14e9c0131dd8fdfbe46852a8bac37d12_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

14e9c0131dd8fdfbe46852a8bac37d12_JaffaCakes118
Size

362KB
MD5

14e9c0131dd8fdfbe46852a8bac37d12
SHA1

eadfc77e22ddfd27d02ce880cbd890a3bce09ed9
SHA256

674eabb427bfdac0e3b12d7d50cc12f31e1957ecee85a256df3de5d9489b8dad
SHA512

27480cc0c0a235dbbdf7f9e938c737d8e99060cf71fd3babe452e228014ce46a89e6c96a5a855ab9fcd067092959b1c167f8ac0499ee43d63d500864e78f1348
SSDEEP

6144:S1wPysek7FJO3DFSxEH87s/3koB/eFLot2JUNKSfh1/FXqMsPUu:2wq4FJ4FSwt/ko/e43E0Xrop

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14e9c0131dd8fdfbe46852a8bac37d12_JaffaCakes118

Files

14e9c0131dd8fdfbe46852a8bac37d12_JaffaCakes118
.exe windows:5 windows x86 arch:x86

53521d574cadb6b6adc6ba2203404cd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
htons
WSCEnumProtocols
closesocket
WSANSPIoctl
WSASocketA
WSAHtons
WSAStringToAddressA
WSALookupServiceBeginA
WSCDeinstallProvider
WSAAccept
WSAGetLastError
WSANtohs
WSALookupServiceEnd
WSACancelAsyncRequest
WSAIsBlocking
WSAEnumNameSpaceProvidersA
send
WSAEventSelect
WSAGetServiceClassNameByClassIdA
WSAAsyncGetHostByName
WSASetServiceA
WSAAsyncGetServByName
WPUCompleteOverlappedRequest
WSASend
WSAJoinLeaf
WSAAsyncSelect
WSARemoveServiceClass
WSASocketW
WSAStringToAddressW
WSCInstallProvider
WSAInstallServiceClassW
getaddrinfo
WSADuplicateSocketW
gethostbyaddr
setsockopt

kernel32

GetStringTypeExA
IsProcessorFeaturePresent
GetPriorityClass
LocalSize
ResetWriteWatch
ReleaseActCtx
QueryPerformanceCounter
GetStartupInfoW
GetUserDefaultLCID
LoadLibraryA
GetNumberFormatW
WaitForSingleObjectEx
GetNumaHighestNodeNumber
GetPrivateProfileSectionNamesW
SetConsoleFont
CommConfigDialogA
SetTimeZoneInformation
GlobalGetAtomNameA
RtlFillMemory
GetFirmwareEnvironmentVariableW
VirtualAlloc
lstrcpynA
OutputDebugStringA
GlobalFindAtomW
GetNumaAvailableMemoryNode
lstrcmpA
GetCurrentProcess
GetModuleHandleW

msvcrt40

?setmode@fstream@@QAEHH@Z
fputwc
__RTDynamicCast
??5istream@@QAEAAV0@AAJ@Z
strtok
isspace
?seekoff@streambuf@@UAEJJW4seek_dir@ios@@H@Z
isalnum
wcscspn
?eback@streambuf@@IBEPADXZ
?tellg@istream@@QAEJXZ
_findnexti64
??_Gstrstreambuf@@UAEPAXI@Z
??_Efilebuf@@UAEPAXI@Z
__pxcptinfoptrs
_spawnvpe
_telli64
mbtowc
?_query_new_handler@@YAP6AHI@ZXZ
_wchmod
?get@istream@@IAEAAV1@PADHH@Z
_ismbstrail
_mbccpy
?x_curindex@ios@@0HA
?read@istream@@QAEAAV1@PAEH@Z
_CIlog
_wexecvpe
_winmajor
??5istream@@QAEAAV0@AAM@Z
_c_exit
_pwctype
_wspawnl
localtime
wctomb
_CIsqrt
??4ostream@@IAEAAV0@ABV0@@Z
fopen
_wfindnext
??1exception@@UAE@XZ
wcsncat
_fpieee_flt
_mbsicmp
_mbscat
__p___winitenv
fputws
_wcslwr
_wremove
_stricoll
?setmode@ifstream@@QAEHH@Z
getwchar
difftime
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
_wcsdup
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
sscanf
_wexecvp
__p__dstbias
?open@ofstream@@QAEXPBDHH@Z
_wexeclp
_mbscmp
_execl
?rdbuf@ofstream@@QBEPAVfilebuf@@XZ
?flags@ios@@QBEJXZ
_unlink
_mbsdup
_swab
?flush@@YAAAVostream@@AAV1@@Z
memchr
_spawnlp
??_8iostream@@7Bostream@@@

oleaut32

SafeArrayGetElement
VarUI8FromI8
VarDecFromDisp
VarDecFromDate
VarDecSub
VarR4FromUI1
BSTR_UserSize
SysReAllocString
VarUI4FromCy
VarDecFromStr
VarBstrFromI4
VarI8FromR8
VarI2FromR4
VarBstrFromBool
VarI4FromDisp
VarCyMulI8
VarDecFromUI8
VarI4FromI8
LPSAFEARRAY_UserMarshal
GetAltMonthNames
SystemTimeToVariantTime
SafeArrayCreateVectorEx
VarTokenizeFormatString
VarDecFromI4
VarCyFromUI1
SafeArrayPtrOfIndex
VarR8FromUI1
VarDecAbs
VarBstrFromDate
VarR8FromBool
VarUI1FromDate

ntdll

NtNotifyChangeMultipleKeys
_chkstk
NtCreateMailslotFile
ZwOpenThreadTokenEx
CsrCaptureMessageString
RtlZeroHeap
NtQueryInformationProcess
_aullshr
RtlGetNtVersionNumbers
ZwRequestPort
ZwWriteFile
ZwSetTimerResolution
ZwQueryDirectoryFile
NtSetHighEventPair
RtlOemToUnicodeN
RtlGetGroupSecurityDescriptor
strcmp
towupper
ZwRemoveIoCompletion
RtlInitializeGenericTable
ZwTranslateFilePath
RtlCreateSystemVolumeInformationFolder
RtlUnicodeToCustomCPN
ZwQueryKey
NtQueryDirectoryObject
RtlDowncaseUnicodeString
RtlQueueApcWow64Thread
DbgUiSetThreadDebugObject
strrchr
NtLockVirtualMemory
ZwAreMappedFilesTheSame
NtCreateKey
_wcsicmp
RtlInitCodePageTable
NtCancelTimer
NtAccessCheckAndAuditAlarm
_ultoa
RtlEraseUnicodeString
RtlValidAcl
ZwQueryTimer
RtlValidateProcessHeaps

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53521d574cadb6b6adc6ba2203404cd2

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

msvcrt40

oleaut32

ntdll

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 125KB - Virtual size: 125KB

.data Size: 136KB - Virtual size: 568KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 125KB - Virtual size: 125KB

.data
Size: 136KB - Virtual size: 568KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 1KB - Virtual size: 1KB