JaffaCakes118_418c4e4b11ebb69cf0ba6323ae10f1c1a9518f2b8e4bd65b3bace63d6fa1bb73

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_418c4e4b11ebb69cf0ba6323ae10f1c1a9518f2b8e4bd65b3bace63d6fa1bb73
Size

440KB
MD5

10c5fa4b68e0c27e8863155ed221d2e6
SHA1

1752ac3df1cacefac5b4ff829cd03a3b6ac56b01
SHA256

418c4e4b11ebb69cf0ba6323ae10f1c1a9518f2b8e4bd65b3bace63d6fa1bb73
SHA512

6dec2c6269e60d8971f696510a5efbb5b1068b33c57583d08f46141e712e7976487280e80ced0ae30ad67abd0fbb0cca0de2d3049df4bf9bf54dd8bab24e0ddb
SSDEEP

12288:iQN8v42w4UinZxSemQPq+5koIPUFKVUGIBTywKEXl+0KKbap:jN04InfRyUFMXmTVTXyAm

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fw3.exe
unpack001/fw4.exe
unpack001/fw5.exe

Files

JaffaCakes118_418c4e4b11ebb69cf0ba6323ae10f1c1a9518f2b8e4bd65b3bace63d6fa1bb73
.zip
fw3.exe
.exe windows:6 windows x86 arch:x86

e71297291a62d1a2391e25e24183234c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
ExpandEnvironmentStringsW
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
LocalFree
GetLastError
RtlUnwind
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
DecodePointer

mscoree

CLRCreateInstance

ole32

CoInitialize
CoCreateInstance

oleaut32

SafeArrayDestroy
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 214KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fw4.exe
.exe windows:6 windows x64 arch:x64

92a0fdfdc9d79435f490f9cfa8549999

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetSystemDirectoryW
ResumeThread
CloseHandle
GetThreadContext
VirtualAllocEx
ReadProcessMemory
CreateProcessW
CopyFileW
SetThreadContext
ReadFile
GetModuleFileNameW
SetFilePointer
CreateFileW
MultiByteToWideChar
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
WideCharToMultiByte
WriteConsoleW
SetFilePointerEx
TerminateProcess
lstrlenW
WriteFile
WriteProcessMemory
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
GetProcessHeap
GetStringTypeW
GetFileType
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
ExitProcess
GetModuleHandleExW
HeapReAlloc
LCMapStringW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage

advapi32

RegSetValueExW
RegCreateKeyW
RegCloseKey

shell32

SHGetFolderPathW

shlwapi

PathCombineW
wnsprintfW

wininet

InternetCrackUrlW
InternetQueryDataAvailable
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetSetOptionW
InternetReadFile
InternetOpenW

ntdll

NtUnmapViewOfSection

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fw5.exe
.exe windows:5 windows x86 arch:x86

78e0ef7ec7f38fa8b8f7556d3abcff75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\kalot\pamaza\saw_zonihelafey\boxari-f.pdb

Imports

kernel32

CallNamedPipeW
TerminateThread
GetExitCodeProcess
GetVersionExA
VerifyVersionInfoW
SetConsoleCP
GetConsoleAliasesLengthA
VerLanguageNameA
VerifyVersionInfoA
FreeEnvironmentStringsW
GetProcessPriorityBoost
SetVolumeMountPointA
GetLongPathNameW
CopyFileA
TlsGetValue
GetConsoleCursorInfo
SystemTimeToTzSpecificLocalTime
FindAtomW
ReleaseMutex
GetNamedPipeHandleStateA
CommConfigDialogA
BuildCommDCBAndTimeoutsW
GetProcAddress
LoadLibraryA
GlobalAlloc
SleepEx
TlsSetValue
GetCommandLineA
InterlockedExchange
DeleteFileA
CreateActCtxA
SetPriorityClass
GetPrivateProfileIntA
GetProcessHeap
GlobalMemoryStatusEx
ReadConsoleOutputCharacterA
GetStartupInfoA
GetDiskFreeSpaceExA
GetCPInfoExW
GetWindowsDirectoryW
GetSystemWow64DirectoryA
SetLastError
GetProfileStringW
GetCalendarInfoW
FreeUserPhysicalPages
GetTickCount
GetStringTypeA
DebugBreak
lstrcmpA
WriteFile
SetConsoleMode
GetCurrentThreadId
lstrcatW
SetMailslotInfo
LocalFileTimeToFileTime
DefineDosDeviceA
EndUpdateResourceA
WriteConsoleW
SetSystemTimeAdjustment
WritePrivateProfileSectionW
GetPrivateProfileStructA
TryEnterCriticalSection
GetPrivateProfileStructW
GetFileAttributesExA
HeapUnlock
PeekConsoleInputW
SetTapeParameters
CreateSemaphoreA
FindResourceExA
GetLocalTime
CreateSemaphoreW
GetPrivateProfileSectionW
CreateIoCompletionPort
GetThreadLocale
SetFileShortNameW
lstrcpyA
LockFileEx
GetConsoleCP
GetConsoleAliasA
GetConsoleAliasExesLengthA
GetConsoleProcessList
GetDevicePowerState
GetWriteWatch
FreeEnvironmentStringsA
GetConsoleScreenBufferInfo
ClearCommBreak
TlsAlloc
GetComputerNameW
HeapValidate
GetLastError
WaitForMultipleObjectsEx
SignalObjectAndWait
CancelDeviceWakeupRequest
VirtualLock
SetWaitableTimer
ChangeTimerQueueTimer
GetProcessTimes
FatalAppExitW
lstrcpynA
SetNamedPipeHandleState
FillConsoleOutputCharacterA
GetCompressedFileSizeW
FindNextVolumeMountPointA
GetFullPathNameA
FreeResource
UnlockFile
GlobalAddAtomW
TerminateJobObject
QueryDosDeviceA
EnterCriticalSection
Process32FirstW
SetCurrentDirectoryW
GetBinaryTypeA
OpenMutexA
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
IsBadReadPtr
RtlUnwind
RaiseException
GetCommandLineW
HeapSetInformation
GetStartupInfoW
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
HeapAlloc
GetModuleFileNameA
HeapReAlloc
HeapSize
HeapQueryInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
TlsFree
GetModuleHandleW
ExitProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeW
GetLocaleInfoW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
OutputDebugStringA
OutputDebugStringW
LoadLibraryW
SetFilePointer
GetConsoleMode
SetStdHandle
CreateFileW
CloseHandle
FlushFileBuffers

Sections

.text
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zovuxe
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yipepik
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e71297291a62d1a2391e25e24183234c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mscoree

ole32

oleaut32

Sections

.text Size: 94KB - Virtual size: 94KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 214KB - Virtual size: 216KB

.reloc Size: 4KB - Virtual size: 3KB

92a0fdfdc9d79435f490f9cfa8549999

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

wininet

ntdll

Sections

.text Size: 74KB - Virtual size: 73KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

78e0ef7ec7f38fa8b8f7556d3abcff75

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 272KB - Virtual size: 271KB

.data Size: 35KB - Virtual size: 7.8MB

.zovuxe Size: 512B - Virtual size: 5B

.yipepik Size: 3KB - Virtual size: 3KB

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 34KB - Virtual size: 33KB

.text
Size: 94KB - Virtual size: 94KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 214KB - Virtual size: 216KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 74KB - Virtual size: 73KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 272KB - Virtual size: 271KB

.data
Size: 35KB - Virtual size: 7.8MB

.zovuxe
Size: 512B - Virtual size: 5B

.yipepik
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 34KB - Virtual size: 33KB