JaffaCakes118_36f83a423fe55a0379830162c07f67933a13f490d1a194c5ec2f3cb2b5aa13ef

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_36f83a423fe55a0379830162c07f67933a13f490d1a194c5ec2f3cb2b5aa13ef
Size

282KB
MD5

b47a9f46cb3454391ab17c8bef76f75c
SHA1

4e7ac333072d0a163d4393033063b8e16ebe407f
SHA256

36f83a423fe55a0379830162c07f67933a13f490d1a194c5ec2f3cb2b5aa13ef
SHA512

9d0fdfea3540c5797af3d384c60ab9562d75dc43f8f5dfc058cc2b26d006c1670d927c9c384e3c0296af5db980eb4abef9faa042d5b7716e1d125d241424e640
SSDEEP

6144:cZ+rELXa2/+39RDQpRROUxX+gP69UZ2GdqtpDeRplplhntoN:8+gXM3GiUx3yy2EqtpD2lX6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sample5.exe

Files

JaffaCakes118_36f83a423fe55a0379830162c07f67933a13f490d1a194c5ec2f3cb2b5aa13ef
.zip

Password: infected
sample5.exe
.exe windows:4 windows x86 arch:x86

7aa9e6fad3eff50907a90fc37676cd5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleScreenBufferInfo
GetStdHandle
LoadLibraryExA
SetConsoleScreenBufferSize
FreeConsole
CompareStringW
CompareStringA
ExitProcess
SetConsoleTextAttribute
GetLocaleInfoW
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
SetStdHandle
SetConsoleCtrlHandler
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
RtlUnwind
RaiseException
GetVersionExA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FatalAppExitA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
CreateFileA
CloseHandle
WriteConsoleA
VirtualProtect
GetSystemInfo
VirtualQuery
TlsAlloc
SetLastError
GetCurrentThreadId
GetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
WriteFile
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
HeapSize
WideCharToMultiByte
InterlockedExchange
InitializeCriticalSection
FlushFileBuffers
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
SetFilePointer
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
SetEnvironmentVariableA

user32

GetDesktopWindow

advapi32

CryptAcquireContextA

odbc32

ord24
ord75
ord41
ord11
ord18
ord20
ord16
ord31
ord9
ord13
ord27
ord4

Sections

.text
Size: 256KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

7aa9e6fad3eff50907a90fc37676cd5e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

odbc32

Sections

.text Size: 256KB - Virtual size: 254KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 252KB - Virtual size: 255KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 288B

.text
Size: 256KB - Virtual size: 254KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 252KB - Virtual size: 255KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 288B