25ff4bc25c23468a911d2990a6aaefa5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

25ff4bc25c23468a911d2990a6aaefa5_JaffaCakes118
Size

828KB
MD5

25ff4bc25c23468a911d2990a6aaefa5
SHA1

061423db86b71f9c8acdd975d3eeb291d50ce9bb
SHA256

eda0f6957ca0fde8313fe7b105feebbaaf485895a215f9b2841ee2e131c2d1f8
SHA512

02973c11054ff038aa0d0970c84bab2cc586eff66288fc256ae0fc897ec38e4bb51582989d07e2588b3edd3e92c56ca31c466a8ffe9d57bc5298ff1793f1f7cf
SSDEEP

24576:uohPYM+iMtSYnP9phFEW6nFIb0mlZkCWLl:ngizYn1PF7EFIwmOh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25ff4bc25c23468a911d2990a6aaefa5_JaffaCakes118

Files

25ff4bc25c23468a911d2990a6aaefa5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c6fbe9f7df68c952d05b930e54d89f92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

fputws
_wcsupr
??0stdiobuf@@QAE@PAU_iobuf@@@Z
??_Gbad_cast@@UAEPAXI@Z
?pcount@ostrstream@@QBEHXZ
_setmaxstdio
_adj_fdivr_m16i
__p__wcmdln
_getdrive
_spawnlp
wcstod
_ctype
_strnicmp
??4ostream@@IAEAAV0@PAVstreambuf@@@Z
_CIfmod
gets
?eof@ios@@QBEHXZ
?pbackfail@streambuf@@UAEHH@Z
strncpy
_dstbias
_chdir
_mbsnbicmp
??_8ostrstream@@7B@
?setf@ios@@QAEJJJ@Z
_strerror
_heapchk
?sgetn@streambuf@@QAEHPADH@Z
_finite
abs
??6ostream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
?flags@ios@@QBEJXZ
rename
??_8fstream@@7Bistream@@@
_strncoll
_wfsopen
_ismbstrail
_wcsnicmp
_msize
??_Distream_withassign@@QAEXXZ
??6ostream@@QAEAAV0@K@Z
_mbbtype
rewind
_getw
?x_statebuf@ios@@0PAJA
_setjmp
?hex@@YAAAVios@@AAV1@@Z
_CIsin
tmpfile
??6ostream@@QAEAAV0@N@Z
??_Dostream_withassign@@QAEXXZ
__p__commode
_fcloseall
??_7stdiobuf@@6B@
_ismbbprint
?get@istream@@QAEAAV1@AAD@Z
??_Gostream_withassign@@UAEPAXI@Z
??0ifstream@@QAE@H@Z
__p__pgmptr
??0istream_withassign@@QAE@XZ
_wcsnicoll
strcspn
_CIpow
??_7stdiostream@@6B@
??_8iostream@@7Bostream@@@
_wrmdir
iswalpha
??_Dstrstream@@QAEXXZ
vsprintf
??0iostream@@IAE@ABV0@@Z
_errno
swscanf
?setg@streambuf@@IAEXPAD00@Z
??_7filebuf@@6B@
??1ifstream@@UAE@XZ
_wgetcwd

expsrv

__vbaPutOwner3
__vbaVarDateVar
rtcChoose
__vbaVarTstEq
__vbaCheckType
PutMem1
__vbaVarTextCmpLt
__vbaStr2Vec
rtcInputBox
__vbaVarCmpLe
__vbaLenBstr
__vbaDateStr
rtcInputCharCountVar
__vbaR4Str
rtcSLN
__vbaAryLock
__vbaStrAryToAnsi
rtcVarBstrFromAnsi
__vbaAryConstruct2
__vbaPut3
BASIC_CLASS_GetIDsOfNames
__vbaVarNot
rtcCommandBstr
__vbaAryMove
__vbaStrMove
__vbaRsetFixstrFree
__vbaStrDate
rtcIsMissing
__vbaRecDestruct
rtcMIRR
__vbaAryCopy
rtcIsDate
__vbaBoolVar
__vbaInStr
__vbaVarAdd
__vbaOnError
__vbaVarCmpNe
rtcTypeName
__vbaFreeVarList
__vbaFpR4
__vbaRefVarAry
rtcGetHourOfDay
__vbaVarForNext

