JaffaCakes118_9fa4629775d115d3611c522b04a4181184df0f5429cb009c65872e67022e1f08

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_9fa4629775d115d3611c522b04a4181184df0f5429cb009c65872e67022e1f08
Size

416KB
MD5

9455159e4519343fb3481f31a92746d9
SHA1

4ddcbd90bb4ff34aca9cc04867827b266a5dad96
SHA256

9fa4629775d115d3611c522b04a4181184df0f5429cb009c65872e67022e1f08
SHA512

c471fc6f59464cfffa893b4a6185e638f8fb5c272e22529da5938a21dc45eb4b28dc6444d6d024a4c65b36890229972d38c3977eb3a4b3ac07e1d4a16d176c55
SSDEEP

12288:Khio+bY3mYK9nPiMmw6vciHh2eMXTIFNBhO9htp:oiDbY3vK9PihjAe2TIFhGtp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/faaa0098ad3de31c95506576653962bf783bdf347b6d22255d707561e30c5350.exe

Files

JaffaCakes118_9fa4629775d115d3611c522b04a4181184df0f5429cb009c65872e67022e1f08
.zip

Password: infected
faaa0098ad3de31c95506576653962bf783bdf347b6d22255d707561e30c5350.exe
.exe windows:6 windows x86 arch:x86

2f5581749403d6c4d8f69e407a5b55c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Izidu\Desktop\2019\vshadow-master\vshadow-master\Release\vshadow.pdb

Imports

vssapi

VssFreeSnapshotPropertiesInternal
ShouldBlockRevertInternal
CreateVssBackupComponentsInternal

resutils

ClusterGetVolumePathName
ClusterPrepareSharedVolumeForBackup
ClusterGetVolumeNameForVolumeMountPoint
ClusterIsPathOnSharedVolume

kernel32

InitializeCriticalSectionAndSpinCount
WriteConsoleW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
GetLastError
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
WriteFile
CloseHandle
CreateFileW
WideCharToMultiByte
GetVolumePathNameW
QueryDosDeviceW
GetFileAttributesW
FindFirstFileW
FindClose
FindNextFileW
GetThreadLocale
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
FreeConsole
VirtualAlloc
HeapSetInformation
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
ReadFile
GetFileSize
GetCommandLineW
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
FormatMessageW
LocalFree
ExpandEnvironmentStringsW
IsValidCodePage
FindFirstFileExW
HeapSize
HeapReAlloc
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileSizeEx
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
MultiByteToWideChar
GetStringTypeW
EncodePointer
EnterCriticalSection
LeaveCriticalSection
SetLastError
SetEndOfFile
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetCommandLineA
HeapFree
HeapAlloc
GetFileType

ole32

CoInitializeSecurity
CoTaskMemFree
CLSIDFromString
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

shlwapi

PathFileExistsW

Exports

Exports

DAAGGGRHNUI

Sections

.text
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

2f5581749403d6c4d8f69e407a5b55c8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

vssapi

resutils

kernel32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 321KB - Virtual size: 321KB

.rdata Size: 136KB - Virtual size: 136KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 214KB - Virtual size: 214KB

.text
Size: 321KB - Virtual size: 321KB

.rdata
Size: 136KB - Virtual size: 136KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 214KB - Virtual size: 214KB