JaffaCakes118_d2c996657cc071187c1e84cd4720849addafb5f59a24d61b5ae49c646d0e748b

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_d2c996657cc071187c1e84cd4720849addafb5f59a24d61b5ae49c646d0e748b
Size

690KB
MD5

1e9d36b563e2f8278e9668a63975bb4c
SHA1

cf42a2e616b4f840c58c12de38ee4628dd079bf7
SHA256

d2c996657cc071187c1e84cd4720849addafb5f59a24d61b5ae49c646d0e748b
SHA512

5694be9c79f7a0ed60cd0b8790c40aa3081459f1be87f28fb2382313682b64edfeebe1fc8d3d194db5ff6128f46693862fa2e8dcafaec99a42861897649669be
SSDEEP

12288:8L4hGTFoaEmMaaKGAyKg0mxf/AWPbesU6cEw1MazdfavyMtfiFIU3qEykvY:gTFsaCAyKgHf/TPbK4wxmyLFIkzRY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/F2D3.bin

Files

JaffaCakes118_d2c996657cc071187c1e84cd4720849addafb5f59a24d61b5ae49c646d0e748b
.zip

Password: infected
F2D3.bin
.exe windows:5 windows x86 arch:x86

8e2ab8a1912a9d8e58f338a0e4e577f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\hopiho fula\51\pub_retisugewove\nitebehalup\tojapayah\zagureg.pdb

Imports

kernel32

GetFileSize
SetDefaultCommConfigA
SetPriorityClass
SetThreadContext
GetConsoleAliasesLengthW
CopyFileExW
GetConsoleAliasExesA
GetDriveTypeW
DebugActiveProcessStop
lstrcpynA
GetConsoleAliasExesLengthA
FindResourceW
BuildCommDCBAndTimeoutsA
SetDllDirectoryW
InterlockedIncrement
_lwrite
VerSetConditionMask
MoveFileExW
InterlockedDecrement
GetCurrentActCtx
GetSystemWindowsDirectoryW
CreateJobObjectW
GetNamedPipeHandleStateA
GetModuleHandleExW
SetConsoleScreenBufferSize
InterlockedCompareExchange
WriteConsoleInputA
GetComputerNameW
GetLogicalDrives
CallNamedPipeW
FreeEnvironmentStringsA
SetTapeParameters
GetProcessPriorityBoost
GetTickCount
GetPrivateProfileStringW
GetCompressedFileSizeW
ReadConsoleOutputA
GetDateFormatA
FindActCtxSectionStringA
GetCommandLineA
CreateActCtxW
EnumResourceTypesA
GetPrivateProfileIntA
GetSystemDirectoryW
AddRefActCtx
TerminateThread
CopyFileW
GetCalendarInfoA
ReadProcessMemory
GetSystemWow64DirectoryW
GetSystemWindowsDirectoryA
FormatMessageW
GetSystemTimeAdjustment
GetVersionExW
GetFileAttributesA
WritePrivateProfileStructW
FindNextVolumeW
GetConsoleAliasW
GetWriteWatch
VerifyVersionInfoA
GetBinaryTypeA
TerminateProcess
GetMailslotInfo
GetCompressedFileSizeA
GetTimeZoneInformation
CreateFileA
GetOverlappedResult
GetACP
GetVolumePathNameA
lstrlenW
FindNextVolumeMountPointW
CreateMailslotW
DisconnectNamedPipe
GlobalUnfix
ReleaseActCtx
GetStartupInfoA
GetCPInfoExW
FillConsoleOutputCharacterW
GetHandleInformation
GetLastError
ReadConsoleOutputCharacterA
CreateNamedPipeA
EnumDateFormatsExA
WriteProfileSectionA
CopyFileA
SetComputerNameA
DisableThreadLibraryCalls
DefineDosDeviceA
ResetEvent
_hwrite
OpenWaitableTimerA
GetLocalTime
GetAtomNameA
LoadLibraryA
WriteConsoleA
ProcessIdToSessionId
InterlockedExchangeAdd
LocalAlloc
GetFileType
WritePrivateProfileStringA
MoveFileA
GetExitCodeThread
SetCurrentDirectoryW
HeapLock
FindAtomA
FoldStringA
SetSystemTime
GlobalWire
GetModuleHandleA
FindFirstChangeNotificationA
CreateWaitableTimerW
lstrcatW
FindNextFileW
GetStringTypeW
GetConsoleTitleW
BuildCommDCBA
VirtualProtect
EnumDateFormatsW
WaitForDebugEvent
OutputDebugStringA
SetCalendarInfoA
SetThreadAffinityMask
Module32NextW
EndUpdateResourceA
ReadConsoleInputW
TerminateJobObject
CloseHandle
DeleteFileW
GetCurrentProcessId
GetProfileSectionW
SetComputerNameExW
UnregisterWait
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WideCharToMultiByte
GetCurrentProcess
IsDebuggerPresent
DeleteFileA
GetModuleFileNameW
GetStartupInfoW
HeapValidate
IsBadReadPtr
RaiseException
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleW
GetProcAddress
ExitProcess
GetModuleFileNameA
WriteFile
GetStdHandle
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
DebugBreak
WriteConsoleW
OutputDebugStringW
LoadLibraryW
SetHandleCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetStringTypeA
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetStdHandle
GetConsoleOutputCP
GetLocaleInfoW

advapi32

ImpersonateNamedPipeClient

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 586KB - Virtual size: 838KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

8e2ab8a1912a9d8e58f338a0e4e577f1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 205KB - Virtual size: 205KB

.data Size: 586KB - Virtual size: 838KB

.rsrc Size: 40KB - Virtual size: 39KB

.text
Size: 205KB - Virtual size: 205KB

.data
Size: 586KB - Virtual size: 838KB

.rsrc
Size: 40KB - Virtual size: 39KB