0e36df201feaeb996a423d886daa6658_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0e36df201feaeb996a423d886daa6658_JaffaCakes118
Size

864KB
MD5

0e36df201feaeb996a423d886daa6658
SHA1

4d4500f8cd372cb3a4f27453eb32d12c394f81c6
SHA256

3864ed57f92f4be3ad94aec05e549c06f87a688adfdf3dbf4d974cec1deaa43d
SHA512

3184e295446a6570f61a327c62f938155f38dff4e2c2c26e3779fbc31ace8bc6718104a0865fe9ba4d9889835ba67dc39a6fd1431a3454bfc2cf22571089a6ac
SSDEEP

24576:ehhO58XpU521MqE4eGKed1vyqo5sCSDZxuqRL:GW8XGSEIKe7yluCSPDRL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e36df201feaeb996a423d886daa6658_JaffaCakes118

Files

0e36df201feaeb996a423d886daa6658_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a8540844cac7ef969d7e06acce14fd69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProfileUserMapping
EraseTape
GenerateConsoleCtrlEvent
EnumCalendarInfoW
DeleteFileA
GetProcessId
LoadLibraryA
GetVersionExA
IsBadHugeReadPtr
TransactNamedPipe
GetFullPathNameA
UnmapViewOfFile
RtlMoveMemory
NlsGetCacheUpdateCount
UnhandledExceptionFilter
EnumResourceNamesA
GetCurrentProcess
GetCurrentProcessId
GetPrivateProfileStringA
GetSystemDefaultUILanguage
GetFileSizeEx
ReleaseActCtx
GetWriteWatch
CreateFileA
GetNativeSystemInfo
InterlockedExchangeAdd
GetDriveTypeA
IsValidLocale
GetDiskFreeSpaceW
GetModuleHandleExA
SetStdHandle
FindVolumeMountPointClose
GetModuleHandleA
GlobalUnlock
GetStartupInfoA
GlobalWire
VirtualAlloc

netapi32

NetConfigGetAll
I_NetLogonUasLogoff
NetLocalGroupDelMember
NetLocalGroupAdd
NetpMergeFtinfo
NetEnumerateTrustedDomains
DsGetDcNameA
DsGetDcOpenW
NetServiceEnum
I_NetServerGetTrustInfo
DsGetDcNameWithAccountA
NetReplImportDirDel
NetSessionDel
RxNetAccessEnum
NetReplExportDirDel
NetReplExportDirSetInfo
NetLocalGroupGetInfo
NetEnumerateComputerNames
NetScheduleJobGetInfo
I_NetServerAuthenticate
NetServiceControl
NetpOpenConfigData
NetRegisterDomainNameChangeNotification
NetpInitFtinfoContext
DsGetDcCloseW
NetApiBufferReallocate
NetLocalGroupEnum
DsEnumerateDomainTrustsW
DsRoleServerSaveStateForUpgrade
I_NetLogonControl2
NetErrorLogClear
RxNetServerEnum

ntdll

ZwQueryMutant
islower
NtMakePermanentObject
NtOpenObjectAuditAlarm
LdrQueryImageFileExecutionOptions
RtlpApplyLengthFunction
RtlApplicationVerifierStop
NtAdjustPrivilegesToken
RtlRestoreLastWin32Error
RtlInsertElementGenericTableAvl
DbgPrintReturnControlC
NtSetInformationKey
_CIsqrt
ZwSetHighWaitLowEventPair
NtDeleteBootEntry
NtQueryOpenSubKeys
NtReplyWaitReceivePort
wcslen
RtlStartRXact
RtlSubtreePredecessor
ZwProtectVirtualMemory
RtlDosPathNameToNtPathName_U
ZwOpenMutant
ZwTranslateFilePath
DbgQueryDebugFilterState
RtlEnterCriticalSection
RtlCreateUserProcess
RtlUpperChar
RtlDeleteSecurityObject
tolower
_itoa
ZwDeleteFile
NtTranslateFilePath
ZwMakePermanentObject
NtUnloadKeyEx
RtlGetLastNtStatus
NtDebugActiveProcess
ZwSetIntervalProfile
memchr
NtQuerySymbolicLinkObject
RtlDecompressFragment

msvcrt40

_outp
_getdcwd
_wfindfirsti64
??0exception@@QAE@ABQBD@Z
_creat
_adj_fdiv_m64
wcsftime
_stricoll
__set_app_type
__threadhandle
isalpha
_wexecv
_execlpe
_ftol
_except_handler3
?setmode@filebuf@@QAEHH@Z
_fsopen
??0streambuf@@QAE@ABV0@@Z
_rmdir
_mtlock
perror
tmpfile
getenv
_wcsnicoll
strspn
_dup
_fdopen
??0ofstream@@QAE@PBDHH@Z
??0istrstream@@QAE@ABV0@@Z
?overflow@filebuf@@UAEHH@Z
iswlower
_mbslwr
?_set_new_mode@@YAHH@Z
__dllonexit
_adj_fdiv_m16i
_wcsupr
_CIcosh
_mbsrev
ungetc

user32

CharUpperBuffA
LockWindowStation
DdeCreateStringHandleA
GetDoubleClickTime
GetClassLongW
MonitorFromRect
GetPropW
GetClassInfoExW
EnumPropsA
BroadcastSystemMessageExW
CharToOemBuffW
wvsprintfA
MessageBeep
GetDlgCtrlID
GetMessagePos
IsCharAlphaNumericW
DrawStateW
ScrollDC
MB_GetString
FlashWindowEx
DrawFrame
GetMenuItemInfoA
SetWindowContextHelpId
SendInput
SendMessageA

mssign32

PvkPrivateKeyAcquireContextA
PvkPrivateKeySaveA
PvkPrivateKeyLoadA
SignerAddTimeStampResponseEx
SignerSignEx
PvkFreeCryptProv
SignerSign
FreeCryptProvFromCert
PvkPrivateKeySave
SignError
PvkPrivateKeyLoadFromMemory
PvkPrivateKeyReleaseContextA
PvkPrivateKeyLoadFromMemoryA
SignerAddTimeStampResponse
PvkPrivateKeySaveToMemoryA
PvkPrivateKeyAcquireContext
PvkPrivateKeyLoad
SignerCreateTimeStampRequest
SignerTimeStamp
SignerFreeSignerContext
SignerTimeStampEx
PvkPrivateKeyReleaseContext
PvkGetCryptProv
GetCryptProvFromCert
PvkPrivateKeyAcquireContextFromMemoryA
PvkPrivateKeyAcquireContextFromMemory
PvkPrivateKeySaveToMemory
SpcGetCertFromKey

Sections

.text
Size: 532KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 322KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8540844cac7ef969d7e06acce14fd69

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

netapi32

ntdll

msvcrt40

user32

mssign32

Sections

.text Size: 532KB - Virtual size: 532KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 322KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 532KB - Virtual size: 532KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 322KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B