ed6880ef16a3d29eef8beef1feb5da70_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ed6880ef16a3d29eef8beef1feb5da70_JaffaCakes118
Size

46KB
MD5

ed6880ef16a3d29eef8beef1feb5da70
SHA1

5f0304a76059d251c6091198c9ccf94bc271840d
SHA256

a2c21ab8d973120c33258b48d5f5db385071377e463c1a5d81d692b4ed686224
SHA512

d6c7b82a0d31cd6a9f88e8bc8c162ad2c6d8480f2bedd975450a5b0554780983d7b1b0e6f05f408d427e261d6c814eebc3b4ebdf36de22b104258a3c9dbb47b0
SSDEEP

768:F3y1Yx37byWovEaKhrUm/c90kBstLbKQlMPDCeY6NvBkgsVRuEDtiid/lLBjK:8onTxam098tLOLDygvBDi8EDoifM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed6880ef16a3d29eef8beef1feb5da70_JaffaCakes118

Files

ed6880ef16a3d29eef8beef1feb5da70_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e33ff8256b72eb59b36eeec0014c9eb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateFreeThreadedMarshaler
CoSetProxyBlanket
CoTaskMemRealloc
PropStgNameToFmtId
FreePropVariantArray
OleGetAutoConvert
ComPs_NdrDllCanUnloadNow
OleInitialize
CoResumeClassObjects
OleGetClipboard
STGMEDIUM_UserUnmarshal
CoSuspendClassObjects
OleGetIconOfClass
CoGetInterceptorFromTypeInfo
GetClassFile
OleRegGetUserType
OleDoAutoConvert
CoGetInstanceFromFile
CoRevokeMallocSpy
OleTranslateAccelerator
WdtpInterfacePointer_UserSize
SNB_UserUnmarshal
STGMEDIUM_UserMarshal
CLIPFORMAT_UserMarshal
SNB_UserFree
IsAccelerator

msvcp60

?_Getcat@?$moneypunct@G$0A@@std@@SAIXZ
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAN@Z
?open@?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXPBDF@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??4?$basic_fstream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
?open@?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEXPBDF@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEHPBGH@Z
_Eps
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@V32@H@Z
?do_compare@?$collate@D@std@@MBEHPBD000@Z
??Xstd@@YAAAV?$complex@M@0@AAV10@ABV10@@Z
?signaling_NaN@?$numeric_limits@K@std@@SAKXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$messages@D@std@@QAE@I@Z
_Denorm
?scan_not@?$ctype@D@std@@QBEPBDFPBD0@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAPAX@Z
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?norm@std@@YANABV?$complex@N@1@@Z
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
??_8?$basic_fstream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@

msvcrt40

??4ostrstream@@QAEAAV0@ABV0@@Z
_findclose
_pgmptr
__p__environ
_ismbcpunct
_lrotr
iswlower
_read
gmtime
iswascii
??_Gostream@@UAEPAXI@Z
_wfopen
__winitenv
?get@istream@@QAEAAV1@AAC@Z
_yn
?flags@ios@@QAEJJ@Z
__pxcptinfoptrs
??4streambuf@@QAEAAV0@ABV0@@Z
_tzname
_fpieee_flt

kernel32

LockFile
AddConsoleAliasW
LCMapStringW
GetModuleHandleA
lstrcpyW
ChangeTimerQueueTimer
GetTempFileNameW
EnumResourceNamesA
VirtualProtect
HeapUnlock
GlobalAlloc
ReadConsoleOutputCharacterW
GetPrivateProfileSectionNamesA
LoadLibraryA
UnlockFileEx
SetErrorMode
_lcreat
GlobalMemoryStatusEx
GetOEMCP
VirtualAlloc
LeaveCriticalSection
GetProfileIntA
DosPathToSessionPathW
WriteProcessMemory
GetUserDefaultLangID
IsDebuggerPresent
FormatMessageA
VirtualQuery
FreeUserPhysicalPages

mswsock

AcceptEx
rcmd
GetServiceA
StartWsdpService
GetTypeByNameW
MigrateWinsockConfiguration
sethostname
NSPStartup
GetNameByTypeW
StopWsdpService
GetAcceptExSockaddrs
GetTypeByNameA
WSARecvEx
inet_network
rresvport
TransmitFile
GetNameByTypeA
GetServiceW
WSPStartup
SetServiceA
rexec
EnumProtocolsA
GetAddressByNameW
dn_expand

rpcrt4

I_RpcServerInqLocalConnAddress
NdrCStdStubBuffer_Release
NDRCContextBinding
IUnknown_QueryInterface_Proxy
UuidCompare
NdrpReleaseTypeGenCookie
NdrDllGetClassObject
RpcServerUseAllProtseqsIf
I_RpcServerAllocateIpPort
RpcAsyncAbortCall
I_RpcAllocate
RpcErrorGetNextRecord
RpcRevertToSelfEx
RpcSsGetThreadHandle
NdrRpcSmSetClientToOsf
double_array_from_ndr
RpcSsFree
DllRegisterServer
long_array_from_ndr
NdrTypeUnmarshall
NdrByteCountPointerUnmarshall
NdrClearOutParameters

cfgmgr32

CM_Create_DevNode_ExW
CMP_Init_Detection
CM_Query_Arbitrator_Free_Data_Ex
CM_Modify_Res_Des_Ex
CM_Get_HW_Prof_Flags_ExA
CM_Get_Class_Key_NameA
CM_Set_DevNode_Problem_Ex
CM_Set_HW_Prof
CM_Get_Sibling
CM_Move_DevNode
CM_Free_Range_List
CM_Query_Arbitrator_Free_Data
CM_Is_Dock_Station_Present_Ex
CM_Get_Device_Interface_AliasA
CM_Query_Remove_SubTree_Ex
CM_Get_Child
CM_Reenumerate_DevNode_Ex
CM_Set_Class_Registry_PropertyA
CM_Free_Res_Des_Handle
CM_Setup_DevNode_Ex

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e33ff8256b72eb59b36eeec0014c9eb2

Headers

DLL Characteristics

File Characteristics

Imports

ole32

msvcp60

msvcrt40

kernel32

mswsock

rpcrt4

cfgmgr32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 14KB - Virtual size: 39KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 204B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 14KB - Virtual size: 39KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 204B