2cd8c9e5ed1a2e801a6632250ff4ac59_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2cd8c9e5ed1a2e801a6632250ff4ac59_JaffaCakes118
Size

126KB
MD5

2cd8c9e5ed1a2e801a6632250ff4ac59
SHA1

edcda979442021693a5f29639368463067b2b07e
SHA256

9d89fa8ea6ea10c1e6d1efea3d05f40c87d758089f084fb87f646b2d201774ec
SHA512

74aec0fa5601719fddb97ca59b9cb5132226359c88ab63169dc6d248765bfb37ab6269ba18cb1b6eecf02c7ab47e4f65a31ebc885bbb0f3e088bfbdf72c04edf
SSDEEP

3072:QRNTX5SGuscGGCUyJebwghLMCOj4FT0dX5SsO39:eoGDRUyJEwgyv9bOt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dhl_paket_225436695911497__ID__359304352618894LVK___LQ_C__F05_06_2015___DHL07_17_15.exe

Files

2cd8c9e5ed1a2e801a6632250ff4ac59_JaffaCakes118
.zip
dhl_paket_225436695911497__ID__359304352618894LVK___LQ_C__F05_06_2015___DHL07_17_15.exe
.exe windows:4 windows x86 arch:x86

b75ca7d352ff3d7e26d23307088d4bfe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord5303
ord5285
ord5710
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord825
ord815
ord617
ord6211
ord5297
ord5208
ord296
ord2550
ord986
ord411
ord823
ord4154
ord2613
ord6113
ord641
ord2506
ord6325
ord3442
ord3191
ord793
ord5261
ord4370
ord4847
ord4992
ord4704
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5276
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord4621
ord4419
ord3592
ord324
ord4229
ord1172
ord1850
ord4240
ord5095
ord2093
ord2715
ord2382
ord3054
ord5094
ord5098
ord4461
ord4298
ord3346
ord5006
ord976
ord5468
ord3398
ord2874
ord2873
ord4147
ord6051
ord4072
ord1768
ord5233
ord2374
ord5279
ord2641
ord1658
ord4430
ord2437
ord4421
ord401
ord674
ord5250
ord6150
ord2522
ord4358
ord4051
ord5467
ord4116
ord2381
ord5076
ord1702
ord1705
ord6049
ord5230
ord6365
ord5275
ord5244
ord2436
ord3593
ord327
ord642
ord4230
ord2403
ord2015
ord4213
ord2570
ord4392
ord5286
ord3397
ord3577
ord616
ord567
ord2294
ord800
ord858
ord540
ord3658
ord816
ord562
ord3687
ord3621
ord2406
ord2444
ord665
ord5180
ord354
ord1634
ord4155
ord535
ord5446
ord6390
ord5436
ord6379
ord1817
ord4233
ord4690
ord3053
ord3060
ord6332
ord2502
ord2534
ord5239
ord5736
ord1739
ord5573
ord3167
ord5649
ord4414
ord4381
ord3449
ord3193
ord6076
ord6171
ord4617
ord4420
ord652
ord338
ord4817
ord4692
ord1662
ord2391
ord1196
ord1144
ord4448
ord755
ord4128
ord4292
ord5784
ord472
ord2879
ord470
ord3087
ord1801
ord6251
ord5941
ord5653
ord6071
ord6070
ord3489
ord3488
ord5971
ord5970
ord3162
ord3161
ord3160
ord3159
ord1737
ord2384
ord6317
ord2600
ord1005
ord2752
ord4284
ord1967
ord5170
ord5171
ord5172
ord695
ord629
ord836
ord861
ord393
ord310
ord538
ord2467
ord2464
ord2470
ord5082
ord4356
ord1851
ord4241
ord3864
ord2119
ord2383
ord5096
ord5099
ord4462
ord3345
ord975
ord2875
ord4148
ord2375
ord5280
ord4431
ord4422
ord4215
ord2576
ord3649
ord807
ord796
ord554
ord529
ord402
ord2430
ord6195
ord2486
ord2619
ord2618
ord5867
ord4158
ord2112
ord4451
ord5251
ord5801
ord4211
ord4869
ord1257
ord1560
ord268
ord4238
ord6896
ord2362
ord3714
ord2286
ord2354
ord2285
ord2358
ord3312
ord3795
ord3794
ord4608
ord4607
ord1912
ord4257
ord4583
ord4335
ord4883
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord5236
ord3743
ord1718
ord4426
ord784
ord1143
ord517
ord5256
ord3218
ord3216
ord4380
ord1093
ord2585
ord777
ord2556
ord2034
ord2527
ord613
ord5787
ord289
ord6127
ord6212
ord4343
ord4717
ord3568
ord2739
ord2371
ord6268
ord2806
ord835
ord2803
ord829
ord2810
ord5949
ord4288
ord922
ord537
ord6205
ord3491
ord4124
ord3296
ord3092
ord6898
ord5929
ord3875
ord3420
ord3049
ord633
ord1968
ord1610
ord2146
ord3154
ord3147
ord2076
ord5173
ord315
ord4290
ord3545
ord3805
ord5965
ord5963
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord1165
ord4604
ord4606
ord2644
ord4609
ord1569

msvcrt

__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
_wcsicmp
_CxxThrowException
memmove
__CxxFrameHandler
memcpy
qsort
_ftol
rand
_except_handler3
memset

kernel32

CreateFileW
GetModuleHandleW
GetStartupInfoW
GlobalFree
GlobalSize
GlobalAlloc
GetModuleFileNameW
GlobalUnlock
GlobalLock

user32

GetClipboardData
IsClipboardFormatAvailable
InvalidateRect
GetClientRect
LoadCursorW
PostMessageW
ScreenToClient
SetClipboardData
MessageBeep
SetCursor
SendMessageW
CountClipboardFormats
OpenClipboard
EmptyClipboard
CloseClipboard
UpdateWindow
GetCursorPos
PtInRect
EnableWindow

gdi32

CreateHatchBrush
RealizePalette
DeleteObject
CreateHalftonePalette
GetPixel

oleaut32

VariantClear

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b75ca7d352ff3d7e26d23307088d4bfe

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

oleaut32

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 116KB - Virtual size: 115KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 116KB - Virtual size: 115KB