JaffaCakes118_68f87a49ca4f6f1fe31b3e26a0988f13c270c66cf45e94f2e83fd0c41b63564b

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_68f87a49ca4f6f1fe31b3e26a0988f13c270c66cf45e94f2e83fd0c41b63564b
Size

388KB
MD5

2f8bb0d0e7a4b45a55014ff54994c406
SHA1

10292225ec6ae8ebb38dc0a15371a932adb5e94d
SHA256

68f87a49ca4f6f1fe31b3e26a0988f13c270c66cf45e94f2e83fd0c41b63564b
SHA512

d8d4d8b845d54bfc3626c9508544c28b6f798ffa952f5dc64608625368fa6d7e7a3f47b42610fcc7251767e8bce543d162b94ce1ffb6cb15e1679117847ccfa4
SSDEEP

12288:SNsIgKW2gzesp1tPL2/J3y0Fgq4xoxdPCMLrmK0X:esnAyXzijqq4yxJCMu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cbc399f8957918ca58b540080687665e.bin

Files

JaffaCakes118_68f87a49ca4f6f1fe31b3e26a0988f13c270c66cf45e94f2e83fd0c41b63564b
.zip

Password: infected
cbc399f8957918ca58b540080687665e.bin
.exe windows:5 windows x86 arch:x86

e0adc5206bf9e5655de9fd54155c8f9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesExW
DuplicateHandle
VirtualProtect
WriteFileEx
GetSystemTime
LoadLibraryA
PeekConsoleInputW
lstrlenW
GlobalAlloc
ReadConsoleW
GetTickCount
BackupSeek
UnlockFile
CloseHandle
GlobalMemoryStatus
CompareStringW
CompareStringA
GetTimeZoneInformation
GetLocaleInfoW
GetProcessHeap
SetEndOfFile
FlushFileBuffers
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
ReadFile
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FatalAppExitA
VirtualAlloc
HeapReAlloc
CreateFileA
InitializeCriticalSectionAndSpinCount
SetStdHandle
HeapSize
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA

advapi32

RegEnumKeyExW
ObjectCloseAuditAlarmW
RegQueryMultipleValuesA
LockServiceDatabase
RegDeleteKeyA
AccessCheckAndAuditAlarmW
SetThreadToken
AccessCheckByTypeAndAuditAlarmA
AdjustTokenPrivileges

winhttp

WinHttpSetCredentials
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpConnect
WinHttpSetOption
WinHttpCheckPlatform

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 78.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mysec
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rcrs
Size: 378KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e0adc5206bf9e5655de9fd54155c8f9d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

winhttp

Sections

.text Size: 134KB - Virtual size: 133KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 7KB - Virtual size: 78.4MB

.mysec Size: 1024B - Virtual size: 1024B

.rcrs Size: 378KB - Virtual size: 381KB

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 134KB - Virtual size: 133KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 7KB - Virtual size: 78.4MB

.mysec
Size: 1024B - Virtual size: 1024B

.rcrs
Size: 378KB - Virtual size: 381KB

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 36KB - Virtual size: 36KB