JaffaCakes118_154fcf6de1a4d2148da99d796d7c611b10d894546610561b588a970ab7c7053f

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_154fcf6de1a4d2148da99d796d7c611b10d894546610561b588a970ab7c7053f
Size

135KB
MD5

7f5f7a43ba27f8825f6744559169f113
SHA1

b8dae9800fbde147c9705377670897e806c6abdb
SHA256

154fcf6de1a4d2148da99d796d7c611b10d894546610561b588a970ab7c7053f
SHA512

1ec967ad2db08d47ed43d299fed52abd9696f045c13a7e92e5911ae5c1b281b49803e7e75d272515fc2c67aafc5525f477aa82fbf26a3caeb16b3c3bab7e8990
SSDEEP

3072:kmzk6rktZsru/oQ3nLNxtNr3EVoLztB79x+4yVthD:kv6rTGo2Ljr3EVOtBe4yVrD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57

Files

JaffaCakes118_154fcf6de1a4d2148da99d796d7c611b10d894546610561b588a970ab7c7053f
.zip

Password: infected
5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57
.exe windows:4 windows x86 arch:x86

de6ccb422d73fad528315b82baa175c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\more\mile\contain\upEver.pdb

Imports

kernel32

RtlUnwind
InitializeCriticalSection
ReadFile
SetEndOfFile
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LoadLibraryA
SetFilePointer
LCMapStringA
FlushFileBuffers
CompareStringA
GlobalFree
CompareStringW
GetVersion
LCMapStringW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameW
GetTimeZoneInformation
SetStdHandle
GetStartupInfoA
SetHandleCount
WideCharToMultiByte
GetDateFormatA
GetTimeFormatA
MultiByteToWideChar
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetACP
InterlockedDecrement
VirtualProtectEx
GetSystemDirectoryA
CreateEventA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCommandLineW
HeapSize
Sleep
GetVolumeInformationA
GlobalAlloc
GlobalLock
GetLocaleInfoA
OpenMutexA
InterlockedIncrement
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
HeapAlloc
GetLastError
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
CloseHandle
HeapFree
GetVersionExA
GetProcessHeap
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetFileType
CreateFileA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
SetEnvironmentVariableA

user32

OpenClipboard
GetIconInfo
BeginPaint
GetWindowTextLengthA
SetFocus
LoadBitmapA
GetFocus
GetClassInfoExA
RegisterClassExA
InvalidateRect
GetCursorPos
ValidateRect
DestroyMenu
CallWindowProcA
MapWindowPoints
SetWindowTextA
GetSystemMetrics
CheckDlgButton
PostMessageA
AppendMenuA
IsDialogMessageA

winspool.drv

ClosePrinter
GetJobA
OpenPrinterA
EnumPrintersA
AddPrinterConnectionA
DocumentPropertiesA

gdi32

ExcludeClipRect
SetBkMode
LineTo

comctl32

ImageList_Draw
CreateToolbarEx
ImageList_LoadImageA
ord17
ImageList_SetOverlayImage
DestroyPropertySheetPage
ord6

ole32

OleInitialize
OleUninitialize
CoInitialize
OleSetContainedObject
CoUninitialize

wininet

InternetCanonicalizeUrlA
HttpQueryInfoA
InternetOpenUrlA
InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetCrackUrlA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetOpenA
InternetCloseHandle
InternetQueryOptionA

shlwapi

SHSetValueA
UrlCreateFromPathA
PathFindFileNameA
StrChrA
UrlApplySchemeA

advapi32

RegCloseKey
RegCreateKeyA

crypt32

CertEnumCertificatesInStore
CertGetCertificateChain
CertFindCertificateInStore
CertFreeCertificateContext
CertFreeCertificateChain
CertDeleteCertificateFromStore
CryptAcquireCertificatePrivateKey
CertCreateCertificateContext
CertVerifyCertificateChainPolicy
CryptHashPublicKeyInfo

avifil32

AVIBuildFilterA
AVIFileOpenA
AVIFileEndRecord
AVIFileInit
AVIFileReadData

secur32

FreeContextBuffer
QuerySecurityPackageInfoA
ImpersonateSecurityContext
InitializeSecurityContextA

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

de6ccb422d73fad528315b82baa175c9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

winspool.drv

gdi32

comctl32

ole32

wininet

shlwapi

advapi32

crypt32

avifil32

secur32

Sections

.text Size: 124KB - Virtual size: 121KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 24KB - Virtual size: 102KB

.rsrc Size: 28KB - Virtual size: 24KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 24KB - Virtual size: 102KB

.rsrc
Size: 28KB - Virtual size: 24KB

.reloc
Size: 8KB - Virtual size: 6KB