6bc5ab7a2b6bfc1746e93b12813c942f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6bc5ab7a2b6bfc1746e93b12813c942f_JaffaCakes118
Size

156KB
MD5

6bc5ab7a2b6bfc1746e93b12813c942f
SHA1

6acd4c29e04cc6b3294b4d74d03d210bba906772
SHA256

6fbf5abab7dbd2ed8c5b626b4b06162cce1831efe2103ebe96043db72dd61269
SHA512

5e1b4bc58900cf55ebac3e1568e7023cf150fd7a447b6fcf3408064071aa828eb266f83632991e274035fd36243864ed2f3670a0ad84db39a0e735297a17cb54
SSDEEP

3072:ul89tSKkKRayiGcgAsr6TdNQYlE4DpCY45wpK2nqILOZfw4BMB/y5vGgXqv1rEIm:SmtSaRayiAAy6nQ8lCe3l6ZI0MB/SbXr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack006/eFAX.CORPORATE.personal.ID2EFR120091FRe1TT0932223545AEG32123434IP.new.pdf.exe

Files

6bc5ab7a2b6bfc1746e93b12813c942f_JaffaCakes118
.xz
6bc5ab7a2b6bfc1746e93b12813c942f_JaffaCakes118
.tar .zip polyglot
未命名資料夾 4/vv.jar
.zip
vv/virus.tar.gz
.gz
virus.tar
.tar .zip polyglot
virus/eFAX-57075ED4D5FA1184139D.pdf.zip
.zip
eFAX.CORPORATE.personal.ID2EFR120091FRe1TT0932223545AEG32123434IP.new.pdf.exe
.exe windows:4 windows x86 arch:x86

8386021c2a13bfd33fc62b1557f4968e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdsapi

DsFreeDomainControllerInfoW
DsFreeNameResultW
DsFreePasswordCredentials
DsReplicaModifyW
DsFreeSchemaGuidMapW
DsFreeSpnArrayW
DsGetDomainControllerInfoW
DsGetSpnW
DsInheritSecurityIdentityW
DsIsMangledDnW
DsIsMangledRdnValueW
DsListDomainsInSiteW
DsListInfoForServerW
DsListRolesW
DsListServersForDomainInSiteW
DsListServersInSiteW
DsListSitesW
DsMakePasswordCredentialsW
DsMakeSpnW
DsMapSchemaGuidsW
DsQuoteRdnValueW
DsRemoveDsDomainW
DsRemoveDsServerW
DsReplicaAddW
DsReplicaConsistencyCheck
DsReplicaDelW
DsReplicaFreeInfo
DsReplicaSyncAllW
DsReplicaSyncW
DsReplicaUpdateRefsW
DsReplicaVerifyObjectsW
DsServerRegisterSpnW
DsUnBindW

msvcrt

fflush
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
_ftol
fopen
fclose
fwrite
fseek
fwprintf
_fdopen
_fileno
fgetpos
_itow
_onexit

kernel32

GetModuleHandleW
GetSystemInfo
VirtualProtect
WritePrivateProfileStringW
GetStartupInfoW

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vv/vv.pdf
.pdf

Sharing

General

Malware Config

Signatures

Files

8386021c2a13bfd33fc62b1557f4968e

Headers

File Characteristics

Imports

ntdsapi

msvcrt

kernel32

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 275KB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 275KB

.rsrc
Size: 8KB - Virtual size: 5KB