JaffaCakes118_9b09290d92164738d02c6cdc74a3b201a6722af9bf2436fa69831565fe8ea0a9

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_9b09290d92164738d02c6cdc74a3b201a6722af9bf2436fa69831565fe8ea0a9
Size

400KB
MD5

c7c4b08d658658cd988f29eeff6a3d55
SHA1

edb8ef63a3773f22fcd064238903dcd257743d10
SHA256

9b09290d92164738d02c6cdc74a3b201a6722af9bf2436fa69831565fe8ea0a9
SHA512

708fbe18815dceca39240472c893dc42024d59b9b5b9d5de1e0d2ce9355233d4ac72296a5afb074dfc28a4ff9a5934d36bb0bfbcc599274e32d5fbad3e5e871c
SSDEEP

6144:87jFAS/muQBBccyjvIwO41C23TT+Tfj2WsbLOxZ7Gax+CDrWyximwWjmIl6b:aR/r29CO4Y2/+LjOGxZ7VVWywm9jlAb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6nd0y.bin

Files

JaffaCakes118_9b09290d92164738d02c6cdc74a3b201a6722af9bf2436fa69831565fe8ea0a9
.zip

Password: infected
6nd0y.bin
.exe windows:5 windows x86 arch:x86

40e5c5c7408818462da1afadba1094c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\kamamox jajuyeto.pdb

Imports

kernel32

LoadLibraryA
GetPrivateProfileIntA
SetLocaleInfoA
FindNextVolumeW
GetNamedPipeHandleStateW
LocalFileTimeToFileTime
EnumResourceTypesA
EnumResourceNamesW
FillConsoleOutputCharacterA
GetTimeZoneInformation
TerminateProcess
SetEvent
FindNextFileA
GetCompressedFileSizeA
CopyFileExW
BuildCommDCBW
VerifyVersionInfoA
FreeResource
SetLastError
GetVersionExW
ReadConsoleOutputCharacterA
SetDefaultCommConfigW
VerLanguageNameA
GetCommConfig
WritePrivateProfileStructW
FreeEnvironmentStringsA
CreateTimerQueue
FindNextVolumeMountPointA
ResetWriteWatch
WriteConsoleInputA
SetComputerNameExA
AddAtomW
InitAtomTable
GetThreadPriority
CallNamedPipeA
GetDriveTypeW
BuildCommDCBAndTimeoutsW
VirtualProtect
LoadLibraryW
GlobalAlloc
VerifyVersionInfoW
InterlockedExchange
FindFirstChangeNotificationA
SearchPathW
FormatMessageA
SetDllDirectoryW
GetModuleHandleA
WritePrivateProfileStringA
GetUserDefaultLCID
TerminateThread
GlobalUnfix
GetStartupInfoW
GetSystemWow64DirectoryW
CopyFileA
SetCalendarInfoW
GetLastError
DebugBreak
SetConsoleCursorInfo
FreeLibraryAndExitThread
GetModuleFileNameA
GetConsoleAliasExesLengthA
SetConsoleScreenBufferSize
WaitForDebugEvent
InterlockedExchangeAdd
GetOEMCP
GetPrivateProfileStringW
CreateActCtxA
GetPrivateProfileIntW
ReadConsoleInputW
OutputDebugStringW
EnumResourceTypesW
lstrlenA
WriteConsoleW
OpenMutexW
GetThreadContext
DeleteCriticalSection
ConvertFiberToThread
FreeEnvironmentStringsW
SetProcessPriorityBoost
LockFile
GetConsoleCP
CreateIoCompletionPort
AllocConsole
GlobalGetAtomNameW
SetComputerNameA
GetConsoleAliasExesLengthW
CreateMailslotW
GetCommState
MoveFileWithProgressW
GetSystemTimeAdjustment
EnumSystemLocalesA
SetFileApisToANSI
OpenWaitableTimerW
OpenFileMappingW
GetFileSizeEx
GetConsoleAliasesLengthW
GetProcessShutdownParameters
WriteConsoleOutputCharacterA
GetConsoleAliasExesA
GetBinaryTypeW
GetNumberFormatA
GetModuleHandleW
Sleep
InterlockedIncrement
InterlockedDecrement
GetProcAddress
ExitProcess
MoveFileA
DeleteFileA
RaiseException
HeapValidate
IsBadReadPtr
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
WriteFile
GetStdHandle
GetACP
GetCPInfo
IsValidCodePage
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
GetCommandLineW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
RtlUnwind
OutputDebugStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA

user32

CharToOemBuffW

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 325KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

40e5c5c7408818462da1afadba1094c2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 148KB - Virtual size: 147KB

.data Size: 325KB - Virtual size: 488KB

.rsrc Size: 36KB - Virtual size: 35KB

.text
Size: 148KB - Virtual size: 147KB

.data
Size: 325KB - Virtual size: 488KB

.rsrc
Size: 36KB - Virtual size: 35KB