JaffaCakes118_13b655e6d06c5b7d7b52e3b54da25a58825c18141b36c1d38c6ff950f2909841

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_13b655e6d06c5b7d7b52e3b54da25a58825c18141b36c1d38c6ff950f2909841
Size

6.4MB
MD5

4be9ae3b53cbdea974eac37d07ad60d4
SHA1

58808b74d0a6f2dce1c7c010a4d57e54fc98fa84
SHA256

13b655e6d06c5b7d7b52e3b54da25a58825c18141b36c1d38c6ff950f2909841
SHA512

11ce1a6e8ff35e7eaa60045871faf8c6aa4587830a88cd65397927c8cf2a81c66697eeed2c9b424383d9969b46761acc143b31e9e03d5a828c3ede2276e763d6
SSDEEP

98304:zqSKVCs1aIjfKkSfAvy/pJ2e2UJz47jikpuqvXODMnz3dWIAbaZFMZkMITdg:mEmrjfKk1vy/P2EKiouqf3nz3dlZzzdg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/38fcb27f39ee2c40d943838fb71fab29ccef8dc1b32cfd7394fbf7569ac3c8c7

Files

JaffaCakes118_13b655e6d06c5b7d7b52e3b54da25a58825c18141b36c1d38c6ff950f2909841
.zip
38fcb27f39ee2c40d943838fb71fab29ccef8dc1b32cfd7394fbf7569ac3c8c7
.exe windows:5 windows x86 arch:x86

61a7590c9752fbc0505094db114258a6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateSemaphoreW
CreateThread
DeleteCriticalSection
EnterCriticalSection
FreeConsole
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
QueryPerformanceCounter
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
GetSystemTimeAsFileTime
CreateEventA
GetModuleFileNameW
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
DecodePointer
GetCommandLineA
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
RaiseException
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

msvcrt

___mb_cur_max_func
__doserrno
__getmainargs
__initenv
__lconv_init
__p__acmdln
__p__fmode
__pioinfo
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_errno
_fdopen
_filelengthi64
_fileno
_fileno
_fstat64
_initterm
_iob
_lseeki64
_onexit
_read
_strnicmp
_write
_write
abort
atoi
calloc
exit
fclose
fflush
fgetpos
fopen
fprintf
fputc
fputs
fread
free
fsetpos
fwrite
getc
getwc
isspace
iswctype
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
putc
putwc
realloc
setlocale
setvbuf
signal
sprintf
strchr
strcmp
strcoll
strerror
strftime
strlen
strncmp
strtoul
strxfrm
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcsftime
wcslen
wcsxfrm

user32

InvalidateRect
RemoveMenu
SetFocus
CharUpperBuffW

Sections

.text
Size: 811KB - Virtual size: 811KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_a
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_i
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_a
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_l
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_f
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_s
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_l
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_r
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.PND0
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.PND1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PND2
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61a7590c9752fbc0505094db114258a6

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: 811KB - Virtual size: 811KB

.data Size: 70KB - Virtual size: 69KB

.rdata Size: 82KB - Virtual size: 82KB

.eh_fram Size: 243KB - Virtual size: 243KB

.bss Size: - Virtual size: 3KB

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.debug_a Size: 512B - Virtual size: 272B

.debug_i Size: 161KB - Virtual size: 160KB

.debug_a Size: 7KB - Virtual size: 7KB

.debug_l Size: 26KB - Virtual size: 25KB

.debug_f Size: 512B - Virtual size: 56B

.debug_s Size: 1024B - Virtual size: 580B

.debug_l Size: 45KB - Virtual size: 44KB

.debug_r Size: 5KB - Virtual size: 4KB

Size: 2KB - Virtual size: 2KB

.PND0 Size: 3.3MB - Virtual size: 3.3MB

.PND1 Size: 1KB - Virtual size: 1KB

.PND2 Size: 2.8MB - Virtual size: 2.8MB

.text
Size: 811KB - Virtual size: 811KB

.data
Size: 70KB - Virtual size: 69KB

.rdata
Size: 82KB - Virtual size: 82KB

.eh_fram
Size: 243KB - Virtual size: 243KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.debug_a
Size: 512B - Virtual size: 272B

.debug_i
Size: 161KB - Virtual size: 160KB

.debug_a
Size: 7KB - Virtual size: 7KB

.debug_l
Size: 26KB - Virtual size: 25KB

.debug_f
Size: 512B - Virtual size: 56B

.debug_s
Size: 1024B - Virtual size: 580B

.debug_l
Size: 45KB - Virtual size: 44KB

.debug_r
Size: 5KB - Virtual size: 4KB

.PND0
Size: 3.3MB - Virtual size: 3.3MB

.PND1
Size: 1KB - Virtual size: 1KB

.PND2
Size: 2.8MB - Virtual size: 2.8MB