JaffaCakes118_9abecba4048736535f6d2ed1269cf7781300fb6d0232ab5e55e3b29fc10f0489

General

Target

JaffaCakes118_9abecba4048736535f6d2ed1269cf7781300fb6d0232ab5e55e3b29fc10f0489
Size

55.5MB
MD5

65d85199a916d6339f7e38d9dc657649
SHA1

2f1ed8461587c9359b51a9dc61bfba30bde37eda
SHA256

9abecba4048736535f6d2ed1269cf7781300fb6d0232ab5e55e3b29fc10f0489
SHA512

0b3451470d734ac9fded507568f229ab3ff24f6a8f065e11e1766b5e145f5ae181b0dc8b5fdd10341775c88b60ffd45136d00b04a67f9ae13bb2bcf492407f43
SSDEEP

786432:FnWKklib8bsVVL4Wjq8AYwz4iqqDZyGF0rx30nrDFFkBa5Ofo0ZCo8ht:FnWRo/fLjjhAYwVq/GFex3sFu8w5wjt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/692A640F.exe

Files

JaffaCakes118_9abecba4048736535f6d2ed1269cf7781300fb6d0232ab5e55e3b29fc10f0489
.7z

Password: infected
692A640F.exe
.exe windows:5 windows x86 arch:x86

3abea0e6b1eb512bf2f1c08aa689bf2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getaddrinfo

kernel32

GetProcessHeap
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

CoCreateInstance

oleaut32

VariantInit

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.x
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.comodo0
Size: - Virtual size: 55.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.comodo1
Size: 55.7MB - Virtual size: 55.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

3abea0e6b1eb512bf2f1c08aa689bf2d

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

ole32

oleaut32

wtsapi32

user32

Sections

.text Size: - Virtual size: 77KB

.rdata Size: - Virtual size: 16KB

.data Size: - Virtual size: 535KB

.x Size: - Virtual size: 8KB

.comodo0 Size: - Virtual size: 55.4MB

.comodo1 Size: 55.7MB - Virtual size: 55.7MB

.rsrc Size: 1024B - Virtual size: 960B

.text
Size: - Virtual size: 77KB

.rdata
Size: - Virtual size: 16KB

.data
Size: - Virtual size: 535KB

.x
Size: - Virtual size: 8KB

.comodo0
Size: - Virtual size: 55.4MB

.comodo1
Size: 55.7MB - Virtual size: 55.7MB

.rsrc
Size: 1024B - Virtual size: 960B