JaffaCakes118_ccecbbaf6bdd8b83cb5966dc1e8f6157aea6a22274166fb7c10f194ad28f4277

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_ccecbbaf6bdd8b83cb5966dc1e8f6157aea6a22274166fb7c10f194ad28f4277
Size

457KB
MD5

6ba56c918abb03b5453f6338d87a4004
SHA1

cb1a44a5b66e65d1fb2ddf2b19f21085ae2ddd24
SHA256

ccecbbaf6bdd8b83cb5966dc1e8f6157aea6a22274166fb7c10f194ad28f4277
SHA512

6f9ca254784f148d9f21763ce2289bf0ab6f8fdd992b5722b94b9aef30e07413c55bdc5456b08300e8137438a6d0c67eed1d6e4decab000879b2c615c205d45f
SSDEEP

12288:pEX4+e8XEmq5ZvbnwNvBtYOIMpD9XpMZ9Jjm3S:s4UoZvElBC3MB9XpM7n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/gye1.cab

Files

JaffaCakes118_ccecbbaf6bdd8b83cb5966dc1e8f6157aea6a22274166fb7c10f194ad28f4277
.zip

Password: infected
gye1.cab
.dll regsvr32 windows:4 windows x86 arch:x86

cad305194258f2da52629f12e1a46928

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\sand\start\Century\Suit\Ride\clean\After\QuotientSure.pdb

Imports

kernel32

VirtualAlloc
GetConsoleMode
HeapSize
LoadLibraryA
InitializeCriticalSection
GetConsoleCP
FlushFileBuffers
SetFilePointer
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
VirtualProtect
CreatePipe
GlobalFree
Sleep
GlobalAlloc
GlobalLock
HeapReAlloc
SetUnhandledExceptionFilter
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetLastError
CompareStringA
MultiByteToWideChar
CompareStringW
EnterCriticalSection
LeaveCriticalSection
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
WriteFile

user32

GetMessagePos
UpdateWindow
EnumChildWindows
GetClassNameW
GetWindowTextW
GetAsyncKeyState
GetDC
FindWindowW

gdi32

GetClipBox
SetBkColor
SetTextColor
GetCharWidthW
CreateBitmap

ole32

CoUninitialize
CLSIDFromString
OleSetContainedObject
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance

advapi32

RegCloseKey
RegisterServiceCtrlHandlerW
RegOpenKeyExW
FreeSid
SetSecurityDescriptorOwner
SetServiceStatus
AllocateAndInitializeSid
QueryServiceStatus
LookupPrivilegeValueW
SetSecurityDescriptorDacl
RegDeleteKeyW
InitializeSecurityDescriptor
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyW
OpenServiceW
SetSecurityDescriptorGroup
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenThreadToken
OpenProcessToken
RegSetValueExW

Exports

Exports

DllRegisterServer
DllUnregisterServer
Tablecheck

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 288KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

cad305194258f2da52629f12e1a46928

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ole32

advapi32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 288KB - Virtual size: 1.3MB

.rsrc Size: 212KB - Virtual size: 211KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 288KB - Virtual size: 1.3MB

.rsrc
Size: 212KB - Virtual size: 211KB

.reloc
Size: 12KB - Virtual size: 11KB