C:\ziranivehu48_genekosidoci\nibucu\ledawebiv\fovuz\ru.pdb
Static task
static1
Behavioral task
behavioral1
Sample
g6liy.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
g6liy.exe
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_142a72dce56f800e2b753e4eb1fb24e3c91488c42ef8e911c3025d184e22e063
-
Size
108KB
-
MD5
d7bd3fdb7fc6cc93c1a8d2a50571a407
-
SHA1
b83330ecdfbe64267beda773ffef13e21cf414ac
-
SHA256
142a72dce56f800e2b753e4eb1fb24e3c91488c42ef8e911c3025d184e22e063
-
SHA512
fc2b2e5ace6479b325c528611de84ff318b2d3f212212def3eeaf6307da6d41c731b4481929fefee0ffbddb4ac63a3ccc1e69a5eb9686a5f34bf2eba55620c31
-
SSDEEP
3072:kkKNAPWtRDYLOYmst099PvVqrKKYgmTakj+lNwOOm1B:kkFW6OGt0D97Kdea5wW
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/g6liy.exe
Files
-
JaffaCakes118_142a72dce56f800e2b753e4eb1fb24e3c91488c42ef8e911c3025d184e22e063.zip
Password: infected
-
g6liy.exe.exe windows:5 windows x86 arch:x86
0a5d1e29118a384817b14a8b7f0455b3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
FindActCtxSectionGuid
InterlockedDecrement
GetCurrentProcess
GetEnvironmentStringsW
GetUserDefaultLCID
ReadConsoleW
FindActCtxSectionStringA
GetSystemWindowsDirectoryA
LeaveCriticalSection
GetLocaleInfoA
WriteConsoleW
GetModuleFileNameW
GetConsoleOutputCP
GetProcAddress
EnterCriticalSection
PrepareTape
LocalAlloc
WaitForMultipleObjects
SetSystemTime
GetModuleFileNameA
SetConsoleTitleW
GetModuleHandleA
FindFirstVolumeA
AddConsoleAliasA
GetProfileSectionW
PulseEvent
VerifyVersionInfoA
GetCommandLineW
HeapAlloc
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
HeapSize
RtlUnwind
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
CloseHandle
FreeEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
LoadLibraryA
CreateFileA
RaiseException
SetStdHandle
FlushFileBuffers
WriteConsoleA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetEndOfFile
GetProcessHeap
ReadFile
gdi32
GetCharWidthFloatW
Exports
Exports
@SetViceVariants@12
Sections
.text Size: 98KB - Virtual size: 98KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 29.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