37967f97a97812dc24467163ad5b8965_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37967f97a97812dc24467163ad5b8965_JaffaCakes118
Size

76KB
MD5

37967f97a97812dc24467163ad5b8965
SHA1

adcac7af6a3ebf3ce3c046cc3fda80ec76f44191
SHA256

ef54dee2e0756fa3ae534793dd8038002756151540a67b174d0ba997ed863889
SHA512

bf429e79ac4af664042a8983b4a0103f932846412295f1f75bf228c8499ca7b0728ce7b6d80b2b1fcde44e5a9f0362efe6eae8361e812bfcfaf0280cd3275a8c
SSDEEP

1536:f9pN8mRSrL/CMBhWGYyvt8kM6q/f4yfsmaYk06uSwX0kRC3Vyj+JQbUK19iU:lpNIDC+hWGY2tVq4yURaVXTCwBUKmU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37967f97a97812dc24467163ad5b8965_JaffaCakes118

Files

37967f97a97812dc24467163ad5b8965_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3305b7c60e88710edeeddd5ba78c3cae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
ExitProcess
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_isctype
_onexit
_pctype
_setmode
abort
atexit
atoi
calloc
exit
fclose
free
fwrite
memcmp
memmove
signal
strchr
strcmp
vfprintf

libgcc_s_dw2-1

_Unwind_Resume
__deregister_frame_info
__register_frame_info

libstdc++-6

_ZN9__gnu_cxx18__exchange_and_addEPVii
_ZNKSs7compareEPKc
_ZNKSt13runtime_error4whatEv
_ZNKSt5ctypeIcE13_M_widen_initEv
_ZNSo3putEc
_ZNSo5flushEv
_ZNSo9_M_insertIxEERSoT_
_ZNSolsEi
_ZNSs4_Rep10_M_destroyERKSaIcE
_ZNSs4_Rep20_S_empty_rep_storageE
_ZNSs6appendEPKcj
_ZNSs6appendERKSs
_ZNSs6assignEPKc
_ZNSs6assignEPKcj
_ZNSs6assignERKSs
_ZNSs7reserveEj
_ZNSsC1EPKcRKSaIcE
_ZNSsC1EPKcjRKSaIcE
_ZNSsC1ERKSs
_ZNSsD1Ev
_ZNSt11logic_errorC1ERKSs
_ZNSt11logic_errorD1Ev
_ZNSt13runtime_errorC1ERKSs
_ZNSt13runtime_errorD1Ev
_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZNSt9exceptionD2Ev
_ZSt16__ostream_insertIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_PKS3_i
_ZSt16__throw_bad_castv
_ZSt17__throw_bad_allocv
_ZSt18_Rb_tree_decrementPKSt18_Rb_tree_node_base
_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPKSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPSt18_Rb_tree_node_base
_ZSt20__throw_out_of_rangePKc
_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_
_ZSt4cerr
_ZSt4cout
_ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_
_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
_ZStlsIcSt11char_traitsIcESaIcEERSt13basic_ostreamIT_T0_ES7_RKSbIS4_S5_T1_E
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVSt13runtime_error
_ZdaPv
_ZdlPv
_Znwj
__cxa_allocate_exception
__cxa_begin_catch
__cxa_end_catch
__cxa_free_exception
__cxa_get_exception_ptr
__cxa_pure_virtual
__cxa_rethrow
__cxa_throw
__gxx_personality_v0

qpdf13

_ZN10Pl_DiscardC1Ev
_ZN10Pl_DiscardD1Ev
_ZN10QPDFWriter10setQDFModeEb
_ZN10QPDFWriter11setStaticIDEb
_ZN10QPDFWriter14setStaticAesIVEb
_ZN10QPDFWriter15forcePDFVersionERKSsi
_ZN10QPDFWriter16setLinearizationEb
_ZN10QPDFWriter17setOutputPipelineEP8Pipeline
_ZN10QPDFWriter17setStreamDataModeE18qpdf_stream_data_e
_ZN10QPDFWriter19setObjectStreamModeE20qpdf_object_stream_e
_ZN10QPDFWriter20setMinimumPDFVersionERKSsi
_ZN10QPDFWriter21setPreserveEncryptionEb
_ZN10QPDFWriter23setContentNormalizationEb
_ZN10QPDFWriter24copyEncryptionParametersER4QPDF
_ZN10QPDFWriter25setR2EncryptionParametersEPKcS1_bbbb
_ZN10QPDFWriter25setR3EncryptionParametersEPKcS1_bb15qpdf_r3_print_e16qpdf_r3_modify_e
_ZN10QPDFWriter25setR4EncryptionParametersEPKcS1_bb15qpdf_r3_print_e16qpdf_r3_modify_ebb
_ZN10QPDFWriter25setR5EncryptionParametersEPKcS1_bb15qpdf_r3_print_e16qpdf_r3_modify_eb
_ZN10QPDFWriter25setR6EncryptionParametersEPKcS1_bb15qpdf_r3_print_e16qpdf_r3_modify_eb
_ZN10QPDFWriter28setSuppressOriginalObjectIDsEb
_ZN10QPDFWriter5writeEv
_ZN10QPDFWriterC1ER4QPDF
_ZN10QPDFWriterC1ER4QPDFPKc
_ZN10QPDFWriterD1Ev
_ZN12Pl_StdioFileC1EPKcP6_iobuf
_ZN12Pl_StdioFileD1Ev
_ZN16QPDFObjectHandle11getIntValueEv
_ZN16QPDFObjectHandle13getPageImagesEv
_ZN16QPDFObjectHandle14pipeStreamDataEP8Pipelinebbb
_ZN16QPDFObjectHandle15getPageContentsEv
_ZN16QPDFObjectHandle15unparseResolvedEv
_ZN16QPDFObjectHandle18parseContentStreamES_PNS_15ParserCallbacksE
_ZN16QPDFObjectHandle6getKeyERKSs
_ZN16QPDFObjectHandle7getDictEv
_ZN16QPDFObjectHandle7newNullEv
_ZN16QPDFObjectHandle7unparseEv
_ZN16QPDFObjectHandle8isStreamEv
_ZN3QTC2TCEPKcS1_i
_ZN4QPDF10removePageE16QPDFObjectHandle
_ZN4QPDF11QPDFVersionEv
_ZN4QPDF11getAllPagesEv
_ZN4QPDF11getWarningsEv
_ZN4QPDF11isEncryptedERiS0_S0_RNS_19encryption_method_eES2_S2_
_ZN4QPDF11processFileEPKcS1_
_ZN4QPDF12isLinearizedEv
_ZN4QPDF13getObjectByIDEii
_ZN4QPDF13replaceObjectERK10QPDFObjGen16QPDFObjectHandle
_ZN4QPDF13showXRefTableEv
_ZN4QPDF14allowModifyAllEv
_ZN4QPDF15allowExtractAllEv
_ZN4QPDF15allowModifyFormEv
_ZN4QPDF16allowModifyOtherEv
_ZN4QPDF16allowPrintLowResEv
_ZN4QPDF17allowPrintHighResEv
_ZN4QPDF17getExtensionLevelEv
_ZN4QPDF18allowAccessibilityEv
_ZN4QPDF18checkLinearizationEv
_ZN4QPDF18setAttemptRecoveryEb
_ZN4QPDF19allowModifyAssemblyEv
_ZN4QPDF20setIgnoreXRefStreamsEb
_ZN4QPDF21allowModifyAnnotationEv
_ZN4QPDF21showLinearizationDataEv
_ZN4QPDF29pushInheritedAttributesToPageEv
_ZN4QPDF7addPageE16QPDFObjectHandleb
_ZN4QPDF7getRootEv
_ZN4QPDF8emptyPDFEv
_ZN4QPDFC1Ev
_ZN4QPDFD1Ev
_ZN5QUtil10safe_fopenEPKcS1_
_ZN5QUtil10setLineBufEP6_iobuf
_ZN5QUtil11copy_stringERKSs
_ZN5QUtil13binary_stdoutEv
_ZN5QUtil13int_to_stringExi
_ZN5QUtil9getWhoamiEPc
_ZNK16QPDFObjectHandle11getObjectIDEv
_ZNK16QPDFObjectHandle13getGenerationEv
_ZNK16QPDFObjectHandle9getObjGenEv
_ZNK4QPDF13getPDFVersionEv
_ZNK4QPDF22getTrimmedUserPasswordEv

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 128B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3305b7c60e88710edeeddd5ba78c3cae

Headers

File Characteristics

Imports

kernel32

msvcrt

libgcc_s_dw2-1

libstdc++-6

qpdf13

Sections

.text Size: 47KB - Virtual size: 46KB

.data Size: 512B - Virtual size: 16B

.rdata Size: 14KB - Virtual size: 14KB

/4 Size: 4KB - Virtual size: 4KB

.bss Size: - Virtual size: 128B

.idata Size: 7KB - Virtual size: 7KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.text
Size: 47KB - Virtual size: 46KB

.data
Size: 512B - Virtual size: 16B

.rdata
Size: 14KB - Virtual size: 14KB

/4
Size: 4KB - Virtual size: 4KB

.bss
Size: - Virtual size: 128B

.idata
Size: 7KB - Virtual size: 7KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B