fccc2433cf56d5bbac497b36640a35db_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fccc2433cf56d5bbac497b36640a35db_JaffaCakes118
Size

85KB
MD5

fccc2433cf56d5bbac497b36640a35db
SHA1

72f5e2e767f071eb5cf710b38f492afa01f71843
SHA256

d5d4a9f89af09959c84f1f2eb2406b8fa73497a07d2274b46083a84984e3d791
SHA512

6b3242b38b89d65bdf74dc782a1983b5d7763c3bbe9d0b90204e632c0f5f6f21fddc7ddc0511d9edcfb52716fe2ce0926356cdd2fa653d33c51526470f370d17
SSDEEP

1536:oMNUZtAltkek+kzRIAj5y7XohweNdHMlKKtFX83MbwLb7ZHvKM1:fNUoltkekrII52XSN2zg3wM1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fccc2433cf56d5bbac497b36640a35db_JaffaCakes118

Files

fccc2433cf56d5bbac497b36640a35db_JaffaCakes118
.exe windows:5 windows x86 arch:x86

84aba311a83cf78c5dfa61dc023d2277

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msdart

?sm_dblDfltSpinAdjFctr@CSpinLock@@1NA
?_TryReadLockRecursive@CReaderWriterLock3@@AAE_NXZ
?_InsertThisIntoGlobalList@CLKRHashTable@@AAEXXZ
?IsWriteLocked@CLKRHashTable@@QBE_NXZ
?Lock@CLockedDoubleList@@QAEXXZ
?_TryReadLock@CReaderWriterLock@@AAE_NXZ
?GetSpinCount@CReaderWriterLock2@@QBEGXZ
?WriteUnlock@CSpinLock@@QAEXXZ
IrtlTrace
?_SegIndex@CLKRLinearHashTable@@ABEKK@Z
?IsLocked@CLockedDoubleList@@QBE_NXZ
?sm_wDefaultSpinCount@CSpinLock@@1GA
?IsWriteLocked@CFakeLock@@QBE_NXZ
?IsWriteUnlocked@CReaderWriterLock3@@QBE_NXZ
?_PredTrue@CLKRLinearHashTable@@CG?AW4LK_PREDICATE@@PBXPAX@Z
?RemoveEntry@CDoubleList@@SGXQAVCListEntry@@@Z
?SetSpinCount@CSpinLock@@QAE_NG@Z
mpRealloc

kernel32

GetExpandedNameA
AddAtomW
GetThreadContext
GetTickCount
OpenProcess
InterlockedIncrement
QueryPerformanceCounter
BaseFlushAppcompatCache
UTRegister
GetStartupInfoA
FillConsoleOutputCharacterA
GetDriveTypeA
LoadLibraryA
VirtualAlloc
GlobalFree
GetTimeFormatW
GetSystemTimeAsFileTime
GetCurrentThreadId
SetProcessWorkingSetSize
GetConsoleFontInfo
CreateEventW
GetCurrentProcessId
GetModuleHandleW
GetPrivateProfileSectionNamesA
SetComPlusPackageInstallStatus
GetLogicalDriveStringsW
SetProcessPriorityBoost
FindActCtxSectionGuid

msvcrt40

_sopen
fputc
??0ios@@QAE@PAVstreambuf@@@Z
_iob
_strset
??0ofstream@@QAE@ABV0@@Z
??_8strstream@@7Bostream@@@
?open@ofstream@@QAEXPBDHH@Z
?init@ios@@IAEXPAVstreambuf@@@Z
_amsg_exit

mmcbase

?InternalRelease@CMMCStrongReferences@@AAEKXZ
?GetHinst@SC@mmcerror@@SGPAUHINSTANCE__@@XZ
?MMCErrorBox@@YGHII@Z
?IsLocked@CEventBuffer@@QAE_NXZ
?GetHWnd@SC@mmcerror@@SGPAUHWND__@@XZ
?Trace_@SC@mmcerror@@QBEXXZ
??9SC@mmcerror@@QBE_NJ@Z
?GetHelpFile@SC@mmcerror@@SGPBGXZ
?Unlock@CEventBuffer@@QAEXXZ
?ScFlushPostponed@CEventBuffer@@AAE?AVSC@mmcerror@@XZ
?MMCErrorBox@@YGHVSC@mmcerror@@I@Z
?HrFromSc@@YGJABVSC@mmcerror@@@Z
?AddRef@CMMCStrongReferences@@SGKXZ
??0CEventBuffer@@QAE@ABV0@@Z
?SetHinst@SC@mmcerror@@SGXPAUHINSTANCE__@@@Z
??0CEventBuffer@@QAE@XZ
?GetMainThreadID@SC@mmcerror@@SGKXZ
?FromLastError@SC@mmcerror@@QAEAAV12@XZ
?GetComObjectEventSource@@YGAAV?$CEventSource@VCComObjectObserver@@VCVoid@@V2@V2@V2@@@XZ

mspatcha

TestApplyPatchToFileW
ApplyPatchToFileA
ApplyPatchToFileExW
TestApplyPatchToFileByHandles
ApplyPatchToFileW
GetFilePatchSignatureA
TestApplyPatchToFileA
ApplyPatchToFileExA
ApplyPatchToFileByHandles
ApplyPatchToFileByHandlesEx
GetFilePatchSignatureByHandle
GetFilePatchSignatureW

advapi32

LsaEnumerateTrustedDomains
BuildTrusteeWithObjectsAndSidA
CryptDuplicateKey
CryptImportKey
LsaOpenPolicy
GetExplicitEntriesFromAclA
BuildTrusteeWithSidW
RegUnLoadKeyW
TreeResetNamedSecurityInfoW
AddAuditAccessObjectAce
CreateServiceW
LsaSetTrustedDomainInformation
BuildImpersonateExplicitAccessWithNameW
SetFileSecurityA
DecryptFileA

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84aba311a83cf78c5dfa61dc023d2277

Headers

DLL Characteristics

File Characteristics

Imports

msdart

kernel32

msvcrt40

mmcbase

mspatcha

advapi32

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 18KB - Virtual size: 51KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 296B

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 18KB - Virtual size: 51KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 296B