214a43849362bc72b685e227e4ce8d8d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

214a43849362bc72b685e227e4ce8d8d_JaffaCakes118
Size

83KB
MD5

214a43849362bc72b685e227e4ce8d8d
SHA1

01ce009651b3de4a9f3c8a4a54fff2d2ce9b23f4
SHA256

0234e58337b4e29726fa46afcdc3fb50741ab881bc0ccff6bbaca6058824e883
SHA512

392a5f4f954689f9e0beb75241d05afd2aae0e4454298c47285c9e059993cbe5034f5cc6c8f55c1154cdf2639f6b362320a860bbefa12897872c448bd2eacb3f
SSDEEP

1536:pPO7FuLk7t/mvdPnG5hzr0/tZFO/Xz1iP/phfN4ca8CgJM6FNqylqtiwNBZElHC2:pPO7F2k7oFPnG5hk/tOXzoZtN4cangJ4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
214a43849362bc72b685e227e4ce8d8d_JaffaCakes118

Files

214a43849362bc72b685e227e4ce8d8d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4c986fae765a99bc07d9e1b0ad7640d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cmutil

?CloseFile@CmLogFile@@AAEJXZ
GetOSMajorVersion
CmStrtokA
CmBuildFullPathFromRelativeW
?WPPS@CIniA@@QAEXPBD00@Z
CmLoadSmallIconA
IsLogonAsSystem
?SetParams@CmLogFile@@QAEJHKPBG@Z
??1CIniA@@QAE@XZ
?GetPrimaryFile@CIniA@@QBEPBDXZ
?WPPI@CIniA@@QAEXPBD0K@Z
?SetPrimaryFile@CIniA@@QAEXPBD@Z
?SetHInst@CIniA@@QAEXPAUHINSTANCE__@@@Z
?SetPrimaryRegPath@CIniW@@QAEXPBG@Z

mmcbase

??0?$CEventLock@UAppEvents@@@@QAE@XZ
??0CMMCStrongReferences@@AAE@XZ
?MMCUpdateRegistry@@YGJHPBVCObjectRegParams@@PBVCControlRegParams@@@Z
?ScEmitOrPostpone@CEventBuffer@@QAE?AVSC@mmcerror@@PAUIDispatch@@JPAVCComVariant@ATL@@H@Z
?Unlock@CEventBuffer@@QAEXXZ
?IsLocked@CEventBuffer@@QAE_NXZ
?IsError@SC@mmcerror@@QBE_NXZ
?LastRefReleased@CMMCStrongReferences@@SG_NXZ
??4SC@mmcerror@@QAEAAV01@ABV01@@Z
?MMCErrorBox@@YGHVSC@mmcerror@@I@Z
?Lock@CEventBuffer@@QAEXXZ
?Throw@SC@mmcerror@@QAEXXZ
?GetSingletonObject@CMMCStrongReferences@@CGAAV1@XZ
??0SC@mmcerror@@QAE@J@Z

ntdll

RtlTraceDatabaseValidate
RtlGetNtProductType
ZwPrivilegeObjectAuditAlarm
RtlProtectHeap
LdrFindResource_U
RtlCreateUserProcess
ZwSetDefaultHardErrorPort
ZwTerminateProcess
LdrInitializeThunk
RtlInitializeSListHead
RtlCreateBootStatusDataFile
ZwCreateSymbolicLinkObject
RtlIsNameLegalDOS8Dot3
ZwQuerySymbolicLinkObject
ZwQueryBootOptions
RtlNumberGenericTableElementsAvl
ZwTranslateFilePath

kernel32

LoadLibraryA
VirtualAlloc
FreeUserPhysicalPages
_lwrite
VirtualFreeEx
BaseCleanupAppcompatCacheSupport
DefineDosDeviceA
SetHandleContext
SetCriticalSectionSpinCount
GetSystemTimeAsFileTime
IsBadWritePtr
GetProcAddress
CreateActCtxA
GetCurrentProcessId
IsProcessInJob
GetDiskFreeSpaceExW
SetLocaleInfoA
GetModuleHandleW
GlobalFindAtomA
UpdateResourceW
GetConsoleCursorInfo
QueryPerformanceCounter
UnregisterWait
GetComputerNameW
RegisterWowBaseHandlers
GetCurrentThreadId

crtdll

puts
_spawnvp
_itoa
__fpecode
signal
fabs
abort
clearerr
_ismbcupper
vprintf
_execve
_seterrormode
_fputchar
__iscsym
_mbsncat
_osmajor_dll
_ismbcl1
_mbctokata
wcsftime

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c986fae765a99bc07d9e1b0ad7640d3

Headers

DLL Characteristics

File Characteristics

Imports

cmutil

mmcbase

ntdll

kernel32

crtdll

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 17KB - Virtual size: 23KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 284B

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 17KB - Virtual size: 23KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 284B