JaffaCakes118_3b43048029ed79afa4a8ee0e5d9597d07e469a4b0e8dd7f8cd492f058fee3063

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_3b43048029ed79afa4a8ee0e5d9597d07e469a4b0e8dd7f8cd492f058fee3063
Size

129KB
MD5

fb6c98c0c0df8e6d4a773574b4dd36a9
SHA1

6b92aaf9b0054783bde5ff7ef7717411e3ce2b21
SHA256

3b43048029ed79afa4a8ee0e5d9597d07e469a4b0e8dd7f8cd492f058fee3063
SHA512

32d5a4b234d545c3c8f7e375605dfa9cf4403699e0a41faaa8b4accdfc68d46f2e7c103a29134065b20d38ef421cd9bcce6a363fe8bd3abcbea8daf959c1a7c4
SSDEEP

3072:VEUymUdoXjH8PWZjVmdN35TCC00+GAaGwx71u6TlsOR4YsgJmS:WUxL8PWRgdJL/rAaGo1u65sYsrS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f8ecc92f33c4ee1ab8dc00f3fdabefe0a37dc16d04e74387af1061c48ec6e67a

Files

JaffaCakes118_3b43048029ed79afa4a8ee0e5d9597d07e469a4b0e8dd7f8cd492f058fee3063
.zip

Password: infected
f8ecc92f33c4ee1ab8dc00f3fdabefe0a37dc16d04e74387af1061c48ec6e67a
.dll windows:6 windows x86 arch:x86

eeddafe2d8eca7cdd5ac7b55155e424f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\verb\96\Period\31\Spell\30\road\sell\10\Wheel\Position\though.pdb

Imports

kernel32

CreateFileW
WriteConsoleW
OutputDebugStringW
SetStdHandle
ReadConsoleW
LoadLibraryExW
SetEndOfFile
HeapReAlloc
GetConsoleMode
VirtualProtect
FlushFileBuffers
GetModuleFileNameW
CloseHandle
DeleteFileA
WriteFile
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
CopyFileA
GetStartupInfoA
GetEnvironmentVariableA
CreateProcessA
Sleep
GetWindowsDirectoryA
GetConsoleCP
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
HeapFree
GetCommandLineA
GetCurrentThreadId
GetCPInfo
RaiseException
RtlUnwind
HeapAlloc
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
GetStdHandle
GetFileType
GetProcessHeap
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
ReadFile
SetFilePointerEx

user32

TranslateMessage
LoadCursorA
GetClassInfoExA
DrawTextA
UnregisterHotKey
CreateMenu
RegisterWindowMessageA
EnumWindows
CallNextHookEx
GetWindowLongA
ReleaseDC
DefWindowProcA
DeferWindowPos
BeginDeferWindowPos

gdi32

RectVisible
SetViewportOrgEx
TextOutA

ole32

OleInitialize
OleUninitialize

shlwapi

PathRemoveBackslashA
PathRemoveBlanksA
PathUnquoteSpacesA
PathSkipRootA
PathStripPathA
StrStrIA

comctl32

ImageList_LoadImageA
ImageList_Add
ord17
ImageList_SetOverlayImage
DestroyPropertySheetPage
ord6
CreateToolbarEx

Exports

Exports

Stop
Watergas

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

eeddafe2d8eca7cdd5ac7b55155e424f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ole32

shlwapi

comctl32

Exports

Exports

Sections

.text Size: 162KB - Virtual size: 162KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 7KB - Virtual size: 395KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 7KB - Virtual size: 395KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 9KB - Virtual size: 8KB