e293633bd040b898b3a5dfaa523affe4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e293633bd040b898b3a5dfaa523affe4_JaffaCakes118
Size

43KB
MD5

e293633bd040b898b3a5dfaa523affe4
SHA1

58090e8e6ce42f3f4b35a1b6a904bf25c9073a73
SHA256

64dc1977e26701f5acd80031e13cc8ac63e0cca9f7bd453ebc96501db79a36a6
SHA512

5a5da28d1acba8b1f517ab1c738a1fcb209660458a73369c18dc55b49c3889ccf510f3cdca5b0bf43292f66713afdd59bb855dd0e52b0b82d0e7f5c59cc52670
SSDEEP

768:4OkUBkLs9BiU985drD34LnURZZ0ukfWT0sG7djkZGf3mT+era7s0Xf4Sj0jmroX:4mBkLiz9GdrDILUB0ukfWDG7djkZGe6f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e293633bd040b898b3a5dfaa523affe4_JaffaCakes118

Files

e293633bd040b898b3a5dfaa523affe4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5fa4e32dfc1df4d77aeee93d1884bdac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

Ssync_ANSI_UNICODE_Struct_For_WOW
GetFileTitleA
PrintDlgExW
ChooseFontW
ReplaceTextA
PrintDlgA
GetSaveFileNameA
ReplaceTextW
GetOpenFileNameA
CommDlgExtendedError
GetFileTitleW
ChooseColorW
PrintDlgW
dwOKSubclass
ChooseColorA
ChooseFontA

kernel32

GlobalMemoryStatusEx
LockFile
GetCalendarInfoA
GetLogicalDrives
Sleep
WritePrivateProfileStructA
SetConsoleMode
FindFirstVolumeMountPointW
_lclose
LoadLibraryA
FindFirstFileA
GetVersion
VirtualAlloc
GetStringTypeA
PostQueuedCompletionStatus
GetConsoleCommandHistoryLengthW
WaitNamedPipeW
GetCommandLineW
RegisterConsoleOS2
SetConsoleTitleA
GetTickCount
Thread32Next

msvcrt40

sin
getenv
?epptr@streambuf@@IBEPADXZ
atof
??_Eostrstream@@UAEPAXI@Z
??4streambuf@@QAEAAV0@ABV0@@Z
exit
_spawnvp
?bitalloc@ios@@SAJXZ
??1ios@@UAE@XZ
__p__pctype
?fd@fstream@@QBEHXZ
putwc
??0istream_withassign@@QAE@XZ

advapi32

GetSecurityInfoExA
SetTokenInformation
ConvertSecurityDescriptorToAccessNamedW
CryptEnumProvidersW
GetExplicitEntriesFromAclA
DeregisterEventSource
RegSetValueExW
CryptSetProviderExA
SystemFunction021
UpdateTraceA
ChangeServiceConfigA
EqualDomainSid
LsaFreeMemory
DestroyPrivateObjectSecurity
CredReadW
AdjustTokenGroups

userenv

DllRegisterServer
RsopResetPolicySettingStatus
GetAllUsersProfileDirectoryA
GetProfilesDirectoryW
RsopLoggingEnabled
RsopAccessCheckByType
FreeGPOListA
GetUserProfileDirectoryA
RsopFileAccessCheck
WaitForMachinePolicyForegroundProcessing
GetDefaultUserProfileDirectoryW
DllCanUnloadNow

uniplat

UnimodemReadFileEx
StopMonitoringHandle
CreateOverStructPool
UnimodemQueueUserAPC
CancelUnimodemTimer
UnimodemWaitCommEventEx
StartMonitorThread
CreateUnimodemTimer
SetUnimodemTimer
UnimodemNotifyTSP
CallEnding
FreeOverStruct
DestroyOverStructPool

untfs

?Flush@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_BITMAP@@PAVNTFS_INDEX_TREE@@E@Z
??1NTFS_FRS_STRUCTURE@@UAE@XZ
??0NTFS_MFT_INFO@@QAE@XZ
?QueryDefaultClustersPerIndexBuffer@NTFS_SA@@SGKPBVDP_DRIVE@@K@Z
?SafeQueryAttribute@NTFS_FRS_STRUCTURE@@QAEEKPAVNTFS_ATTRIBUTE@@0@Z
?Initialize@NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@E@Z
??0NTFS_ATTRIBUTE_RECORD@@QAE@XZ
?QueryLcnFromVcn@NTFS_EXTENT_LIST@@QBEEVBIG_INT@@PAV2@1@Z
?AllocateFileRecordSegment@NTFS_MASTER_FILE_TABLE@@QAEEPAVBIG_INT@@E@Z
?Resize@NTFS_ATTRIBUTE@@UAEEVBIG_INT@@PAVNTFS_BITMAP@@@Z
?AddExtent@NTFS_EXTENT_LIST@@QAEEVBIG_INT@@00@Z
?Initialize@NTFS_ATTRIBUTE_RECORD@@QAEEPAVIO_DP_DRIVE@@PAX@Z
?GetNext@NTFS_INDEX_TREE@@QAEPBU_INDEX_ENTRY@@PAKPAEE@Z
?Initialize@NTFS_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@VBIG_INT@@2@Z
?QueryAttributeList@NTFS_FRS_STRUCTURE@@QAEEPAVNTFS_ATTRIBUTE_LIST@@@Z
??1NTFS_ATTRIBUTE_DEFINITION_TABLE@@UAE@XZ

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1022B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fa4e32dfc1df4d77aeee93d1884bdac

Headers

DLL Characteristics

File Characteristics

Imports

comdlg32

kernel32

msvcrt40

advapi32

userenv

uniplat

untfs

Sections

.text Size: 25KB - Virtual size: 24KB

.data Size: 16KB - Virtual size: 15KB

.rsrc Size: 1024B - Virtual size: 1022B

.reloc Size: 512B - Virtual size: 224B

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 1024B - Virtual size: 1022B

.reloc
Size: 512B - Virtual size: 224B