24e6e8ca140b6eca12598347327c9f33_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

24e6e8ca140b6eca12598347327c9f33_JaffaCakes118
Size

63KB
MD5

24e6e8ca140b6eca12598347327c9f33
SHA1

5cc048064a6c993b02a9d32f7ed4765b66f80302
SHA256

9204fe60dc9d5f473d232112e1a07366bc32d972eebac6632703a2a25bea7379
SHA512

7ef4596c29fe9e91796580bd01375cc43e8371c692b0df144cb8c48e36bd03e224035e00d103e28711419b04c9265067a83cef4e59ec69b6af04a253dadfae7c
SSDEEP

1536:FVw9Im/tXuE1maBao9LtC0dYHqZIMDxTltApU0423Y:FVGIm/cuzBeqZzeOt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24e6e8ca140b6eca12598347327c9f33_JaffaCakes118

Files

24e6e8ca140b6eca12598347327c9f33_JaffaCakes118
.exe windows:5 windows x86 arch:x86

79c5b5dfc22870e082d4559cbf1399d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cfgmgr32

CM_Locate_DevNode_ExA
CM_Get_Class_NameA
CM_Unregister_Device_InterfaceW
CM_Set_HW_Prof_Flags_ExA
CM_Free_Res_Des_Ex
CM_Free_Res_Des
CM_Request_Eject_PC
CM_Get_Log_Conf_Priority
CM_Next_Range
CM_Register_Device_InterfaceW
CM_Delete_Class_Key
CM_Get_Hardware_Profile_InfoA
CM_Get_Device_Interface_AliasA
CM_Open_Class_KeyW
CM_Set_DevNode_Registry_Property_ExW
CM_Register_Device_Driver_Ex
CM_Get_Hardware_Profile_InfoW
CM_Modify_Res_Des
CM_Merge_Range_List
CM_Get_Res_Des_Data
CM_Set_DevNode_Problem_Ex
CM_Get_Global_State
CM_Get_Device_ID_Size_Ex
CM_Get_Sibling
CM_Get_Device_Interface_AliasW
CM_Add_Empty_Log_Conf_Ex
CM_Query_Arbitrator_Free_Size
CM_Get_Depth_Ex
CM_Get_Class_Key_NameA

msvcrt

_mbscspn
_wcsset
_ismbclower
_ultoa
_commit
swscanf
_adj_fdivr_m64
_adj_fdiv_m32
strtol
_getpid
realloc
__p__winver
_putch
__pxcptinfoptrs
_stricmp
_getws
_mbsnbicoll
_wputenv
_wcsnset
fgetc
_ftime
_mktime64
__wgetmainargs
_nextafter
_spawnv
_itoa
_cgets
_strncoll
_CIatan2
__p__pgmptr
_wremove
_Getdays
_mbsdup
strtok
_itow
_putws
_ctype
_seh_longjmp_unwind
getchar
iswupper
_snprintf
_clearfp
iswcntrl
_mbsnbcnt
_getdllprocaddr
_mbccpy
__set_app_type
_spawnve
_wfindfirst
_stat64
iswdigit
asin

sqlunirl

_GetKeyboardLayoutName_@4
_ShellAbout_@16
_DlgDirSelectComboBoxEx_@16
_LogonUser_@24
_UpdateResource_@24
_RegCreateKeyEx_@36
_PostMessage@16
_VkKeyScanEx_@8
_CommDlg_OpenSave_GetFolderPath@12
_GetFileAttributesEx_@12
_BeginUpdateResource_@8
_RegDeleteKey_@8
_FindFirstFileEx_@24
_RegEnumKeyEx_@32
_SetComputerName_@4
_EnumWindowStations_@8
_CreatePropertySheetPage_@4
_ExtractAssociatedIcon_@12
_NDdeShareEnum_@24
_GetPrivateProfileInt_@16
_LoadMenuIndirect_@4
_GetWindowTextLength@4

d3d8thk

OsThunkDdUnlockD3D
OsThunkDdCreateSurface
OsThunkDdBlt
OsThunkDdGetDriverInfo
OsThunkDdDestroyD3DBuffer
OsThunkDdFlip
OsThunkDdGetMoCompBuffInfo
OsThunkDdGetScanLine
OsThunkDdWaitForVerticalBlank
OsThunkDdGetDriverState
OsThunkDdLockD3D
OsThunkDdQueryMoCompStatus
OsThunkDdRenderMoComp
OsThunkDdAttachSurface
OsThunkDdEndMoCompFrame
OsThunkDdLock
OsThunkD3dValidateTextureStageState
OsThunkDdAddAttachedSurface
OsThunkD3dDrawPrimitives2
OsThunkDdGetMoCompGuids
OsThunkDdCreateMoComp
OsThunkDdCreateD3DBuffer

msasn1

ASN1BEREncCharString
ASN1octetstring_cmp
ASN1BERDecObjectIdentifier
ASN1BEREncOpenType
ASN1CEREncBeginBlk
ASN1_FreeDecoded
ASN1BERDecBitString2
ASN1_CreateModule
ASN1_GetEncoderOption
ASN1BERDecSkip
ASN1BERDecCharString
ASN1BEREncChar16String
ASN1EncSetError
ASN1BERDecNull
ASN1BEREncBitString
ASN1intx_add
ASN1BERDecOpenType2
ASN1BERDecU32Val
ASN1BERDotVal2Eoid
ASN1BEREncNull
ASN1BERDecUTF8String
ASN1octetstring_free
ASN1BERDecBool
ASN1charstring_cmp
ASN1bitstring_free
ASN1DecAlloc
ASN1_CloseEncoder2

msvcrt20

strrchr
_itoa
_adj_fdivr_m32i
longjmp
_wsystem
_safe_fdivr
_ismbblead
?attach@ifstream@@QAEXH@Z
??4ostream_withassign@@QAEAAV0@ABV0@@Z
_strrev
??_7istream@@6B@
feof
__p__wcmdln
remove
?egptr@streambuf@@IBEPADXZ
_tcsnccnt
??_Eofstream@@UAEPAXI@Z
__seh_longjmp_unwind@4
?open@ofstream@@QAEXPBDHH@Z
??4ofstream@@QAEAAV0@ABV0@@Z
??0istream@@QAE@PAVstreambuf@@@Z
?setmode@ifstream@@QAEHH@Z
clock
?flags@ios@@QBEJXZ
strncmp
?fill@ios@@QAEDD@Z
_commode

kernel32

GetLastError
SetConsolePalette
SetLocaleInfoW
EnterCriticalSection
QueryPerformanceCounter
GetModuleHandleW
GetCurrentProcessId
UnregisterWait
GetShortPathNameW
GetNativeSystemInfo
GetNumaNodeProcessorMask
LoadLibraryA
VirtualAlloc
LZCloseFile
WritePrivateProfileStructA
GetExitCodeThread
GetStartupInfoW
CreateConsoleScreenBuffer
GetCurrentThreadId
GetConsoleCommandHistoryLengthW
GetTickCount
GetProfileIntW
GetCalendarInfoA
EnumDateFormatsW
CreateEventW
DebugSetProcessKillOnExit
SetNamedPipeHandleState
SwitchToThread
PrivCopyFileExW
LoadLibraryW
SetConsoleCursorMode

user32

EndDialog

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79c5b5dfc22870e082d4559cbf1399d5

Headers

DLL Characteristics

File Characteristics

Imports

cfgmgr32

msvcrt

sqlunirl

d3d8thk

msasn1

msvcrt20

kernel32

user32

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 23KB - Virtual size: 58KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 352B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 23KB - Virtual size: 58KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 352B