eb22dbaf02643ddde17f07ea9351aea4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eb22dbaf02643ddde17f07ea9351aea4_JaffaCakes118
Size

85KB
MD5

eb22dbaf02643ddde17f07ea9351aea4
SHA1

8b6e5dcf8787dd59f215a25a74c88aa0d2ac3bac
SHA256

17c9fcf2cd9635aa771c798028a08214376ef4a81c5aec7b7153433fa737f66e
SHA512

179b7f76efb755f57923253379af878e4fdb837cf8118567e5f808b43dda26f5e12f4c1a43ca9d01a528bb964e9b71c493df2b8b0ccbd2d28f6932671f39fd1d
SSDEEP

1536:m9UGLhPWi7iWktDPjAk77MWdclc20HctQ+0XvIOnkNSiY5KoZz8Ng1u6+CmbR1lN:mrdRktDPjT7vclcxDfIOnkNPsKNkclY0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb22dbaf02643ddde17f07ea9351aea4_JaffaCakes118

Files

eb22dbaf02643ddde17f07ea9351aea4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

14660157d6cb2215706ed8650cd8a8ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp60

??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
??1?$basic_ofstream@DU?$char_traits@D@std@@@std@@UAE@XZ
?do_decimal_point@?$numpunct@D@std@@MBEDXZ
?_Init@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
??_7?$numpunct@G@std@@6B@
?_Getcat@?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIXZ
?is_open@?$basic_ifstream@GU?$char_traits@G@std@@@std@@QBE_NXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
?_Doraise@domain_error@std@@MBEXXZ
?cos@?$_Ctr@M@std@@SAMM@Z
?signaling_NaN@?$numeric_limits@O@std@@SAOXZ
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??1codecvt_base@std@@UAE@XZ
?compare@?$char_traits@G@std@@SAHPBG0I@Z
?get@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEGXZ
?hash@?$collate@D@std@@QBEJPBD0@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXXZ
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@

cfgmgr32

CM_Get_Class_Key_NameA
CM_Free_Res_Des
CM_Get_Global_State
CM_Get_Device_ID_List_SizeA
CM_Open_Class_Key_ExW
CM_Delete_Range
CM_Set_Class_Registry_PropertyW
CM_Query_Arbitrator_Free_Data_Ex
CM_Query_Remove_SubTree_Ex
CMP_WaitNoPendingInstallEvents
CM_Get_Depth
CM_Delete_Class_Key_Ex
CM_Get_Next_Res_Des
CM_Get_Device_Interface_List_SizeA
CM_Add_ID_ExW
CM_Run_Detection
CM_Get_Log_Conf_Priority_Ex
CM_Get_Device_ID_Size_Ex
CM_Register_Device_Interface_ExA
CM_Add_Res_Des_Ex
CM_Get_Resource_Conflict_DetailsA

msvcrt40

_scalb
?x_statebuf@ios@@0PAJA
_splitpath
towlower
?set_new_handler@@YAP6AXXZP6AXXZ@Z
??4ostream_withassign@@QAEAAVostream@@ABV1@@Z
_strset
_ismbcupper
?flags@ios@@QAEJJ@Z
_wfsopen
_tempnam
??0fstream@@QAE@PBDHH@Z
_ungetch
?close@fstream@@QAEXXZ
_spawnve
_heapadd
_mtlock
vwprintf
?out_waiting@streambuf@@QBEHXZ
_unlink
_lseeki64
_strerror

ntdll

RtlSetMemoryStreamSize
RtlWriteMemoryStream
ZwOpenJobObject
NtOpenSemaphore
NtSetUuidSeed
CsrCaptureMessageString
ZwQueryTimer
RtlInitializeAtomPackage
CsrSetPriorityClass
RtlUnicodeToOemN
NtAcceptConnectPort
RtlConvertUiListToApiList
NtSetThreadExecutionState
ZwWaitLowEventPair
RtlIsTextUnicode
KiUserExceptionDispatcher

kernel32

SetConsoleMenuClose
LoadLibraryA
lstrcmpA
PeekConsoleInputW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GlobalGetAtomNameA
SetVolumeLabelA
VirtualQuery
GetLastError
GetTickCount
OpenFileMappingW
SetCurrentDirectoryA
RtlCaptureStackBackTrace
GetCurrentThreadId
DosPathToSessionPathA
GetHandleInformation
HeapCreate
GetConsoleAliasW
GetStartupInfoA
UnhandledExceptionFilter
GetCurrentProcessId
SetSystemTime
RegisterConsoleOS2
EnumResourceLanguagesW
GetConsoleInputWaitHandle
IsDBCSLeadByte
GetModuleFileNameA
VirtualAlloc
WaitCommEvent
ReadFileEx

msdart

?IsReadUnlocked@CFakeLock@@QBE_NXZ
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock3@@SGNXZ
?ReadLock@CReaderWriterLock2@@QAEXXZ
?GetDefaultSpinCount@CCritSec@@SGGXZ
?BucketSize@CLKRHashTableStats@@SGJJ@Z
?TryReadLock@CFakeLock@@QAE_NXZ
?ReadUnlock@CReaderWriterLock@@QAEXXZ
??4CSpinLock@@QAEAAV0@ABV0@@Z
?IsWriteUnlocked@CReaderWriterLock3@@QBE_NXZ
?SetDefaultSpinCount@CReaderWriterLock@@SGXG@Z
?_CmpExch@CReaderWriterLock@@AAE_NJJ@Z
?WriteUnlock@CSpinLock@@QAEXXZ
?_CurrentThreadId@CSmallSpinLock@@CGJXZ

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14660157d6cb2215706ed8650cd8a8ab

Headers

DLL Characteristics

File Characteristics

Imports

msvcp60

cfgmgr32

msvcrt40

ntdll

kernel32

msdart

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 19KB - Virtual size: 60KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 248B

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 19KB - Virtual size: 60KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 248B