1705e996809229590f18a3ff0e1dd696_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1705e996809229590f18a3ff0e1dd696_JaffaCakes118
Size

871KB
MD5

1705e996809229590f18a3ff0e1dd696
SHA1

b6210ce8e5b696dca48a7b644f5038e5c5be76e0
SHA256

fc986f10b414fe06d86ee00500554b17510052358e13a329241780271fa57422
SHA512

2abd4a12cdf881cd78b28c5ab935b06ee428af29475173ee4486c9707ac1b47e79e3338be9eedc2a92ee04e5472ec547bad2bf651c3b1363a2cfd16edff8eeff
SSDEEP

24576:m+6s1Az6um+92mmkdgmydwCZMZj+8q51xt:mu9uCFNTZH8oJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1705e996809229590f18a3ff0e1dd696_JaffaCakes118

Files

1705e996809229590f18a3ff0e1dd696_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8e8ac36d2e56b94e5730d2d184536984

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

_fputwchar
??1iostream@@UAE@XZ
?fd@ifstream@@QBEHXZ
mbstowcs
_strnicmp
?underflow@filebuf@@UAEHXZ
wcsftime
?attach@fstream@@QAEXH@Z
abort
malloc
?opfx@ostream@@QAEHXZ
??0streambuf@@QAE@ABV0@@Z
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
?fd@ofstream@@QBEHXZ
_wfopen
??0filebuf@@QAE@XZ
??_7ios@@6B@
?name@type_info@@QBEPBDXZ
??_Dostream@@QAEXXZ
_loaddll
?setmode@filebuf@@QAEHH@Z
_access
__p__iob
modf
gmtime
??0logic_error@@QAE@ABV0@@Z
strtoul
?pbackfail@streambuf@@UAEHH@Z
strerror
__lconv_init
_mbsncmp
_ismbbkpunct
??0__non_rtti_object@@QAE@ABV0@@Z
_itoa
iswalpha
?cout@@3Vostream_withassign@@A
_wspawnvp
??0strstream@@QAE@ABV0@@Z
sscanf
_mbsnbcoll
_mbsnbcpy
system
_isatty
??5istream@@QAEAAV0@AAF@Z
_mbscpy

kernel32

GetConsoleTitleW
OpenProfileUserMapping
SetLastError
LoadLibraryA
GlobalAlloc
lstrlenA
CancelIo
SetConsoleCursorMode
IsBadWritePtr
MoveFileExW
AddRefActCtx
UpdateResourceA
FileTimeToDosDateTime
RegisterWowBaseHandlers
GetEnvironmentStringsA
GetConsoleCommandHistoryA
EnumLanguageGroupLocalesW
SetSystemPowerState
SetConsoleCursor
IsBadHugeWritePtr
SetConsoleIcon
MulDiv
GlobalSize
SetSystemTimeAdjustment
GetCurrentDirectoryW
DeviceIoControl
FindFirstFileExW
ShowConsoleCursor
GetHandleContext
TryEnterCriticalSection
ReplaceFileW
VirtualAlloc
GlobalGetAtomNameA
GlobalHandle
GetCurrentThread
GetCurrentThreadId
GetLargestConsoleWindowSize
CopyFileExA
GetConsoleFontSize
BackupRead
SetConsoleDisplayMode
GetCPInfoExA
InterlockedIncrement
VerLanguageNameW

shlwapi

PathAddExtensionW
SHDeleteKeyW
SHEnumValueA
wvnsprintfA
PathMatchSpecW
UrlGetPartW
SHRegWriteUSValueW
PathFileExistsA
ColorRGBToHLS
SHGetValueA
PathMakeSystemFolderA
StrChrIW
SHCreateShellPalette
StrSpnW
PathMakePrettyA
UrlCreateFromPathW
SHStrDupA
PathMakeSystemFolderW
StrNCatW
PathIsUNCA
PathRemoveFileSpecW
PathIsSystemFolderW
SHRegDeleteUSValueW
DllGetVersion
UrlHashW
SHRegDeleteUSValueA
PathIsFileSpecA
PathAppendA
SHQueryValueExW
PathBuildRootA
PathUnquoteSpacesA
UrlCombineW
SHRegDuplicateHKey
PathSearchAndQualifyW

