JaffaCakes118_79db4c7747fe664d2c086af6c24a8d34a3dc5ccc4c79a93b647e1ce0cadb4940

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_79db4c7747fe664d2c086af6c24a8d34a3dc5ccc4c79a93b647e1ce0cadb4940
Size

176KB
MD5

89877a9235a809fdc784b353f6f50bdf
SHA1

f8792e40420f0c56c99d7300d5008cb8e5c4fd0f
SHA256

79db4c7747fe664d2c086af6c24a8d34a3dc5ccc4c79a93b647e1ce0cadb4940
SHA512

ee36a3f5126dd859164609734b46f76fd239069ae9628b8cba94ae5528950e0e7bd11997f1411531e34fde95f8e15942b973a787e53d84a14c78ad4235f05802
SSDEEP

3072:8qg6zKhPyR8m+GkF0oOrTcpIMZE+fQ9zegSwgPYc3+mVZVaTAt+jOVwt1:Hg4KAR3hrDKtfPge3dZVmNt1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1cf27ab77a771ff942b1e2947856844fbab4991cf87aca618968445b5c5d706d

Files

JaffaCakes118_79db4c7747fe664d2c086af6c24a8d34a3dc5ccc4c79a93b647e1ce0cadb4940
.zip
1cf27ab77a771ff942b1e2947856844fbab4991cf87aca618968445b5c5d706d
.exe windows:5 windows x86 arch:x86

80fec6fca6f81033220e34b44810dbfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\lalovum36_po.pdb

Imports

kernel32

CallNamedPipeW
TerminateProcess
GetExitCodeProcess
GetVersionExW
SetConsoleCP
GetConsoleAliasesLengthW
GetDefaultCommConfigW
FindFirstFileExW
GetDriveTypeW
FreeEnvironmentStringsA
SetProcessPriorityBoost
SetVolumeMountPointW
GetLongPathNameA
CopyFileA
TlsGetValue
SetConsoleCursorInfo
SetComputerNameExA
SystemTimeToTzSpecificLocalTime
FindAtomA
ReleaseSemaphore
CallNamedPipeA
CreateMailslotA
BuildCommDCBAndTimeoutsW
VirtualProtect
LoadLibraryA
LocalAlloc
TryEnterCriticalSection
GetCommandLineW
InterlockedDecrement
GetCalendarInfoA
DeleteFileA
CreateActCtxW
CreateRemoteThread
SetSystemTimeAdjustment
GetPriorityClass
WritePrivateProfileStringA
GetProcessHeaps
GetProcessHeap
GlobalUnWire
ReadConsoleOutputCharacterW
GetStartupInfoW
GetDiskFreeSpaceExA
GetCPInfoExA
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetLastError
WriteProfileSectionW
GetProfileStringA
GetConsoleCursorInfo
SetLastError
DeleteVolumeMountPointA
DebugBreak
lstrcmpA
WriteFile
SetConsoleMode
GetVersion
GetSystemWindowsDirectoryW
GlobalFindAtomA
FindCloseChangeNotification
GetTapeParameters
SetMailslotInfo
InterlockedExchange
DefineDosDeviceW
FindVolumeMountPointClose
EndUpdateResourceW
WriteConsoleW
GetSystemTimeAdjustment
WritePrivateProfileSectionA
GetPrivateProfileStructW
GetDriveTypeA
GetFileAttributesExA
MoveFileW
GetVolumePathNameA
GetConsoleMode
HeapUnlock
lstrcmpW
SetDefaultCommConfigW
FindActCtxSectionStringA
ResetEvent
GetThreadContext
MoveFileExW
GetProcAddress
GlobalLock
UnregisterWaitEx
BuildCommDCBA
PeekConsoleInputW
GetBinaryTypeW
CreateSemaphoreW
TransmitCommChar
WaitNamedPipeA
GetPrivateProfileSectionNamesW
FindResourceExW
EnumTimeFormatsW
GetLocalTime
CreateSemaphoreA
FreeEnvironmentStringsW
GetPrivateProfileSectionW
GetOverlappedResult
SetFileShortNameW
lstrcpyA
VerLanguageNameW
SetThreadExecutionState
SetSystemTime
LockFile
VerSetConditionMask
GetConsoleAliasA
FlushConsoleInputBuffer
FreeConsole
GetAtomNameW
GetConsoleAliasExesLengthA
WriteConsoleInputW
TransactNamedPipe
EnumDateFormatsA
SetCommState
FileTimeToLocalFileTime
_lopen
GetConsoleAliasExesLengthW
GetWriteWatch
GetNumberOfConsoleInputEvents
GetModuleHandleW
WriteConsoleOutputCharacterA
HeapFree
OpenMutexW
LocalLock
GetCommMask
SetEndOfFile
FindClose
CreateIoCompletionPort
SetFileApisToANSI
CancelWaitableTimer
GetProcessHandleCount
UnregisterWait
GetProcessVersion
lstrcpynA
GetNamedPipeInfo
GetCompressedFileSizeA
FindNextVolumeMountPointW
GetFullPathNameA
WriteProfileStringA
DeleteAtom
GlobalAddAtomW
TerminateJobObject
QueryDosDeviceW
InitializeCriticalSection
Process32NextW
SetCurrentDirectoryA
GetBinaryTypeA
MoveFileA
RaiseException
HeapValidate
IsBadReadPtr
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetModuleHandleA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InterlockedIncrement
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetModuleFileNameA
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
RtlUnwind
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
OutputDebugStringW
LoadLibraryW
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
WideCharToMultiByte
LCMapStringA
LCMapStringW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA

Sections

.text
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.koyalef
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bopi
Size: 512B - Virtual size: 234B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cegem
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80fec6fca6f81033220e34b44810dbfd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 250KB - Virtual size: 250KB

.data Size: 6KB - Virtual size: 1.0MB

.koyalef Size: 512B - Virtual size: 5B

.bopi Size: 512B - Virtual size: 234B

.cegem Size: 3KB - Virtual size: 3KB

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 250KB - Virtual size: 250KB

.data
Size: 6KB - Virtual size: 1.0MB

.koyalef
Size: 512B - Virtual size: 5B

.bopi
Size: 512B - Virtual size: 234B

.cegem
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 18KB - Virtual size: 17KB