1b1c8b15c46155dfec843e36dc2328b2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1b1c8b15c46155dfec843e36dc2328b2_JaffaCakes118
Size

22KB
MD5

1b1c8b15c46155dfec843e36dc2328b2
SHA1

186fd4f867957ef0356058849736be6bdf189349
SHA256

c1a32a6498efc2d559f6dfdf43f3bad9be075b55f7c737b2fce4b2c874e1e763
SHA512

e05f90b2b0098c4b2319b6cd3f95eecc0078e760608f832019cf5c49747df0474fbc7fd27257277fe2e6c274733124b431b4f65cf0aa088f74b6d8a9a0feb2de
SSDEEP

384:DEPtMzXTiup6QizQilEyz9CjkyYOEDr7G97XRW8U9lox68E9zyaH+DvMTJseMs6:IPCXOup6RlrAAyYNGpXRW8Mj8Epy/TkH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b1c8b15c46155dfec843e36dc2328b2_JaffaCakes118

Files

1b1c8b15c46155dfec843e36dc2328b2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

01ee83542b8f281e7c7bca333f454e37

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

t:\CRESTAM\LDM\pdb\DatFormatConv.pdb

Imports

msvcr80

_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_unlink
_initterm_e
_invoke_watson
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
memset
free
signal
_putenv
exit
strftime
fputs
fread
fwrite
sprintf
isalnum
ispunct
strchr
_initterm
_controlfp_s
getenv
fopen
fgets
strstr
strtok
_putenv_s
fclose
setlocale
_time32
_localtime32
_stat32

ndm

Dgmcrprm_
DgError
DgWKPTGE
DgdWSOP_INIT
DgINFInfGet
DgOBCR
DgdDGINIT
DgFFVRINIT
DgGetObjTB
DgGetFileId2
DgdWSCL
Dswstbl_
dscurrent_

nutil

DufTandPSave
DufTandPLoad
DufPropSave
DufDBSTORE
DufPropFileCre
DufDBLOAD2
DufCloseLDFile
DufSetSaveFormat
DufOpenLDFile
DufDBLOAD

nsh

DcGetAllEntId
DcGetEntAttr
DcCrePred2

filesystem

NBfSetSecurity
NBfGetSecurity
NBfmove
NBfdel
NBfstat
NBfClearSecurity

ndh_ntv

DbAssPreID
DbTmpFID

mon

AmQuery30

basic

Bfterm
BdgCurrentAreaGet
BdgStkLvlInc
BdgProgSw
BdgInt
BdgMainSw
BdgCurrentGet
BdgSnp
BdgTrceMk
BdgStkLvlDec
Bfdirdel
BmTerm
BdgFrmTrm
Bdgerr
BmCAllocArea
BdginterHGet
Bfinit
BmInit
BuCustPath
BdgFrmIni
BdgSnpCnt

crestamstr

Cstrrchr

kernel32

GetLastError
CreateEventA
GetVersionExA
CloseHandle
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01ee83542b8f281e7c7bca333f454e37

Headers

File Characteristics

PDB Paths

Imports

msvcr80

ndm

nutil

nsh

filesystem

ndh_ntv

mon

basic

crestamstr

kernel32

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: - Virtual size:

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: - Virtual size: