04069e34031c870eaed285d1690fec23_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

04069e34031c870eaed285d1690fec23_JaffaCakes118
Size

385KB
MD5

04069e34031c870eaed285d1690fec23
SHA1

99b67590d9bf8b66ec498a6df9287d25e84127c1
SHA256

f99a33861b0fa5db0532d58ab5457767f38f5bd7d87b75c3d7bbf2792bfa8084
SHA512

7e10f3281b247b732b823a3181222a6c3f7bce66535f245720bf1dcf58c36f6c504784eb1805e704d31cbc014106572b17464d11f0640c0fbec4c6fb0598eece
SSDEEP

12288:Mr0M8H8cy1DFqM1NCh0s1416cfOmdbMDef0:q0HccKRTrCh0syhJ+qc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04069e34031c870eaed285d1690fec23_JaffaCakes118

Files

04069e34031c870eaed285d1690fec23_JaffaCakes118
.exe windows:5 windows x86 arch:x86

870199ffd022d42a4bb66307aa61749a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCalendarInfoW
GetCommConfig
RegisterWaitForSingleObject
FindClose
VirtualAlloc
SetConsoleNumberOfCommandsA
GetProcessPriorityBoost
AddAtomW
Module32Next
SetLocaleInfoW
OpenWaitableTimerW
GetExitCodeThread
GetProcessWorkingSetSize
DeleteCriticalSection
TerminateJobObject
ReadConsoleA
GetSystemTimeAsFileTime
HeapValidate
WaitForMultipleObjectsEx
ReadConsoleOutputA
GetSystemDefaultLangID
GetCPInfoExW
BaseUpdateAppcompatCache
CreateProcessInternalW
DebugSetProcessKillOnExit
GetTickCount
OpenSemaphoreA
GetProcessTimes
GetModuleFileNameA
GetSystemDefaultUILanguage
IsProcessInJob
EnumSystemLanguageGroupsW
GetConsoleCursorMode
CreateMutexW
ReadConsoleInputW
GetFileAttributesA
OutputDebugStringA
GetLastError
QueryPerformanceCounter
SetCriticalSectionSpinCount
ProcessIdToSessionId
LoadLibraryA
GetSystemWindowsDirectoryA
WriteConsoleOutputA
GetConsoleCommandHistoryA
LocalLock
SetLastConsoleEventActive
lstrcpyA
GetQueuedCompletionStatus
LZClose

ntdll

ZwSetBootEntryOrder
RtlTimeFieldsToTime
ZwListenPort
wcscspn
RtlAnsiCharToUnicodeChar
NtDeleteAtom
vDbgPrintExWithPrefix
RtlAddAccessAllowedAceEx
RtlSelfRelativeToAbsoluteSD2
RtlQueryDepthSList
RtlCompressBuffer
_ftol
RtlLookupAtomInAtomTable
ZwSetTimer
ZwCompleteConnectPort
RtlFillMemory
NtAddAtom
ZwSetInformationKey
RtlMapSecurityErrorToNtStatus
tolower
RtlDecompressBuffer
RtlCopySidAndAttributesArray
RtlCreateBootStatusDataFile
ZwLoadDriver
ZwSetVolumeInformationFile
RtlAllocateAndInitializeSid
ZwSaveKeyEx
RtlExitUserThread
RtlComputeCrc32
RtlPushFrame
RtlDeactivateActivationContext
ZwPrivilegeObjectAuditAlarm
RtlAllocateHandle
ZwContinue
RtlDeleteNoSplay
RtlDebugPrintTimes
NtSetInformationJobObject
RtlImageNtHeader
RtlNewInstanceSecurityObject
RtlCreateAndSetSD
NtQueryDirectoryObject
ZwQuerySemaphore

secur32

ImpersonateSecurityContext
InitializeSecurityContextW
SaslInitializeSecurityContextA
LsaGetLogonSessionData
ExportSecurityContext
LsaCallAuthenticationPackage
DecryptMessage
GetUserNameExW
VerifySignature
GetSecurityUserInfo
SecpFreeMemory
LsaConnectUntrusted
CredUnmarshalTargetInfo
SaslGetProfilePackageW
QueryCredentialsAttributesA
SaslIdentifyPackageW
EnumerateSecurityPackagesA
CredMarshalTargetInfo
LsaFreeReturnBuffer
LsaDeregisterLogonProcess
SaslInitializeSecurityContextW
SetContextAttributesW
InitSecurityInterfaceW
InitSecurityInterfaceA
QuerySecurityContextToken
QueryCredentialsAttributesW
GetComputerObjectNameA
FreeContextBuffer
GetComputerObjectNameW
DeleteSecurityContext
LsaEnumerateLogonSessions
ImportSecurityContextA
SecpTranslateName

avifil32

AVIStreamWriteData
AVISaveOptionsFree
AVIStreamOpenFromFile
AVIStreamOpenFromFileA
AVIStreamGetFrameClose
AVISaveV
AVIStreamOpenFromFileW
AVIBuildFilterA
IID_IGetFrame
AVIStreamStart
EditStreamSetInfoA
AVIFileExit
AVIStreamSampleToTime
AVIFileAddRef
AVIStreamSetFormat
AVISaveOptions
AVIMakeCompressedStream
AVIFileRelease
AVIFileOpenA
AVIStreamInfoW
EditStreamPaste
AVIStreamTimeToSample
EditStreamSetInfo
AVIMakeFileFromStreams
CreateEditableStream
AVIStreamCreate
AVIStreamReadData
AVIStreamEndStreaming
AVIFileCreateStreamA
AVISaveA

msvcrt

__p__winminor
__argv
strerror
??1__non_rtti_object@@UAE@XZ
_daylight
iswprint
_spawnle
exit
_getdiskfree
_fstati64
_getmaxstdio
__iob_func
__p__wcmdln
_wcsset
__p__commode
atan
_eof
??0bad_typeid@@QAE@PBD@Z
_wmktemp
_mbsninc
_commode
_logb
_wsopen
??1bad_cast@@UAE@XZ
__set_app_type
_execle
??_7exception@@6B@
strxfrm
_mbschr
_futime64
_loaddll
??_Ebad_typeid@@UAEPAXI@Z
_mkdir
memcpy
_CxxThrowException
srand
__wargv
tmpfile
_isatty
_ftol
_wcsupr
_stat
_CItanh
__initenv
_wexecvpe
perror
__getmainargs

user32

TrackPopupMenu
SwitchToThisWindow
CreateDialogIndirectParamW
DdeKeepStringHandle
FreeDDElParam
ToUnicodeEx
DefDlgProcW
AnyPopup
ScrollWindowEx
DrawFocusRect
LoadMenuIndirectA
EndDialog
GetClipboardViewer
RegisterTasklist
CopyAcceleratorTableA
WinHelpA
GetCursor
UnregisterClassW
GetProcessDefaultLayout
RegisterClassA
ScrollWindow
RegisterClassExW
RegisterClipboardFormatA
DialogBoxParamA
CheckRadioButton
LoadImageW
SetWindowRgn
GetDlgItem

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 533KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

870199ffd022d42a4bb66307aa61749a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

secur32

avifil32

msvcrt

user32

Sections

.text Size: 173KB - Virtual size: 173KB

.rdata Size: 158KB - Virtual size: 158KB

.data Size: 45KB - Virtual size: 533KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 173KB - Virtual size: 173KB

.rdata
Size: 158KB - Virtual size: 158KB

.data
Size: 45KB - Virtual size: 533KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 1024B