JaffaCakes118_c83ab073438d5e604e54472bd5a6abb14b062d295653ac67a0e3707ece3c1bf6

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_c83ab073438d5e604e54472bd5a6abb14b062d295653ac67a0e3707ece3c1bf6
Size

144KB
MD5

94f3204d9e3f97b4515fbc740d87264a
SHA1

fdaf0231828cc65a4b26663712208fe54a0dc0ff
SHA256

c83ab073438d5e604e54472bd5a6abb14b062d295653ac67a0e3707ece3c1bf6
SHA512

043aa2f396d3d749b2882745acd00312b014481e2e3e61ad90af33d2fa11a52b52a03197afcf625cbf060a387f93ae669540866b462ca5666526b143c54de695
SSDEEP

3072:Xyd6eptfGszMdMvWTqHc/2CDZpNpCRGKatY+qVKP9Xa5HMNy:C4ebfGsrvW3Dj7+VM1a5sNy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ddb9d14f369e7bea83ce7ab0a59626fcc835c33314e06e0dd72cb963ce3b641e

Files

JaffaCakes118_c83ab073438d5e604e54472bd5a6abb14b062d295653ac67a0e3707ece3c1bf6
.zip

Password: infected
ddb9d14f369e7bea83ce7ab0a59626fcc835c33314e06e0dd72cb963ce3b641e
.dll regsvr32 windows:6 windows x86 arch:x86

089b1d8e9351df436129c9acc9aaa6aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Poundfound\RadioTool\knewcopy\stood.pdb

Imports

kernel32

VirtualAlloc
VirtualFree
VirtualProtect
ResetEvent
Sleep
GetSystemTimeAsFileTime
GetLocalTime
FormatMessageA
GetCommandLineA
GetEnvironmentVariableA
GetWindowsDirectoryA
CreateDirectoryA
CreateFileA
SetSystemPowerState
GetCPInfo
WriteConsoleW
CreateFileW
HeapSize
ReadConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetStringTypeW
CloseHandle
SetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
GetLastError
FreeLibrary
LoadLibraryExW
InterlockedFlushSList
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess

dbghelp

FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
UnmapDebugInformation
UnDecorateSymbolName
SymSetOptions
SymMatchString
SymLoadModule
SymLoadModule64
FindFileInSearchPath
FindFileInPath
SymSetContext
SymRegisterFunctionEntryCallback
SymRegisterCallback
SymRegisterFunctionEntryCallback64
SymRegisterCallback64
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
SymSetSearchPath
SymMatchFileName
EnumerateLoadedModules
EnumerateLoadedModules64

imagehlp

BindImage
BindImageEx
CheckSumMappedFile
GetImageConfigInformation
UnMapAndLoad
TouchFileTimes
UpdateDebugInfoFile
UpdateDebugInfoFileEx

Exports

Exports

DllRegisterServer
DllUnregisterServer
Readplural
Stringspoke

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

089b1d8e9351df436129c9acc9aaa6aa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

dbghelp

imagehlp

Exports

Exports

Sections

.text Size: 158KB - Virtual size: 158KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 4KB - Virtual size: 91KB

.gfids Size: 1024B - Virtual size: 584B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 158KB - Virtual size: 158KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 4KB - Virtual size: 91KB

.gfids
Size: 1024B - Virtual size: 584B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB