16689047ad131faaee9277588b0ad7db_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16689047ad131faaee9277588b0ad7db_JaffaCakes118
Size

862KB
MD5

16689047ad131faaee9277588b0ad7db
SHA1

1cc3c989855a6a9318630edec8958cd4ecaeb01e
SHA256

c38e7b3a1f3cd35f14f758c63a2b41c7d6f67dd8f19a7303f326649a95eb480b
SHA512

96117e63ac8cc4e20c3fcb9657b88d5abc7a93f659bdc201c4a6d68c5672b35801d5f6c679dedfcaec43fcff99047a6c9242d6969677dcd61496338f9645dce7
SSDEEP

12288:tBfEnht+UoCJ1IJsWAMyE7A6rn9QUEp8Q7bc9RHKHzOrfiRjUCauG1fecy2AYV:tVEnh0CJWJVAe9a8Q7YnH+bokcy2H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16689047ad131faaee9277588b0ad7db_JaffaCakes118

Files

16689047ad131faaee9277588b0ad7db_JaffaCakes118
.exe windows:5 windows x86 arch:x86

eed4e3a52636c3df19590a04c66e6069

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

fgetwc
__wargv
??_Gifstream@@UAEPAXI@Z
_wfindfirst
__RTDynamicCast
??0logic_error@@QAE@ABQBD@Z
wcschr
??5istream@@QAEAAV0@AAG@Z
wcsncpy
_strdate
isxdigit
_CxxThrowException
?str@ostrstream@@QAEPADXZ
_strncoll
?pcount@ostrstream@@QBEHXZ
?putback@istream@@QAEAAV1@D@Z
??_Diostream@@QAEXXZ
_unlink
??4stdiobuf@@QAEAAV0@ABV0@@Z
__dllonexit
??0stdiobuf@@QAE@ABV0@@Z
_findclose
_mbsset
??_Distream@@QAEXXZ
_mbctolower
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
??_Eifstream@@UAEPAXI@Z
memset
_get_osfhandle
_mbsnccnt
?floatfield@ios@@2JB
_mbsnbcoll
ferror
_hypot

glmf32

glsNumlv
glsGetStreamType
glsUTF8toUCS2z
glsWriteFunc
__glsString_assign
__glsParser_create
glsIsContext
glsGetGLRCi
glsGetStreamReadName
glsUTF8toUCS4z
glsDeleteReadPrefix
glsGetContextFunc
glsUnreadFunc
glsGetHeaderiv
glsEndGLS
glsCommandFunc
glsHeaderfv
glsGetContextListl
glsGetOpcodeCount
glsNumbv
glsGetCurrentContext
glsHeaderLayeri
glsGetContextubz
glsDisplayMapfv
__glsString_init
glsGetCaptureExecTable
glsBeginGLS
glsUCS2toUTF8z
glsNumubv
glsDataPointer
glsCharubz
glsGetCommandAttrib
glsChannel
glsNumui
glsGetStreamCRC32
glsGetCurrentTime
glsEnumString

kernel32

GetPrivateProfileSectionA
EnumUILanguagesA
SetConsoleKeyShortcuts
IsDBCSLeadByteEx
GetConsoleKeyboardLayoutNameA
AddAtomW
OpenMutexA
IsValidCodePage
GetStringTypeExA
GetDriveTypeW
MapUserPhysicalPagesScatter
EnumResourceLanguagesA
lstrcat
UnhandledExceptionFilter
AddAtomA
CreateFiber
_lclose
SetThreadPriorityBoost
GetUserDefaultUILanguage
LoadLibraryA
Module32Next
EnterCriticalSection
GetSystemDefaultLangID
DeleteVolumeMountPointA
IsValidLocale
GetDefaultCommConfigW
GetStringTypeA
VerLanguageNameW
AllocConsole
FindNextChangeNotification
GenerateConsoleCtrlEvent
ReadConsoleW
LeaveCriticalSection
RegisterConsoleOS2
SetErrorMode
GetStringTypeExW
GetSystemDefaultLCID
EnumSystemCodePagesW
VirtualAlloc
IsDebuggerPresent
SuspendThread
PrepareTape
FlushFileBuffers
GetUserDefaultLCID