crtdll

_mbclen
strcmp
iswpunct
_strncnt
iscntrl
_cgets
_getdllprocaddr
_CItan
raise
log
_strtime
putc
_ltoa
fclose
_CIatan
difftime
time
_CIacos
strcat
atan2
_ctype
strxfrm
_y1
_fgetchar
fread
_mbstrlen
bsearch
??3@YAXPAX@Z
sinh
__argv_dll
div
_ismbbtrail
_purecall
_cscanf
asin
tolower
_mbctombb
_ismbchira
_ismbslead
wcsspn
_pclose
sscanf
_rmtmp
_splitpath
_tzname
_strnset
memcpy
wcscpy
_mbbtombc
_mbsset
__fpecode
_ftol
scanf
ldexp
localtime
_getsystime
_mbctohira
perror
_y0
_pgmptr_dll
_ismbcprint
_cexit
_strerror
freopen
_execve
_execvpe
_scalb
strcoll
_yn
mbstowcs
islower
_ismbcdigit
_strdec
_stricoll
isdigit
fabs
_findnext
fgets
_mktemp

msvcp60

?_Ifmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@KAPADPADDH@Z
?_Init@?$messages@D@std@@IAEXABV_Locinfo@2@@Z
?sungetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?do_scan_is@?$ctype@G@std@@MBEPBGFPBG0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??0?$messages@D@std@@QAE@I@Z
?thousands_sep@?$numpunct@D@std@@QBEDXZ
?_Psum@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGPBGI@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$basic_ofstream@GU?$char_traits@G@std@@@std@@6B@
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??Hstd@@YA?AV?$complex@M@0@ABV10@0@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??4?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
?_Doraise@range_error@std@@MBEXXZ
??9std@@YA_NABV?$complex@O@0@0@Z
?id@?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?reserve@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?do_encoding@codecvt_base@std@@MBEHXZ
??_F_Locinfo@std@@QAEXXZ
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAG@Z
?imbue@?$basic_ios@GU?$char_traits@G@std@@@std@@QAE?AVlocale@2@ABV32@@Z

mapistub

CreateIProp@24
MNLS_lstrcmpW@8
HrEntryIDFromSz@12
DeinitMapiUtil@0
MAPISaveMail
OpenTnefStreamEx@32
PpropFindProp@12
SwapPlong@8
HrComposeEID@28
ScCopyNotifications@16
MAPIGetDefaultMalloc@0
MAPIFreeBuffer@4
MNLS_CompareStringW@24
ScGenerateMuid@4
FBadColumnSet@4
MAPIInitialize
CloseIMsgSession@4
ScLocalPathFromUNC@12
SzFindSz@8
BMAPIDetails
MAPIOpenFormMgr@8
MAPIDeleteMail
UNKOBJ_COFree@8
MNLS_WideCharToMultiByte@32
ScRelocNotifications@20
UlAddRef@4
cmc_read
FtSubFt@16
UlFromSzHex@4
FBadPropTag@4
HrGetOmiProvidersFlags

kernel32

CommConfigDialogW
GetFirmwareEnvironmentVariableW
GetSystemDirectoryA
GetNumaAvailableMemoryNode
CreateFileMappingA
VerLanguageNameA
GetConsoleMode
ReadConsoleOutputW
QueryPerformanceCounter
CreatePipe
EndUpdateResourceW
ReadConsoleW
VirtualAllocEx
GetTickCount
ClearCommError
ReadFileScatter
EnumSystemLocalesA
GetTapeParameters
WinExec
SetFileApisToOEM
WideCharToMultiByte
LoadLibraryA
HeapDestroy
Process32NextW
GetProcessIoCounters
CreateSemaphoreW
EnumSystemLanguageGroupsW
SetupComm
EnumUILanguagesA
RequestWakeupLatency
ClearCommBreak
SetCommBreak
GlobalWire
VirtualAlloc

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 604KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6fbe9f7df68c952d05b930e54d89f92

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

expsrv

crtdll

msvcp60

mapistub

kernel32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 189KB - Virtual size: 188KB

.data Size: 604KB - Virtual size: 1.9MB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 320B

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 189KB - Virtual size: 188KB

.data
Size: 604KB - Virtual size: 1.9MB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 320B