JaffaCakes118_4d90394ae1d4b4bf8c3581d8262537cfe821606d6452671d4706491e9a7a2efe

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_4d90394ae1d4b4bf8c3581d8262537cfe821606d6452671d4706491e9a7a2efe
Size

395KB
MD5

73d5f4b3783bb6f457c91f2bde662a35
SHA1

6505243ffd492457d8d4122e3eba110e1c8262fc
SHA256

4d90394ae1d4b4bf8c3581d8262537cfe821606d6452671d4706491e9a7a2efe
SHA512

20a727ca572510057c021c138929e310f66b3b286692252232308dee3e42e6ca3538567847c4eb3ac9835707a7f636e86db9dee760d586a733e6d10ef3694548
SSDEEP

12288:qjho/hKL8j1QRvGs6iY+hOAbQfcGLQgNe8:jZQRqiYATQfTQgNh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9ede53bb75e64701670f375308be92763f13065773e0b7778deada79967265f2

Files

JaffaCakes118_4d90394ae1d4b4bf8c3581d8262537cfe821606d6452671d4706491e9a7a2efe
.zip

Password: infected
9ede53bb75e64701670f375308be92763f13065773e0b7778deada79967265f2
.dll windows:6 windows x64 arch:x64

d4755b9a9aec93c05c955ca11140bdc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW

Exports

Exports

AY7xpQ
Ae4uJg
B2AgakkN8
B33DCFs1
BHo3JumGn
BYW1R7WUe41
Bdcf6qyUI
BvZyWqWS
C8pdbu
CTt8YUo
DhpTaWz9iM
PMFlkDwpU
PknXp3q3z
PmvH5sG9c
PnNWss
WHsEvhsR8V9
WjJqOHMfrF
WtKM8uEHV
asfghnyaus

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 630KB - Virtual size: 630KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

d4755b9a9aec93c05c955ca11140bdc5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 630KB - Virtual size: 630KB

.data Size: 37KB - Virtual size: 41KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 630KB - Virtual size: 630KB

.data
Size: 37KB - Virtual size: 41KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB