187b815fc4a0d758966db7047bb2104d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

187b815fc4a0d758966db7047bb2104d_JaffaCakes118
Size

340KB
MD5

187b815fc4a0d758966db7047bb2104d
SHA1

8eeb3ad57ff9e08aaaca07623c3c2b88a4ab28c3
SHA256

2ed9fa1df2f63d806626dc8cc1ad49c0a9da60185a0f3c17ef3453629140aaa5
SHA512

87eafb626fcd67230ebe81c7c60cf9542771705201a98cdbc7db6f9be154ddf8610fecbd4951da006cf45f11e2b39e9f3de3603bf56ff18ae3eff47bf5f10a61
SSDEEP

6144:b56dQ79+XGbIhHbADMOTSndmWtFEpNJPna4toV1/Ws5TVELpt:b8o9+XGbyGMOTVlpPnJA/xTCH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
187b815fc4a0d758966db7047bb2104d_JaffaCakes118

Files

187b815fc4a0d758966db7047bb2104d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fbbc4fd0226c74cf4da4862f4ea1c147

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

RtlFillMemory
VirtualAlloc
GetStringTypeA
lstrcmpW
QueryPerformanceCounter
Thread32First
GetTickCount
GetStartupInfoW
GetNumaNodeProcessorMask
LoadLibraryA
SetConsoleTextAttribute
SetLocalPrimaryComputerNameA
FindNextVolumeA
Process32FirstW
RemoveDirectoryA
ReadFileEx
GetCurrentThreadId
QueryMemoryResourceNotification
SetHandleInformation
LoadResource
CreateToolhelp32Snapshot
UpdateResourceA
VerSetConditionMask
DeleteFileW
GetConsoleAliasW
CopyFileW
FindFirstFileExW
GetCurrentProcessId

ole32

IsEqualGUID
STGMEDIUM_UserUnmarshal
CoAddRefServerProcess
CoTaskMemRealloc
OleSetMenuDescriptor
HBITMAP_UserUnmarshal
StgOpenAsyncDocfileOnIFillLockBytes
GetErrorInfo
DoDragDrop
CoFreeAllLibraries
OleCreateDefaultHandler
ComPs_NdrDllUnregisterProxy
CoCreateInstanceEx
OleRegGetMiscStatus
OleCreateLinkEx
CoRegisterChannelHook
HGLOBAL_UserFree
GetConvertStg
WriteClassStm
CoCreateInstance
HMETAFILE_UserFree
PropVariantChangeType
CoCopyProxy
OleDuplicateData
ReleaseStgMedium
CoFreeLibrary

msdart

?_InsertThisIntoGlobalList@CLKRHashTable@@AAEXXZ
?ReadUnlock@CFakeLock@@QAEXXZ
MPInitializeCriticalSectionAndSpinCount
?ReadUnlock@CLKRHashTable@@QBEXXZ
??1CSmallSpinLock@@QAE@XZ
?_TryWriteLock2@CReaderWriterLock3@@AAE_NXZ
??1CLockedSingleList@@QAE@XZ
?_ReadOrWriteUnlock@CLKRLinearHashTable@@ABEX_N@Z
?CheckTable@CLKRHashTable@@QBEHXZ
?CheckTable@CLKRLinearHashTable@@QBEHXZ
?Pop@CSingleList@@QAEQAVCSingleListEntry@@XZ
?IsReadLocked@CReaderWriterLock3@@QBE_NXZ
??1CReaderWriterLock@@QAE@XZ
?IsWriteUnlocked@CCritSec@@QBE_NXZ
?_CurrentThreadId@CSmallSpinLock@@CGJXZ
?GetSpinCount@CCritSec@@QBEGXZ
?sm_dblDfltSpinAdjFctr@CCritSec@@1NA
?GetSpinCount@CReaderWriterLock@@QBEGXZ
?SetDefaultSpinCount@CReaderWriterLock2@@SGXG@Z
?_CurrentThreadId@CSpinLock@@CGJXZ
?BucketIndex@CLKRHashTableStats@@SGJJ@Z
?IsWinNT4@CMdVersionInfo@@SAHXZ
?ConvertExclusiveToShared@CFakeLock@@QAEXXZ
?s_aBucketSizes@?1??BucketSizes@CLKRHashTableStats@@SGPBJXZ@4QBJB
?IsWin2k@CMdVersionInfo@@SAHXZ

mapistub

cmc_read
FBadRglpNameID@8
ScCopyNotifications@16
FPropContainsProp@12
FBadRowSet@4
MAPILogonEx
ScGenerateMuid@4
HrDispatchNotifications@4
__ValidateParameters@8
ScCreateConversationIndex@16
FGetComponentPath@20
HrGetOmiProvidersFlags@8
HrSetOmiProvidersFlagsInvalid
UNKOBJ_ScSzFromIdsAlloc@20
MAPILogoff
BMAPIDetails
UlPropSize@4
BMAPIResolveName
FBinFromHex@8
HrDecomposeEID@28

ws2_32

accept
WSAAsyncGetProtoByName
WSACleanup
WSASocketW
send
WSAIsBlocking
WSAEnumNameSpaceProvidersA
shutdown
WSAAsyncGetServByName
WSALookupServiceBeginA
WSARecvFrom
WSAGetServiceClassNameByClassIdA
WSCInstallProvider
WSALookupServiceBeginW
recv
WSARecvDisconnect
ntohs
getsockname
WSCEnableNSProvider
WSCUpdateProvider
WSAGetServiceClassInfoW
WSAGetLastError
WSASend
WSAAsyncGetHostByName
getaddrinfo
WSAHtonl
WSAGetQOSByName

setupapi

CM_First_Range
SetupDiGetDeviceInstanceIdW
SetupQueryInfVersionInformationA
SetupInstallServicesFromInfSectionW
CM_Is_Version_Available
SetupRemoveFileLogEntryW
pSetupGuidFromString
SetupDefaultQueueCallbackA
DoesUserHavePrivilege
CM_Is_Version_Available_Ex
SetupDiSetSelectedDriverW
pSetupSetQueueFlags
CM_Get_HW_Prof_Flags_ExA
CM_Locate_DevNode_ExA
SetupDiGetClassBitmapIndex
CM_Get_Device_ID_ExW
CM_Delete_DevNode_Key_Ex
CM_Get_Depth
SetupDiEnumDeviceInfo
CM_Next_Range

msvcrt40

??Bios@@QBEPAXXZ
isgraph
fflush
??0filebuf@@QAE@H@Z
??0fstream@@QAE@ABV0@@Z
??_Distream_withassign@@QAEXXZ
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
_amsg_exit
_stat
??0ostrstream@@QAE@ABV0@@Z
??1ios@@UAE@XZ
__STRINGTOLD
??1Iostream_init@@QAE@XZ
?read@istream@@QAEAAV1@PACH@Z
??0Iostream_init@@QAE@XZ
mktime
is_wctype
_cputs
??0istream@@IAE@XZ
_ltow
_inpw
_ismbcl0
?str@strstream@@QAEPADXZ
isdigit
??6ostream@@QAEAAV0@PBC@Z
_wctime
calloc
??_Giostream@@UAEPAXI@Z
_snprintf

keymgr

PRShowSaveWizardExW
PRShowRestoreFromMsginaW
PRShowSaveFromMsginaW
PRShowRestoreWizardW
KRShowKeyMgr
CPlApplet
DllMain
PRShowRestoreWizardExW

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 249KB - Virtual size: 626KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbbc4fd0226c74cf4da4862f4ea1c147

Headers

File Characteristics

Imports

kernel32

ole32

msdart

mapistub

ws2_32

setupapi

msvcrt40

keymgr

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 249KB - Virtual size: 626KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 35KB - Virtual size: 34KB

.reloc Size: 512B - Virtual size: 316B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 249KB - Virtual size: 626KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 35KB - Virtual size: 34KB

.reloc
Size: 512B - Virtual size: 316B