3b04079ad8b82bfdd88ee89a89a970ea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b04079ad8b82bfdd88ee89a89a970ea_JaffaCakes118
Size

200KB
MD5

3b04079ad8b82bfdd88ee89a89a970ea
SHA1

49c70003919fda130920a9c544ecd721061ebc11
SHA256

ae7f945ed492b704fe5cd240e81e3a604f37356d99334f9f54d8bda8f5cc2ab3
SHA512

0f0cf2b84de2ab8831d16f97e7b2f8e436044d25b4482b61006a91cb5ac76547da511d8d465a5663daba1994a6f436e217995037d84e0beceb1374fe86c674f8
SSDEEP

6144:eXqktKQZMkiiEsxRf26L26cgMIG6qO7B+U:fkn9xxdfC6crSB+U

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/NFv1858.1 www.koxpdeposu.com/Multi.dll
unpack001/NFv1858.1 www.koxpdeposu.com/NF v1858.1.exe

Files

3b04079ad8b82bfdd88ee89a89a970ea_JaffaCakes118
.rar
NFv1858.1 www.koxpdeposu.com/Alarm.wav
NFv1858.1 www.koxpdeposu.com/Kayıtlar/.ini
NFv1858.1 www.koxpdeposu.com/Kayıtlar/DontSpeak6miN.ini
NFv1858.1 www.koxpdeposu.com/Kayıtlar/K1nqHayatSTyL.ini
NFv1858.1 www.koxpdeposu.com/Kayıtlar/oonly00.ini
NFv1858.1 www.koxpdeposu.com/Multi.dll
.dll windows:5 windows x86 arch:x86

db5428a559aab1b6cf13781082f83f9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Documents and Settings\Andreas\My Documents\Visual Studio 2008\Projects\KOAutoBot1\Release\StealthGuard.pdb

Imports

kernel32

VirtualFree
VirtualAlloc
VirtualProtect
lstrcmpiA
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleA
GetCurrentProcessId
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NFv1858.1 www.koxpdeposu.com/NF v1858.1.exe
.exe windows:4 windows x86 arch:x86

7017c6164e66f483e6140a2ecf072573

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord690
MethCallEngine
ord516
ord660
ord300
ord595
ord304
ord598
ord306
ord520
ord631
ord632
EVENT_SINK_AddRef
ord528
DllFunctionCall
ord563
EVENT_SINK_Release
ord600
ord310
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord312
ord711
ord712
ord606
ord607
ord608
ord317
ord318
ord717
ProcCallEngine
ord537
ord572
ord573
ord681
ord100
ord689
ord610
ord613
ord617
ord619
ord543
ord544
ord546
ord581

Sections

.text
Size: 484KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NFv1858.1 www.koxpdeposu.com/Okumadan Kullanma!.txt

Sharing

General

Malware Config

Signatures

Files

db5428a559aab1b6cf13781082f83f9d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 3KB - Virtual size: 3KB

7017c6164e66f483e6140a2ecf072573

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 484KB - Virtual size: 480KB

.data Size: - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 484KB - Virtual size: 480KB

.data
Size: - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 2KB