JaffaCakes118_ec5a85a45b8bc7969e98df28ee56d01996a98ae3b4e3338b192f00b4435d3383

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_ec5a85a45b8bc7969e98df28ee56d01996a98ae3b4e3338b192f00b4435d3383
Size

233KB
MD5

b8933fa15ce8f3e0c4b675af8eb9ad6e
SHA1

50da2936ce25f5e557df333f1706e9b3b726638f
SHA256

ec5a85a45b8bc7969e98df28ee56d01996a98ae3b4e3338b192f00b4435d3383
SHA512

9b76a1b052035711185e2800a97b9dfd6e1016a5652a6b794b6d59c3b504003f5a2518b1b4353db94e36c771fece3332d912f384850c9a0996f6d239efc20291
SSDEEP

6144:/8INmzFIZge9XSFe+LBqtVw/wElYlWNLhQGOE:kv49XSQ+LBqtKlCWDQG7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/602b97e0b415b.png

Files

JaffaCakes118_ec5a85a45b8bc7969e98df28ee56d01996a98ae3b4e3338b192f00b4435d3383
.zip

Password: infected
602b97e0b415b.png
.dll regsvr32 windows:5 windows x86 arch:x86

68b46a79797ab738bab23808c616c230

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\EarlyBought\Weartoo\EspeciallyBeat\Mine.pdb

Imports

kernel32

ExitProcess
TlsSetValue
CreateProcessA
FindFirstFileA
RemoveDirectoryA
FindClose
LoadLibraryA
GetModuleFileNameA
FindNextFileA
VirtualProtect
GetFileTime
GetCurrentThreadId
TlsAlloc
GetTempPathA
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCPInfo
RaiseException
GetLastError
HeapFree
RtlUnwind
LCMapStringA
LCMapStringW
GetTimeZoneInformation
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsFree
SetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
VirtualAlloc
HeapReAlloc
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
CloseHandle
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetModuleHandleA

ws2_32

WSACloseEvent
WSAStartup
WSAConnect
WSACleanup
WSASocketA
WSAAddressToStringA
WSAWaitForMultipleEvents

Exports

Exports

Crossput
Directclear
DllRegisterServer
Summerwind

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

68b46a79797ab738bab23808c616c230

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 234KB - Virtual size: 234KB

.rdata Size: 73KB - Virtual size: 72KB

.data Size: 14KB - Virtual size: 386KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 234KB - Virtual size: 234KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 14KB - Virtual size: 386KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 10KB