JaffaCakes118_036a8c292af78bc2937db49b8d2a85ee12b682c2dc13b87f69057c69a2fbcb12

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_036a8c292af78bc2937db49b8d2a85ee12b682c2dc13b87f69057c69a2fbcb12
Size

4.3MB
MD5

ebe24bebb37f53cfa1321e3b7919ea1a
SHA1

61769dae7c4963acd8d25170bf8aaa53784940cc
SHA256

036a8c292af78bc2937db49b8d2a85ee12b682c2dc13b87f69057c69a2fbcb12
SHA512

fdf70f2461b3545a35036e048729f4d017fbe07a23bf1c798c0d361e0c40effbaeaf0cfa456595e8f8f12856646d3775caab0fa62749a91dbeba5ac15a7e7684
SSDEEP

98304:I0lqCFCAFJhfERmT91WlTlUkJy7O3opFENHBKYqmceGKxvfU:I0wCFCAThfERNd3opShDqVLCvfU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5e1ddfda21a6173d58ce736c2b52ce5cab778546debd8c37088b0d4bfd25db87

Files

JaffaCakes118_036a8c292af78bc2937db49b8d2a85ee12b682c2dc13b87f69057c69a2fbcb12
.zip

Password: infected
5e1ddfda21a6173d58ce736c2b52ce5cab778546debd8c37088b0d4bfd25db87
.exe windows:5 windows x86 arch:x86

661bc2c985f77ecfc0f4afb69eba9855

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\rir\diser\7\kez_nogob_fureye\pahajohezigimi\fo.pdb

Imports

kernel32

GlobalFix
HeapReAlloc
lstrlenA
CopyFileExW
SetEndOfFile
InterlockedIncrement
SetEnvironmentVariableW
GetModuleHandleExW
CreateDirectoryW
SetHandleInformation
GetProfileSectionA
SetVolumeMountPointW
FreeEnvironmentStringsA
GetModuleHandleW
EnumTimeFormatsW
CreateActCtxW
GetDriveTypeA
TlsSetValue
GlobalAlloc
GetVolumeInformationA
LoadLibraryW
TerminateThread
ReadConsoleInputA
GetPrivateProfileStructW
WritePrivateProfileStructW
SetConsoleMode
VerifyVersionInfoA
WriteConsoleW
GetBinaryTypeA
WritePrivateProfileSectionW
GetAtomNameW
IsDBCSLeadByte
ReadFile
CreateFileW
GetOverlappedResult
CompareStringW
GetACP
SetCurrentDirectoryA
FillConsoleOutputCharacterA
GetHandleInformation
GetLastError
GetCurrentDirectoryW
GetThreadLocale
ReadConsoleOutputCharacterA
GetProcAddress
GetComputerNameExW
IsValidCodePage
CopyFileA
SetComputerNameA
BuildCommDCBW
ResetEvent
LoadLibraryA
OpenMutexA
WriteConsoleA
UnhandledExceptionFilter
OpenWaitableTimerW
LocalAlloc
GetFileType
AddAtomW
WriteProfileSectionW
GetCommMask
SetSystemTime
GetModuleFileNameA
SetConsoleCursorInfo
SetConsoleTitleW
RequestWakeupLatency
GetCPInfoExA
SetCalendarInfoA
OpenSemaphoreW
GetVersionExA
ReadConsoleInputW
LocalSize
LCMapStringW
SetFilePointer
SetStdHandle
CloseHandle
FindFirstFileA
GetTempFileNameW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
InterlockedDecrement
DecodePointer
ExitProcess
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
GetModuleFileNameW
WriteFile
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapValidate
IsBadReadPtr
TlsAlloc
TlsGetValue
TlsFree
SetLastError
HeapCreate
GetOEMCP
GetCPInfo
OutputDebugStringA
OutputDebugStringW
RtlUnwind
MultiByteToWideChar
HeapAlloc
HeapSize
HeapQueryInformation
HeapFree
WideCharToMultiByte
GetStringTypeW
IsProcessorFeaturePresent
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException

user32

GetMessageTime
GetMenuCheckMarkDimensions

advapi32

AdjustTokenPrivileges

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

661bc2c985f77ecfc0f4afb69eba9855

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 21KB - Virtual size: 41KB

.rsrc Size: 26KB - Virtual size: 4.7MB

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 21KB - Virtual size: 41KB

.rsrc
Size: 26KB - Virtual size: 4.7MB