0c1f41209637acc85ff54fe9637705c3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0c1f41209637acc85ff54fe9637705c3_JaffaCakes118
Size

406KB
MD5

0c1f41209637acc85ff54fe9637705c3
SHA1

bd18929753f307a029265c93fc3071ad367caa4f
SHA256

d59f80b94d31972205b8e692262e7e1b0f6364fdd326809ecf2825fc47cc6a0c
SHA512

0d4c46aec6a1f44d06288e9e88d59371ec5df54930c3f0b816f994c68018227077e4f32f19485a4b2e4dca6e03fdf60782a04cf50606f0305817ea893c473099
SSDEEP

6144:htsLUFXtryClaD+M8+DnEfarfH1baP9adwOnSuU/5UZoRGtXTIjiZX:hyC4EEfH1eZOnSYnMsX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c1f41209637acc85ff54fe9637705c3_JaffaCakes118

Files

0c1f41209637acc85ff54fe9637705c3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ea791ef0a85549fd3c59b1a00020ceff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetStringTypeA
IsDBCSLeadByteEx
IsBadReadPtr
HeapCreate
GetPrivateProfileStringA
DeviceIoControl
GetPriorityClass
InterlockedCompareExchange
CancelTimerQueueTimer
EnumResourceTypesA
GetLocaleInfoA
GetStartupInfoA
SetEnvironmentVariableA
IsBadHugeWritePtr
LoadLibraryA
GetHandleInformation
EnumSystemLanguageGroupsW
GetCommandLineA
GetModuleHandleW
GetProcAddress
FreeUserPhysicalPages
GlobalFindAtomA
CallNamedPipeW
CreateSemaphoreA
GetDriveTypeW
ReadConsoleInputW
FillConsoleOutputAttribute
TlsFree
SetConsoleScreenBufferSize
SetConsoleInputExeNameA
GetMailslotInfo
CreateProcessInternalW
VirtualAlloc

gdi32

SelectBrushLocal
AnimatePalette
DdEntry47
DdEntry41
EnumObjects
GetCharWidthInfo
PathToRegion
GdiGetSpoolFileHandle
AbortPath
CreateDIBitmap
DdEntry13
DdEntry6
FONTOBJ_pxoGetXform
DdEntry29
GetTextCharacterExtra
GdiIsMetaPrintDC
ExcludeClipRect
GetObjectType
SetLayoutWidth
GdiSetAttrs
CopyMetaFileA
CheckColorsInGamut
GetColorAdjustment
EngStretchBltROP
CloseEnhMetaFile
EngStrokeAndFillPath
GdiConvertBitmap
GetTextExtentPoint32W
PolyBezierTo
GetRandomRgn

crtdll

fgetpos
_endthread
_ismbcspace
gmtime
_pipe
_rmtmp
_ismbcalpha
strncmp
_initterm
_mbsncpy
_mbsset
_strrev
_findnext
srand
isgraph
_ismbcprint
_chsize
_spawnve
setbuf
wcscoll
_fcvt
atan
_yn
_strdup
ctime

ntdll

RtlpApplyLengthFunction
NtSetTimer
RtlEnumerateGenericTableAvl
RtlUpcaseUnicodeStringToCountedOemString
RtlSetCurrentEnvironment
ZwOpenThread
RtlDeleteResource
ZwCreateEventPair
LdrGetDllHandle
RtlIsTextUnicode
ZwAllocateUuids
RtlAddAtomToAtomTable
DbgUiGetThreadDebugObject
RtlMakeSelfRelativeSD
RtlUnicodeToOemN
NtAccessCheckByTypeResultListAndAuditAlarm
RtlQueryTimeZoneInformation
RtlUpperChar
NtQuerySystemEnvironmentValue
NtCreateSemaphore
ZwSetIntervalProfile
NtCreateDirectoryObject
ZwSetBootEntryOrder
RtlAssert

msvcirt

??_7iostream@@6B@
??_8ofstream@@7B@
??0ios@@QAE@PAVstreambuf@@@Z
??4ostream@@IAEAAV0@PAVstreambuf@@@Z
??_Elogic_error@@UAEPAXI@Z
?open@ifstream@@QAEXPBDHH@Z
?ends@@YAAAVostream@@AAV1@@Z
__dummy_export
?opfx@ostream@@QAEHXZ
?is_open@ofstream@@QBEHXZ
??5istream@@QAEAAV0@AAH@Z
??0streambuf@@IAE@PADH@Z
?setlock@ios@@QAAXXZ
??_7stdiostream@@6B@
??_8ostream@@7B@
??6ostream@@QAEAAV0@PBX@Z
?sputbackc@streambuf@@QAEHD@Z
?openprot@filebuf@@2HB
??6ostream@@QAEAAV0@PAVstreambuf@@@Z
??_7logic_error@@6B@
?unsetf@ios@@QAEJJ@Z
??_8strstream@@7Bostream@@@
?seekpos@streambuf@@UAEJJH@Z
??6ostream@@QAEAAV0@F@Z
?unbuffered@streambuf@@IBEHXZ
?unbuffered@streambuf@@IAEXH@Z
?fd@ofstream@@QBEHXZ

user32

EndDialog
MessageBoxA

msvcrt

_isctype
_telli64
??_Gbad_typeid@@UAEPAXI@Z
_wcmdln
??_Fbad_typeid@@QAEXXZ
_wrename
_wfopen
ctime
log
__setusermatherr
_wmakepath
_lsearch
_dup2
_unlock
_assert
_ismbcgraph
_loaddll
time
strrchr
_daylight
_sys_errlist
calloc
_mbsupr
setvbuf
??_U@YAPAXI@Z

ole32

CreateAntiMoniker
CoReleaseMarshalData
CoDisableCallCancellation
CoGetStdMarshalEx
HDC_UserFree
MonikerCommonPrefixWith
OleGetIconOfClass
OleConvertOLESTREAMToIStorage
CoRetireServer
SetDocumentBitStg
OleCreateLinkFromData
PropSysFreeString
StgGetIFillLockBytesOnILockBytes
CoGetComCatalog
CoCancelCall
StgCreateStorageEx
SetErrorInfo
CoGetPSClsid
ReadStringStream
IsEqualGUID

shell32

SHGetMalloc

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 525KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea791ef0a85549fd3c59b1a00020ceff

Headers

File Characteristics

Imports

kernel32

gdi32

crtdll

ntdll

msvcirt

user32

msvcrt

ole32

shell32

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 159KB - Virtual size: 159KB

.data Size: 136KB - Virtual size: 525KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 101KB - Virtual size: 101KB

.reloc Size: 512B - Virtual size: 328B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 159KB - Virtual size: 159KB

.data
Size: 136KB - Virtual size: 525KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 101KB - Virtual size: 101KB

.reloc
Size: 512B - Virtual size: 328B