JaffaCakes118_80c30db2d99ff849295e7c0a8e6924ead10228105d0d675f02c1244ef6bd0106

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_80c30db2d99ff849295e7c0a8e6924ead10228105d0d675f02c1244ef6bd0106
Size

285KB
MD5

d567702d13ddeae99886f3a93f0ae154
SHA1

d46838b89c6005ec784cde3009e1b3f1291f4b7a
SHA256

80c30db2d99ff849295e7c0a8e6924ead10228105d0d675f02c1244ef6bd0106
SHA512

c82ab3a14182285aaf84d05709e7b1f4c0226d1221c670a4502eb1793668c239149580f625821578b384b8321a9ab3238946a72af29888eac7ff5dcbff4976ac
SSDEEP

6144:gU5eQvXds9hxRIAlk7SMLtxPfvNrLZcC5voZjuwOZ4w:qyXds97R9pMPH5vQSwy4w

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Orignal Invoice_pdf.exe
unpack002/duzcazams.exe

Files

JaffaCakes118_80c30db2d99ff849295e7c0a8e6924ead10228105d0d675f02c1244ef6bd0106
.gz .ps1 polyglot
Orignal Invoice_pdf.exe
.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
duzcazams.exe
.exe windows:6 windows x86 arch:x86

d1440b084c32110bfdd59b0a469766a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrChrA
StrChrW
StrCmpNW
StrRChrW

kernel32

ReadFile
GetTempPathW
VirtualAlloc
lstrcatW
EnumResourceTypesW
GetConsoleWindow
GetFileSize
FindFirstFileExW
FindClose
HeapAlloc
HeapFree
GetCommandLineW
CreateFileW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
RaiseException
DecodePointer
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
CompareStringW
GetCommandLineA
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
WriteFile
GetStdHandle
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwind
TerminateProcess
GetCurrentProcess
GetStringTypeW
GetFileType
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleHandleW
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent

mpr

WNetGetUserA
WNetGetLastErrorA
MultinetGetConnectionPerformanceW
WNetGetResourceInformationW
WNetGetProviderNameW
WNetGetConnectionW

comdlg32

GetSaveFileNameA
PrintDlgExW
GetSaveFileNameW
PrintDlgW
PageSetupDlgA
FindTextA

winmm

waveInStop
mixerGetLineControlsW
waveOutWrite
mmTaskBlock

wsnmp32

ord901
ord105
ord900
ord300
ord102
ord200

ole32

OleCreateLinkToFileEx
ReadFmtUserTypeStg
HWND_UserUnmarshal
IsEqualGUID
BindMoniker
WriteStringStream
StgOpenStorageOnILockBytes
HPALETTE_UserFree
CreateDataCache

resutils

ResUtilFindSzProperty
ResUtilVerifyService
ResUtilSetPropertyParameterBlock
ResUtilGetSzProperty
ResUtilVerifyResourceService
ResUtilStartResourceService
ResUtilSetPrivatePropertyList
ResUtilVerifyPrivatePropertyList
ResUtilSetBinaryValue

oleaut32

VarR4FromBool
VarR4FromDisp
VarUI2FromUI1
VarCyFromUI2
SafeArrayGetIID
VarAbs
VarR4FromDec
OleLoadPicture
VarAnd
VarUI4FromCy

shell32

SHAddToRecentDocs
FindExecutableA
DoEnvironmentSubstW

msi

ord15
ord115
ord14
ord91
ord56
ord158

user32

ShowWindow

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eecmykwj.xuq
vgiybpcm.x

Sharing

General

Malware Config

Signatures

Files

56a78d55f3f7af51443e58e0ce2fb5f6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 172KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 6KB - Virtual size: 5KB

d1440b084c32110bfdd59b0a469766a3

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

mpr

comdlg32

winmm

wsnmp32

ole32

resutils

oleaut32

shell32

msi

user32

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 180B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 172KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 6KB - Virtual size: 5KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 180B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB