30f84d66b850580d08b5a68593d0f790_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

30f84d66b850580d08b5a68593d0f790_JaffaCakes118
Size

342KB
MD5

30f84d66b850580d08b5a68593d0f790
SHA1

09e34adc9c9f5b5de584d72a7282de3022208023
SHA256

c5aeea780284df094e25baa02aedae7dac89bb65c3f110499f22588c9e53d522
SHA512

ca2509924e8f92e0b129b4ffb014c052e1197900223dd021f71012ef012a03b2289827fe7a211ac4f966c8fed2fe069bb8498cdd57994c648e270dab413d582e
SSDEEP

6144:Ik/biCJd6lXUPqbdc8XWA1taAnj4Tbwpb2w5xomQ46MQFGVOiRtub6wUjp1eDPW3:I6TdbPqbe8d19kTbQD5xtQUsibhV91+W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/rrk590123c.exe

Files

30f84d66b850580d08b5a68593d0f790_JaffaCakes118
.eml
email-html-2.txt
.html
email-plain-1.txt
qp1000.cab
.rar
rrk590123c.exe
.exe windows:6 windows x86 arch:x86

70dc986f89100eba5b0fbf299e1d4ebf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GetCommandLineW
WriteFile
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
WaitForSingleObject
GetCurrentProcess
ExitProcess
GetExitCodeProcess
CreateProcessW
GetWindowsDirectoryW
VirtualProtect
IsWow64Process
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LocalFree
GetBinaryTypeW
lstrlenW
WideCharToMultiByte
GetConsoleOutputCP
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RaiseException
GetModuleFileNameW
GetModuleHandleExW
GetCommandLineA
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
HeapSize
DecodePointer

user32

LoadStringW
SetWindowPos
MessageBoxA
GetDC
GrayStringW

ole32

OleUninitialize
OleInitialize

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70dc986f89100eba5b0fbf299e1d4ebf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 16B

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 16B