156445cdf813e7083102b63021f28070_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

156445cdf813e7083102b63021f28070_JaffaCakes118
Size

642KB
MD5

156445cdf813e7083102b63021f28070
SHA1

ca3516fd471578a242b662b0e1dbdeb90983779b
SHA256

d312579dc9276486423043683ac8e4ff852cd64f8cc6b40a30f7f16747d3ef1c
SHA512

68a91aa6ca5ae058d37f151774060cea656556a5f259e10a90a9cb3191218577b84b03abbd204654e9a90e9c9fddbeab195694362ad2b7f714a67ec8f9b59299
SSDEEP

12288:4zML9WFg6xM3qiJkud9+ZkQhR4LgDVaKvTd5BnHo0jp9/O:r9KlcqYkuv+Zk84CVRTVnHo0/O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
156445cdf813e7083102b63021f28070_JaffaCakes118

Files

156445cdf813e7083102b63021f28070_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1f8789cc953dc64501ab982a9330cec7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasdlg

RasUserGetManualDial
RasEntryDlgA
RasUserEnableManualDial
RasSrvHangupConnection
RasDialDlgA
RouterEntryDlgW
RasSrvIsConnectionConnected
RasSrvInitializeService
RasAutodialQueryDlgW
RouterEntryDlgA
RasDialDlgW
RasSrvAddPropPages
RasEntryDlgW
RasAutodialQueryDlgA
RasSrvCleanupService
RasSrvEnumConnections
RasPhonebookDlgW

ntdll

RtlFindMostSignificantBit
NtCompareTokens
NtClearEvent
NtCallbackReturn
ZwFlushWriteBuffer
NtOpenEventPair
RtlQueryAtomInAtomTable
NtSetTimerResolution
LdrDisableThreadCalloutsForDll
__isascii
ZwTerminateThread
ZwAddAtom

opengl32

GlmfBeginGlsBlock
glMapGrid1d
wglRealizeLayerPalette
glGetTexEnviv
glPolygonOffset
glNormal3i
glRasterPos3fv
glEnableClientState
glLightModeliv
glColor3iv
glTexCoord3f
glColor4ub
glPixelStoref
GlmfInitPlayback
GlmfPlayGlsRecord
glRasterPos3iv

kernel32

SetFilePointerEx
FlushFileBuffers
WritePrivateProfileSectionW
WaitCommEvent
ExitProcess
VirtualAlloc
OpenConsoleW
GetNumberOfConsoleInputEvents
SetCommMask
GetVolumePathNameW
OpenWaitableTimerA
SetConsoleInputExeNameW
MapViewOfFileEx
DeleteVolumeMountPointW
SearchPathA
SetConsoleCursor
GetPrivateProfileIntW
WaitNamedPipeW
Process32First

loadperf

InstallPerfDllA
UnloadPerfCounterTextStringsA
UpdatePerfNameFilesA
SetServiceAsTrustedW
UnloadPerfCounterTextStringsW
InstallPerfDllW
LoadPerfCounterTextStringsW
UpdatePerfNameFilesW
BackupPerfRegistryToFileW
LoadPerfCounterTextStringsA
RestorePerfRegistryFromFileW
SetServiceAsTrustedA

user32

GetParent
GetWindowDC
GetMenu

msvcrt40

_toupper
?setbuf@ofstream@@QAEPAVstreambuf@@PADH@Z
fmod
_wsopen
_findnext
_ismbcpunct
??_7logic_error@@6B@
memchr
?set_terminate@@YAP6AXXZP6AXXZ@Z
_mbsnbset
_execlpe
??0ofstream@@QAE@HPADH@Z

Sections

.text
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idat_73
Size: 167KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f8789cc953dc64501ab982a9330cec7

Headers

DLL Characteristics

File Characteristics

Imports

rasdlg

ntdll

opengl32

kernel32

loadperf

user32

msvcrt40

Sections

.text Size: 332KB - Virtual size: 331KB

.rdata Size: 139KB - Virtual size: 138KB

.idat_73 Size: 167KB - Virtual size: 240KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 332KB - Virtual size: 331KB

.rdata
Size: 139KB - Virtual size: 138KB

.idat_73
Size: 167KB - Virtual size: 240KB

.rsrc
Size: 3KB - Virtual size: 3KB