cmutil

CmStrchrA
CmIsDigitW
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBG@Z
?SetParams@CmLogFile@@QAEJHKPBG@Z
?LoadEntry@CIniW@@IBEPAGPBG@Z
?SetHInst@CIniA@@QAEXPAUHINSTANCE__@@@Z
CmStrCatAllocA
GetOSBuildNumber
?GetFile@CIniW@@QBEPBGXZ
?WPPB@CIniA@@QAEXPBD0H@Z
CmRealloc
?DeInit@CmLogFile@@QAEJXZ
?SetSection@CIniW@@QAEXPBG@Z
?OpenFile@CmLogFile@@AAEJXZ
?Clear@CIniA@@QAEXXZ
??0CRandom@@QAE@I@Z
?LoadEntry@CIniA@@IBEPADPBD@Z
?GetSection@CIniW@@QBEPBGXZ
?GetPrimaryFile@CIniW@@QBEPBGXZ
?CIniW_DeleteEntryFromReg@CIniW@@IBEHPAUHKEY__@@PBG1@Z
?SetEntryFromIdx@CIniA@@QAEXK@Z
WzToSz
CmLoadSmallIconA
SzToWz
CmWinHelp
WzToSzWithAlloc
CmLoadImageW
CmEndOfStrW
GetOSVersion
CmLoadIconA
?SetWriteICSData@CIniA@@QAEXH@Z
?Log@CmLogFile@@QAAXW4_CMLOG_ITEM@@ZZ
?SetICSDataPath@CIniW@@QAEXPBG@Z
?WPPB@CIniW@@QAEXPBG0H@Z
?SetHInst@CIniW@@QAEXPAUHINSTANCE__@@@Z
?SetReadICSData@CIniA@@QAEXH@Z
?CIniW_WriteEntryToReg@CIniW@@IBEHPAUHKEY__@@PBG1PBEKK@Z
?LoadSection@CIniW@@QBEPAGPBG@Z
?GPPB@CIniA@@QBEHPBD0H@Z
?GetRegPath@CIniA@@QBEPBDXZ
?GetLogFilePath@CmLogFile@@QAEPBGXZ

shlwapi

PathSkipRootA
PathCreateFromUrlA
AssocQueryKeyW
SHSetValueW
AssocQueryStringByKeyA
ChrCmpIA
SHEnumKeyExW
SHStrDupA
PathParseIconLocationA
SHRegWriteUSValueW
UrlCompareA
SHRegDeleteEmptyUSKeyW
PathUnmakeSystemFolderW
StrStrIA
SHIsLowMemoryMachine
PathIsPrefixA
PathCommonPrefixW
PathIsUNCServerA
UrlApplySchemeA
StrStrW
PathIsNetworkPathW
PathFindFileNameW
StrRStrIA
UrlIsW
PathUndecorateW
StrChrNIW
SHRegGetPathA
SHQueryInfoKeyA
SHDeleteOrphanKeyW
PathRenameExtensionA
StrChrNW
StrToIntA

lz32

LZDone
LZClose
GetExpandedNameA
CopyLZFile
LZRead
GetExpandedNameW
LZCloseFile
LZStart
LZOpenFileW
LZOpenFileA
LZCopy
LZSeek
LZInit
LZCreateFileW

mlang

ConvertINetReset
Rfc1766ToLcidW
ConvertINetMultiByteToUnicode
LcidToRfc1766W
GetGlobalFontLinkObject
IsConvertINetStringAvailable
LcidToRfc1766A
Rfc1766ToLcidA
ConvertINetString
ConvertINetUnicodeToMultiByte
DllGetClassObject

msvcrt

exit
__set_app_type
__p__commode
__getmainargs

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 527KB - Virtual size: 527KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eed4e3a52636c3df19590a04c66e6069

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

glmf32

kernel32

cmutil

shlwapi

lz32

mlang

msvcrt

Sections

.text Size: 150KB - Virtual size: 150KB

.rdata Size: 527KB - Virtual size: 527KB

.data Size: 181KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 150KB - Virtual size: 150KB

.rdata
Size: 527KB - Virtual size: 527KB

.data
Size: 181KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB