2e53bfa7ebbe2ea9fdf6bfab85f63dd2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2e53bfa7ebbe2ea9fdf6bfab85f63dd2_JaffaCakes118
Size

379KB
MD5

2e53bfa7ebbe2ea9fdf6bfab85f63dd2
SHA1

e5f350768795b167e4ffbc2b08069f8093d9a018
SHA256

2b552b67e55949243ead1ff4a8e63dc0a5aed0435c1e2c701daf33e6ab2d841d
SHA512

077574efef57e4704d1a7afadb4db73dc02d45b577221893a89913455fba6df3c8e3219954caf9c00c44b00e8589573466abca7cd25d0c5289e733406ad15185
SSDEEP

6144:jEQOSyCucqKxpIlo1YW8ZCJnRr1/jO7vdN9l/Euy+MkeVM3/M9ucaIQeyRAIEBg7:jETQuNKx+l8YbKnRh/jevdN9lDy+aM3B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BOLETO.PDF91235.cpl

Files

2e53bfa7ebbe2ea9fdf6bfab85f63dd2_JaffaCakes118
.zip
BOLETO.PDF91235.cpl
.dll windows:5 windows x86 arch:x86

2d61e8f60e4a5d974850f834f5ce3e71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

LoadStringW
MessageBoxA
CharNextW
ReleaseDC
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
LoadIconW
GetSystemMetrics
GetSysColor
GetDC
FrameRect
FillRect
DrawTextExW
DrawFocusRect
CharUpperBuffW
CharNextW
CharLowerBuffW

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualFree
TryEnterCriticalSection
SwitchToThread
SuspendThread
Sleep
SizeofResource
SignalObjectAndWait
SetThreadPriority
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GetVersionExW
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
GetComputerNameW
GetCPInfo
FreeResource
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringW
CloseHandle
Sleep

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchBlt
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
RoundRect
Rectangle
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
GetWindowOrgEx
GetTextMetricsW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectW
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
ExtTextOutW
ExtFloodFill
Ellipse
DeleteObject
DeleteDC
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
Chord
BitBlt
Arc

shfolder

SHGetFolderPathW

shell32

ShellExecuteW

Sections

.text
Size: 751KB - Virtual size: 750KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d61e8f60e4a5d974850f834f5ce3e71

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

msimg32

gdi32

shfolder

shell32

Sections

.text Size: 751KB - Virtual size: 750KB

.itext Size: 4KB - Virtual size: 3KB

.data Size: 26KB - Virtual size: 25KB

.bss Size: - Virtual size: 21KB

.idata Size: 6KB - Virtual size: 6KB

.reloc Size: 68KB - Virtual size: 68KB

.rsrc Size: 51KB - Virtual size: 51KB

.text
Size: 751KB - Virtual size: 750KB

.itext
Size: 4KB - Virtual size: 3KB

.data
Size: 26KB - Virtual size: 25KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 6KB - Virtual size: 6KB

.reloc
Size: 68KB - Virtual size: 68KB

.rsrc
Size: 51KB - Virtual size: 51KB