glu32

gluBuild1DMipmaps
gluDeleteTess
gluTessEndContour
gluUnProject
gluLookAt
gluTessBeginPolygon
gluTessCallback
gluBeginTrim
gluQuadricNormals
gluEndCurve
gluTessProperty
gluLoadSamplingMatrices
gluOrtho2D
gluBuild2DMipmaps
gluDeleteNurbsRenderer
gluGetString
gluGetNurbsProperty
gluEndPolygon
gluDeleteQuadric
gluPickMatrix
gluDisk
gluScaleImage
gluBeginPolygon
gluNurbsProperty
gluTessEndPolygon
gluTessVertex

msasn1

ASN1BERDecZeroChar32String
ASN1CEREncBitString
ASN1BERDecU32Val
ASN1CEREncEndBlk
ASN1char16string_free
ASN1intx_add
ASN1BERDecOctetString
ASN1BEREncOpenType
ASN1generalizedtime_cmp
ASN1BEREncUTCTime
ASN1BERDecGeneralizedTime
ASN1_FreeDecoded
ASN1BEREncUTF8String
ASN1BERDecEndOfContents
ASN1utctime_cmp
ASN1_Decode
ASN1CEREncChar32String
ASN1BEREncU32
ASN1_CloseEncoder2
ASN1BERDecExplicitTag
ASN1BEREncFlush
ASN1open_free
ASN1utf8string_free
ASN1BERDecSkip
ASN1BERDecZeroChar16String
ASN1BERDecNull
ASN1BERDecChar32String
ASN1_Encode
ASN1ztchar32string_free
ASN1_FreeEncoded
ASN1DecSetError
ASN1bitstring_free
ASN1BERDecFlush
ASN1BERDecSXVal
ASN1BEREoid_free

crtdll

_getpid
tmpnam
_dup2
_flushall
_getw
vwprintf
_wcsicoll
sprintf
_setjmp
_rotl
strtol
_purecall
isprint
_assert
_strncnt
_mbbtype
strerror
div
fgetwc
tolower
_ismbcsymbol
_HUGE_dll
rand
_y1
_ultow
asctime
iswprint
strspn
_vsnwprintf
_cputs
sin
remove
_splitpath
_ismbbpunct
_osver_dll
_strtime

msoert2

PszScanToWhiteA
UlStripWhitespace
PszMonthFromIndex
HrBSTRToLPSZ
HrFindInetTimeZone
RicheditStreamOut
HrGetStreamPos
PVDecodeObject
FIsEmptyW
HrStreamToByte
HrCheckTridentMenu
HrGetCertKeyUsage
HrSafeGetStreamSize
HrFillRasCombo
PszEscapeMenuStringA
PszAllocW
PszSkipWhiteA
StrToUintA
OpenFileStreamW
HrCopyStream
HrCopyStreamCB
FBuildTempPathW
PszFromANSIStreamA
WriteStreamToFile
OpenFileStreamShareW
HrDecodeObject
AppendTempFileList
MessageBoxInst
HrRewindStream
CreateEnumFormatEtc
HrIStreamWToBSTR
WriteStreamToFileHandle
UpdateRebarBandColors
HrGetStyleSheet
CreateStreamOnHFile
CreateSystemHandleName
HrIsStreamUnicode
CrackNotificationPackage
StripCRLF
CleanupFileNameInPlaceA
CreateTempFileStream
IUnknownList_CreateInstance
FIsValidFileNameCharA
CryptFreeFunc
PszAllocA

Sections

.text
Size: 201KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 551KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e8ac36d2e56b94e5730d2d184536984

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

kernel32

shlwapi

glu32

msasn1

crtdll

msoert2

Sections

.text Size: 201KB - Virtual size: 204KB

.rdata Size: 551KB - Virtual size: 552KB

.data Size: 115KB - Virtual size: 1.6MB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 201KB - Virtual size: 204KB

.rdata
Size: 551KB - Virtual size: 552KB

.data
Size: 115KB - Virtual size: 1.6MB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB