JaffaCakes118_e9d40ab2d4121586fd78025aad5c43bdbad9f4778b9242fbf4c69dcd617567d6

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_e9d40ab2d4121586fd78025aad5c43bdbad9f4778b9242fbf4c69dcd617567d6
Size

253KB
MD5

3b91bb9b46102c4155ed4312e80ae68f
SHA1

debc007f47c537c687ac98080580f4cdcb79fc24
SHA256

e9d40ab2d4121586fd78025aad5c43bdbad9f4778b9242fbf4c69dcd617567d6
SHA512

0de0d8ae2cea0e2dce6ee880c89ed5746498120b1e8ae1a412ea4da041f5bde7de1f99a6215ef895d5cd264635e61818414cc2ae19f61d6b3b22f157c3c65c46
SSDEEP

6144:5lPBatc05lRphh2/Bp04gG8I+mS04DwkWL7VbZ:5lPgtcslRpwQdmx4ql

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0312676b0a8a4594da2ba4a13675ce3ae5855d3e166bf86d2688a6679ab1c979

Files

JaffaCakes118_e9d40ab2d4121586fd78025aad5c43bdbad9f4778b9242fbf4c69dcd617567d6
.zip
0312676b0a8a4594da2ba4a13675ce3ae5855d3e166bf86d2688a6679ab1c979
.exe windows:5 windows x86 arch:x86

d1352e534403183ee67a752d94667cc4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\wadasute yuvuz\faro\wata ginow.pdb

Imports

kernel32

InterlockedExchange
GetLocaleInfoA
InterlockedIncrement
_lwrite
SetCommTimeouts
GetSystemDirectoryA
CreateEventW
WriteConsoleW
BuildCommDCBW
AddConsoleAliasW
HeapLock
PeekConsoleInputW
EnumDateFormatsA
ResetEvent
UnregisterWait
VerifyVersionInfoW
WaitNamedPipeW
FindResourceExA
SetTimerQueueTimer
GetFirmwareEnvironmentVariableW
GetModuleFileNameW
BeginUpdateResourceW
GetConsoleAliasExesLengthA
EnumTimeFormatsW
LoadLibraryA
CopyFileW
WriteConsoleOutputCharacterA
LocalAlloc
GetProcAddress
GetSystemDefaultLangID
GetSystemWindowsDirectoryW
FindFirstChangeNotificationA
EndUpdateResourceA
WritePrivateProfileStringA
EnumResourceNamesA
LocalReAlloc
CreateDirectoryW
RemoveDirectoryA
GlobalReAlloc
AreFileApisANSI
GetCurrentDirectoryA
GetConsoleAliasesLengthW
GetAtomNameA
SetFileAttributesA
SetConsoleTitleA
VerSetConditionMask
GetCurrentProcess
SetProcessWorkingSetSize
GetLongPathNameA
GetThreadLocale
GetSystemDefaultLCID
GetCurrentProcessId
GetLastError
SetComputerNameExA
FindFirstFileExW
BuildCommDCBAndTimeoutsW
EnterCriticalSection
EnumCalendarInfoExA
GetDiskFreeSpaceW
GetConsoleAliasExesA
GlobalMemoryStatus
EnumSystemLocalesA
GetComputerNameW
SetLastError
UnhandledExceptionFilter
GetConsoleAliasesLengthA
LoadLibraryW
HeapReAlloc
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
EncodePointer
DecodePointer
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetFilePointer
HeapAlloc
HeapCreate
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetCurrentThreadId
ReadFile
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
CloseHandle
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
RaiseException
Sleep
RtlUnwind
SetStdHandle
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
GetStringTypeW
CreateFileW
HeapSize

gdi32

GetTextExtentExPointW

advapi32

GetOldestEventLogRecord

Sections

.text
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kabero
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cevi
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.poyon
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1352e534403183ee67a752d94667cc4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

advapi32

Sections

.text Size: 229KB - Virtual size: 228KB

.data Size: 9KB - Virtual size: 2.0MB

.kabero Size: 512B - Virtual size: 1B

.cevi Size: 3KB - Virtual size: 2KB

.poyon Size: 1024B - Virtual size: 624B

.rsrc Size: 91KB - Virtual size: 91KB

.text
Size: 229KB - Virtual size: 228KB

.data
Size: 9KB - Virtual size: 2.0MB

.kabero
Size: 512B - Virtual size: 1B

.cevi
Size: 3KB - Virtual size: 2KB

.poyon
Size: 1024B - Virtual size: 624B

.rsrc
Size: 91KB - Virtual size: 91KB