eb66b7da999a68c8be6009730b056a51_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eb66b7da999a68c8be6009730b056a51_JaffaCakes118
Size

419KB
MD5

eb66b7da999a68c8be6009730b056a51
SHA1

4678cf55af2bc54adad9c6218a8fc904eed9cc66
SHA256

3efdb19a5775917760932f9c950d80f6600e30b3f046e8170c616c28f1cd5514
SHA512

8573795b9bf5ff37672a1c76f1f8430057a91ad0aed51f2c9c13857b2669b07c748776ef6c5a69e0486bfeb15cda92ee829c9c2d56046cfdfcd6ce921d1ab2fe
SSDEEP

12288:BwKVoVA1wt8aXjGNZKdrIhdqYNYVixEqzy:BPoVA1/idrICYAq+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb66b7da999a68c8be6009730b056a51_JaffaCakes118

Files

eb66b7da999a68c8be6009730b056a51_JaffaCakes118
.exe windows:6 windows x86 arch:x86

4394a6607ed27cca32acda85a0c5ad17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\chmconsole\chmconsole\Release\chm_client.pdb

Imports

kernel32

CreateProcessA
GetExitCodeProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentThread
GetThreadContext
GetCurrentProcess
LoadLibraryExA
GetProcAddress
GetCurrentDirectoryA
GetModuleHandleA
IsDebuggerPresent
ExitProcess
GetTickCount64
WinExec
GetModuleFileNameA
TerminateThread
CreateThread
SetConsoleTitleA
SetConsoleMode
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
GetTickCount
SetConsoleCursorPosition
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
Sleep
GetStdHandle
FreeLibrary
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
VerifyVersionInfoA
FormatMessageA
CloseHandle
WaitForSingleObjectEx
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
EncodePointer
DecodePointer
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
SetConsoleTextAttribute

user32

GetWindowThreadProcessId
FindWindowA

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptEncrypt
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
GetCurrentHwProfileA

shell32

ShellExecuteA

msvcp120

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_BADOFF@std@@3_JB
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?always_noconv@codecvt_base@std@@QBE_NXZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sync@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
?_Winerror_map@std@@YAPBDH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uncaught_exception@std@@YA_NXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

ws2_32

listen
accept
recvfrom
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
sendto
ioctlsocket
gethostname
htonl
ntohl
freeaddrinfo

crypt32

CertFreeCertificateContext

wldap32

ord301
ord200
ord30
ord79
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord46
ord143
ord35
ord211

normaliz

IdnToAscii

iphlpapi

GetAdaptersInfo

msvcr120

_strdup
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
?terminate@@YAXXZ
_except1
_commode
_fmode
__initenv
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
_read
_write
_close
_open
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_CxxThrowException
__CxxFrameHandler3
??3@YAXPAX@Z
malloc
sprintf
free
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
memmove
_purecall
exit
rand
srand
remove
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
fflush
fputc
fwrite
setvbuf
fgetpos
_fseeki64
fsetpos
memcpy_s
ungetc
fgetc
_unlock_file
_lock_file
fclose
memchr
_time64
atoi
rename
strstr
realloc
calloc
memset
isxdigit
strtoul
memcpy
strchr
strncmp
strrchr
__iob_func
fgets
fopen
fputs
sscanf
qsort
strtoll
strncpy
_errno
tolower
fread
fseek
isalpha
strpbrk
strtol
isdigit
isspace
isalnum
_gmtime64
strerror
__sys_nerr
_beginthreadex
_lseeki64
_fstat64
_getpid
getenv
_stat64
isupper
islower
isprint
isgraph
??1type_info@@UAE@XZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4394a6607ed27cca32acda85a0c5ad17

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

msvcp120

ws2_32

crypt32

wldap32

normaliz

iphlpapi

msvcr120

Sections

.text Size: 304KB - Virtual size: 304KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 304KB - Virtual size: 304KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 17KB - Virtual size: 16KB