb5106cc23bf89a8a4d714b238ebcf5c90630a59a944aa830aa
SHA512

f4c8d948da3bcde7a745ad1d882474cc5c1baba7ea66972e3c8ccdfee6c7920240f7a0acca5357095ee86fa85f29aca9cad8d66bf4f2753b1f1a47ece11b3830
SSDEEP

6144:mFIf1lZUFf0VgThWh+1v8EFGW2f7Ev8EFGW2f7L:mkl29RThWh+3mcmL

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack003/PIC0029181100.exe
unpack005/PIC0029181100.exe
unpack007/PIC0029181100.exe
unpack008/PIC0029181100.exe

Files

ddd5dce6007fca6c2aeec92b90d3cf10_JaffaCakes118
.zip
Viruses 03-18-14/.DS_Store
Viruses 03-18-14/original emails/IMG Id 452017407-Pic10HBN TYPE-MMS.eml
.eml
PIC0029181100.zip
.zip
PIC0029181100.exe
.exe windows:4 windows x86 arch:x86

ea231127b410797f744026e5f56d6f6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
VirtualAlloc
GetCommandLineA
GetEnvironmentStrings
GetACP
GetCurrentThread
GetVersionExA
InterlockedDecrement
GetFileSize
TlsAlloc
lstrlenW
GetExitCodeProcess
WriteFile
GetLocaleInfoA
MultiByteToWideChar
QueryPerformanceCounter
ExitProcess
CreateMutexW
HeapReAlloc
GetStartupInfoW
GetStdHandle
LoadLibraryA
Sleep
FormatMessageW
GlobalAlloc
WaitForSingleObject
CreateEventA
TryEnterCriticalSection
GetEnvironmentStringsW
InterlockedExchangeAdd
FreeEnvironmentStringsA
FindResourceW
EnterCriticalSection
FileTimeToLocalFileTime
WideCharToMultiByte
InitializeCriticalSection
GetOEMCP
GetVersionExW
CreateThread
GetCurrentProcess
FindClose
GetModuleFileNameA
GetFileAttributesA
GetModuleFileNameW
HeapDestroy
TlsGetValue
SizeofResource
GetFileType
HeapAlloc
LCMapStringW
LockResource
SetEvent
LocalAlloc
FreeLibrary
CompareStringW
CompareStringA
DeleteFileW
GetCurrentProcessId
GetModuleHandleA
GetVersion
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsW
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsFree
SetLastError
GetLastError
GetEnvironmentVariableA
HeapCreate
VirtualFree
HeapFree
RtlUnwind
LeaveCriticalSection
FatalAppExitA
IsBadWritePtr
GetProcAddress
InterlockedIncrement
LCMapStringA
GetStringTypeA
GetStringTypeW
GetCPInfo
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
SetEnvironmentVariableA

user32

IsCharLowerA

iphlpapi

DeleteIpForwardEntry

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
email-html-2.txt
.html
email-plain-1.txt
Viruses 03-18-14/original emails/IMG Id 683694020-PicETVO7 TYPE--MMS.eml
.eml
PIC0029181100.zip
.zip
PIC0029181100.exe
.exe windows:4 windows x86 arch:x86

ea231127b410797f744026e5f56d6f6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
VirtualAlloc
GetCommandLineA
GetEnvironmentStrings
GetACP
GetCurrentThread
GetVersionExA
InterlockedDecrement
GetFileSize
TlsAlloc
lstrlenW
GetExitCodeProcess
WriteFile
GetLocaleInfoA
MultiByteToWideChar
QueryPerformanceCounter
ExitProcess
CreateMutexW
HeapReAlloc
GetStartupInfoW
GetStdHandle
LoadLibraryA
Sleep
FormatMessageW
GlobalAlloc
WaitForSingleObject
CreateEventA
TryEnterCriticalSection
GetEnvironmentStringsW
InterlockedExchangeAdd
FreeEnvironmentStringsA
FindResourceW
EnterCriticalSection
FileTimeToLocalFileTime
WideCharToMultiByte
InitializeCriticalSection
GetOEMCP
GetVersionExW
CreateThread
GetCurrentProcess
FindClose
GetModuleFileNameA
GetFileAttributesA
GetModuleFileNameW
HeapDestroy
TlsGetValue
SizeofResource
GetFileType
HeapAlloc
LCMapStringW
LockResource
SetEvent
LocalAlloc
FreeLibrary
CompareStringW
CompareStringA
DeleteFileW
GetCurrentProcessId
GetModuleHandleA
GetVersion
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsW
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsFree
SetLastError
GetLastError
GetEnvironmentVariableA
HeapCreate
VirtualFree
HeapFree
RtlUnwind
LeaveCriticalSection
FatalAppExitA
IsBadWritePtr
GetProcAddress
InterlockedIncrement
LCMapStringA
GetStringTypeA
GetStringTypeW
GetCPInfo
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
SetEnvironmentVariableA

user32

IsCharLowerA

iphlpapi

DeleteIpForwardEntry

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
email-html-2.txt
.html
email-plain-1.txt
Viruses 03-18-14/original emails/Proposal Attached.eml
.eml
Proposal.html
.html
email-plain-1.txt
Viruses 03-18-14/payloads in emails/PIC0029181100.zip
.zip
PIC0029181100.exe
.exe windows:4 windows x86 arch:x86

