eb5eb336636e3f6cacf6c8db6bf4ea00_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eb5eb336636e3f6cacf6c8db6bf4ea00_JaffaCakes118
Size

590KB
MD5

eb5eb336636e3f6cacf6c8db6bf4ea00
SHA1

e09eea305aa0f2897b3d7dac55c2ef2857bdfa5b
SHA256

43c5f2e7aacbc9a3439a810e3768087b7c8bea191ef84d71b2aa8686befed073
SHA512

4f728b1ae4b5328feb491e163950c78e888270fd4cd0a19396ff770e5ec2bd38815ce2fa6539bda69e4601150e6c9807708255e8219ded2a18420d8340bbffd5
SSDEEP

12288:LP9UI7pPBvO1cBLHTO1HMqkZh8LcwzMDHTswo/7Dq84DRDk:LPBvKcxO1MqLcCMDIwo/nkk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Vcffipzmnipbxzdl.exe

Files

eb5eb336636e3f6cacf6c8db6bf4ea00_JaffaCakes118
.zip

Password: infected
Vcffipzmnipbxzdl.exe
.exe windows:4 windows x86 arch:x86

f4228cb049acde33150c5fe763f4201f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
VirtualAlloc
GetCommandLineA
GetProcessHeap
RaiseException
RtlUnwind
HeapSize
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetFilePointer
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetACP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
WriteFile
GetOEMCP
GetCPInfo
GetLocaleInfoA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetVersionExA
GetThreadLocale
GlobalGetAtomNameA
GlobalFlags
lstrcmpA
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GetCurrentProcessId
GetModuleFileNameA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
SetLastError
InterlockedExchange
LoadLibraryA
SizeofResource
FreeLibrary
FlushFileBuffers
PrepareTape
Sleep
GetCurrentProcess
GetVersion
CompareStringA
LockResource
SetEvent
GetProcAddress
CloseHandle
VirtualProtect
lstrlenA
DeleteFileA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
FindResourceA
LocalFree
LocalAlloc
CreateProcessA
FindResourceExA
GetStartupInfoA
LoadResource
IsDebuggerPresent
GetTickCount

user32

SetForegroundWindow
GetMenu
PostMessageA
CreateWindowExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
UnregisterClassA
SetWindowsHookExA
GetKeyState
LoadCursorA
GetSystemMetrics
GetDC
GetSysColor
UnhookWindowsHookEx
GetWindowThreadProcessId
SendMessageA
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
DrawTextA
InflateRect
GetWindowRect
CreatePopupMenu
GetForegroundWindow
CallNextHookEx
DispatchMessageA
EnumWindows
CreateDialogIndirectParamA
SetParent
GetSysColorBrush
GetClientRect
IntersectRect
DefWindowProcA
GetWindowLongA
ExitWindowsEx
DialogBoxIndirectParamA
EndDeferWindowPos
GetClassInfoExA
ReleaseDC
MapWindowPoints
ValidateRect
PostQuitMessage
GrayStringA
DrawTextExA
TabbedTextOutA
DestroyMenu
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
PeekMessageA
GetMessagePos

gdi32

ExtTextOutA
SaveDC
RestoreDC
SetMapMode
ScaleViewportExtEx
PtVisible
SelectObject
SetViewportOrgEx
SetWindowExtEx
DeleteDC
GetStockObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
GetDeviceCaps
SetViewportExtEx
ScaleWindowExtEx
OffsetViewportOrgEx
Escape
TextOutA
RectVisible

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

ole32

CoInitialize
CoRevokeClassObject
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree

oleaut32

VariantClear
OleLoadPicture
OleCreatePictureIndirect
OleCreateFontIndirect
SysReAllocStringLen
SysFreeString
SysStringLen
OleCreatePropertyFrame
OleTranslateColor
SysAllocStringLen
SysReAllocString
OleIconToCursor
OleCreatePropertyFrameIndirect
SysAllocString
VariantChangeType
VariantInit

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

f4228cb049acde33150c5fe763f4201f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

ole32

oleaut32

oleacc

Sections

.text Size: 306KB - Virtual size: 305KB

.rdata Size: 227KB - Virtual size: 227KB

.data Size: 89KB - Virtual size: 407KB

.rsrc Size: 203KB - Virtual size: 202KB

.text
Size: 306KB - Virtual size: 305KB

.rdata
Size: 227KB - Virtual size: 227KB

.data
Size: 89KB - Virtual size: 407KB

.rsrc
Size: 203KB - Virtual size: 202KB