JaffaCakes118_e54ac0f2c08d5fe0e4fcd71d4ae69a6376561ab9a663b389915adb601955ba11

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_e54ac0f2c08d5fe0e4fcd71d4ae69a6376561ab9a663b389915adb601955ba11
Size

4.3MB
MD5

4c4d4fa4564e6a70ffdba48c4b8eb60b
SHA1

71c489e0b611d8891aeb67abed494ef360907286
SHA256

e54ac0f2c08d5fe0e4fcd71d4ae69a6376561ab9a663b389915adb601955ba11
SHA512

bd1048174be534fbce8204a4e151db2fa7c45f46df7dbd0f41b5c0307fe96a297fa0e1b4614be9622f192ef0a9ad0baafbc7818668a0d30dd2a7cabed6c7f34c
SSDEEP

98304:5MbbwAdbDf2AdvhbiyX/wiW/xbzVXkDf70QFraUAm8qT07WLp:+bcij2a5b5wHxbRU/0krUqTpl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/91ce27ac492cd76e7791d27bd6de589c6f749a18e1c20d14a33971271467bdeb

Files

JaffaCakes118_e54ac0f2c08d5fe0e4fcd71d4ae69a6376561ab9a663b389915adb601955ba11
.zip

Password: infected
91ce27ac492cd76e7791d27bd6de589c6f749a18e1c20d14a33971271467bdeb
.exe windows:5 windows x86 arch:x86

752d5f0af981e17b387967e3adb64bf2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\wedev\ribuxa74\bazo.pdb

Imports

kernel32

GetFileSize
SetFilePointer
lstrlenA
CopyFileExW
TlsGetValue
SetLocalTime
GetDriveTypeW
CommConfigDialogA
BuildCommDCBAndTimeoutsA
FreeLibrary
CallNamedPipeA
_lwrite
InterlockedDecrement
WritePrivateProfileSectionA
SetEnvironmentVariableW
CreateDirectoryW
GetProfileSectionA
WaitForSingleObject
WriteConsoleInputA
SetComputerNameW
SetVolumeMountPointW
GetComputerNameW
FreeEnvironmentStringsA
GetModuleHandleW
GetConsoleTitleA
ReadConsoleW
EnumTimeFormatsW
CreateActCtxW
CreateDirectoryExW
GetPriorityClass
GlobalAlloc
LoadLibraryW
GetConsoleMode
Sleep
ReadConsoleInputA
_hread
GetPrivateProfileStructW
SetVolumeMountPointA
WritePrivateProfileStructW
Beep
SetConsoleCursorPosition
GetBinaryTypeA
ReadFile
GetModuleFileNameW
SetConsoleTitleA
GlobalUnlock
VerifyVersionInfoW
GlobalUnfix
CreateFileA
GetCPInfoExW
FillConsoleOutputCharacterW
IsDBCSLeadByteEx
GetCurrentDirectoryW
GetProcAddress
GetComputerNameExW
CreateNamedPipeA
CopyFileA
VerLanguageNameW
GetTempFileNameA
OpenWaitableTimerA
GetAtomNameA
OpenMutexA
OpenWaitableTimerW
LocalAlloc
IsWow64Process
CreateFileMappingW
IsSystemResumeAutomatic
SetConsoleOutputCP
AddAtomW
SetCurrentDirectoryW
QueryDosDeviceW
SetCommMask
EnumResourceTypesW
WTSGetActiveConsoleSessionId
GetThreadPriority
CreateIoCompletionPort
FindNextFileW
BuildCommDCBA
CompareStringA
SetCalendarInfoA
_lopen
OpenSemaphoreW
GetVersionExA
TlsAlloc
LocalSize
DeleteTimerQueueTimer
ReadConsoleOutputCharacterW
InterlockedPushEntrySList
TlsFree
LCMapStringW
GetVolumeInformationW
CloseHandle
CreateFileW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetThreadLocale
HeapReAlloc
InterlockedIncrement
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
WideCharToMultiByte
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapValidate
IsBadReadPtr
DeleteFileA
MultiByteToWideChar
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RtlUnwind
RaiseException
GetCPInfo
ExitProcess
WriteFile
GetStdHandle
GetACP
GetOEMCP
IsValidCodePage
TlsSetValue
GetCurrentThreadId
SetLastError
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetFileType
GetConsoleCP
IsProcessorFeaturePresent
HeapAlloc
GetModuleFileNameA
HeapSize
HeapQueryInformation
HeapFree
HeapCreate
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetLocaleInfoW
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers

user32

GetCursorInfo
GetListBoxInfo
GetComboBoxInfo
GetMenuBarInfo

advapi32

InitiateSystemShutdownW

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

752d5f0af981e17b387967e3adb64bf2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 8KB - Virtual size: 28KB

.rsrc Size: 22KB - Virtual size: 4.7MB

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 8KB - Virtual size: 28KB

.rsrc
Size: 22KB - Virtual size: 4.7MB