ea231127b410797f744026e5f56d6f6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
VirtualAlloc
GetCommandLineA
GetEnvironmentStrings
GetACP
GetCurrentThread
GetVersionExA
InterlockedDecrement
GetFileSize
TlsAlloc
lstrlenW
GetExitCodeProcess
WriteFile
GetLocaleInfoA
MultiByteToWideChar
QueryPerformanceCounter
ExitProcess
CreateMutexW
HeapReAlloc
GetStartupInfoW
GetStdHandle
LoadLibraryA
Sleep
FormatMessageW
GlobalAlloc
WaitForSingleObject
CreateEventA
TryEnterCriticalSection
GetEnvironmentStringsW
InterlockedExchangeAdd
FreeEnvironmentStringsA
FindResourceW
EnterCriticalSection
FileTimeToLocalFileTime
WideCharToMultiByte
InitializeCriticalSection
GetOEMCP
GetVersionExW
CreateThread
GetCurrentProcess
FindClose
GetModuleFileNameA
GetFileAttributesA
GetModuleFileNameW
HeapDestroy
TlsGetValue
SizeofResource
GetFileType
HeapAlloc
LCMapStringW
LockResource
SetEvent
LocalAlloc
FreeLibrary
CompareStringW
CompareStringA
DeleteFileW
GetCurrentProcessId
GetModuleHandleA
GetVersion
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsW
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsFree
SetLastError
GetLastError
GetEnvironmentVariableA
HeapCreate
VirtualFree
HeapFree
RtlUnwind
LeaveCriticalSection
FatalAppExitA
IsBadWritePtr
GetProcAddress
InterlockedIncrement
LCMapStringA
GetStringTypeA
GetStringTypeW
GetCPInfo
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
SetEnvironmentVariableA

user32

IsCharLowerA

iphlpapi

DeleteIpForwardEntry

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Viruses 03-18-14/payloads in emails/PIC0029181100[1].zip
.zip
PIC0029181100.exe
.exe windows:4 windows x86 arch:x86

ea231127b410797f744026e5f56d6f6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
VirtualAlloc
GetCommandLineA
GetEnvironmentStrings
GetACP
GetCurrentThread
GetVersionExA
InterlockedDecrement
GetFileSize
TlsAlloc
lstrlenW
GetExitCodeProcess
WriteFile
GetLocaleInfoA
MultiByteToWideChar
QueryPerformanceCounter
ExitProcess
CreateMutexW
HeapReAlloc
GetStartupInfoW
GetStdHandle
LoadLibraryA
Sleep
FormatMessageW
GlobalAlloc
WaitForSingleObject
CreateEventA
TryEnterCriticalSection
GetEnvironmentStringsW
InterlockedExchangeAdd
FreeEnvironmentStringsA
FindResourceW
EnterCriticalSection
FileTimeToLocalFileTime
WideCharToMultiByte
InitializeCriticalSection
GetOEMCP
GetVersionExW
CreateThread
GetCurrentProcess
FindClose
GetModuleFileNameA
GetFileAttributesA
GetModuleFileNameW
HeapDestroy
TlsGetValue
SizeofResource
GetFileType
HeapAlloc
LCMapStringW
LockResource
SetEvent
LocalAlloc
FreeLibrary
CompareStringW
CompareStringA
DeleteFileW
GetCurrentProcessId
GetModuleHandleA
GetVersion
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsW
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsFree
SetLastError
GetLastError
GetEnvironmentVariableA
HeapCreate
VirtualFree
HeapFree
RtlUnwind
LeaveCriticalSection
FatalAppExitA
IsBadWritePtr
GetProcAddress
InterlockedIncrement
LCMapStringA
GetStringTypeA
GetStringTypeW
GetCPInfo
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
SetEnvironmentVariableA

user32

IsCharLowerA

iphlpapi

DeleteIpForwardEntry

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Viruses 03-18-14/payloads in emails/Proposal.html
.html
__MACOSX/Viruses 03-18-14/._.DS_Store
__MACOSX/Viruses 03-18-14/original emails/._IMG Id 452017407-Pic10HBN TYPE-MMS.eml
__MACOSX/Viruses 03-18-14/original emails/._IMG Id 683694020-PicETVO7 TYPE--MMS.eml
__MACOSX/Viruses 03-18-14/original emails/._Proposal Attached.eml
__MACOSX/Viruses 03-18-14/payloads in emails/._PIC0029181100.zip
__MACOSX/Viruses 03-18-14/payloads in emails/._PIC0029181100[1].zip
__MACOSX/Viruses 03-18-14/payloads in emails/._Proposal.html

Sharing

General

Malware Config

Signatures

Files

ea231127b410797f744026e5f56d6f6f

Headers

File Characteristics

Imports

kernel32

user32

iphlpapi

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 12KB - Virtual size: 10KB

ea231127b410797f744026e5f56d6f6f

Headers

File Characteristics

Imports

kernel32

user32

iphlpapi

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 12KB - Virtual size: 10KB

ea231127b410797f744026e5f56d6f6f

Headers

File Characteristics

Imports

kernel32

user32

iphlpapi

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 12KB - Virtual size: 10KB

ea231127b410797f744026e5f56d6f6f

Headers

File Characteristics

Imports

kernel32

user32

iphlpapi

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 12KB - Virtual size: 10KB

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 12KB - Virtual size: 10KB

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 12KB - Virtual size: 10KB

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 12KB - Virtual size: 10KB