32275950e09a27b18483b2459642bde3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

32275950e09a27b18483b2459642bde3_JaffaCakes118
Size

45KB
MD5

32275950e09a27b18483b2459642bde3
SHA1

0c738a4dd152527dad1fe2d538cad8d40329fa75
SHA256

0b62141ddc51641432bce08fe1717fe0a8dd2adc4f30e484cf6cd966571d33c4
SHA512

61d251a47e58a583567092820e5237b9c56e9bbf0a5ddd6e3b33f38cb23325efa56f2ab5d544fd697a81f54148666e3396b614cdff8ac3ac0a7908369dc6bad9
SSDEEP

768:x3icOId9iiKTBv2795YoA2tp6oEK1v3aTXin/PgPrSGgvhqncMgMFnHQviFnQBXV:xqyi1OXYoZ64uStGgHGwaNQB1wBU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32275950e09a27b18483b2459642bde3_JaffaCakes118

Files

32275950e09a27b18483b2459642bde3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

138f3cfa9f666cd561f2827174df8910

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowDC
GetMenu
IsWindow

opengl32

glTexCoord2f
glReadBuffer
glPopAttrib
glColor3sv
glCallList
wglSwapLayerBuffers
glIndexi
glRasterPos3i
glEnable
glPushMatrix
wglShareLists
glTexCoord2s
glTexCoord1d
glOrtho
glIndexPointer
glLoadMatrixf

msvcrt20

??1fstream@@UAE@XZ
perror
_fpclass
_wexecvpe
wcslen
_mbscat
__fpecode
??0ostream_withassign@@QAE@PAVstreambuf@@@Z
_ismbbalnum
iscntrl
_gcvt
?getline@istream@@QAEAAV1@PACHD@Z
_wrmdir
??_Gfstream@@UAEPAXI@Z
?binary@filebuf@@2HB
?close@ofstream@@QAEXXZ
clearerr

ntdsapi

DsMakeSpnW
DsQuoteRdnValueW
DsMakePasswordCredentialsA
DsListRolesW
DsReplicaAddA
DsUnBindW
DsUnquoteRdnValueA
DsListServersInSiteW
DsFreeSpnArrayA
DsBindWithSpnA
DsCrackSpn3W
DsUnBindA
DsClientMakeSpnForTargetServerW
DsBindW

ntdll

ZwCreateKey
RtlDosApplyFileIsolationRedirection_Ustr
_strcmpi
ZwSetEventBoostPriority
ZwSetSystemTime
RtlImageRvaToSection
RtlQueryInterfaceMemoryStream
ZwSetTimerResolution
iswspace
RtlCreateAndSetSD
CsrIdentifyAlertableThread
RtlCopySecurityDescriptor
NtQueryPortInformationProcess

kernel32

CompareStringW
GlobalAlloc
IsBadStringPtrW
GetCurrentConsoleFont
LZClose
EnumDateFormatsW
VirtualAlloc
GetModuleHandleExW
ClearCommError
GetProcessPriorityBoost
WriteConsoleOutputW
GetGeoInfoW
ExitProcess
lstrlenW
WinExec
BuildCommDCBAndTimeoutsA

msvcirt

?stdiofile@stdiobuf@@QAEPAU_iobuf@@XZ
?getline@istream@@QAEAAV1@PACHD@Z
??Bios@@QBEPAXXZ
?bitalloc@ios@@SAJXZ
?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
??_Gistream@@UAEPAXI@Z
??0ostream_withassign@@QAE@XZ
??_Gstdiobuf@@UAEPAXI@Z
?clog@@3Vostream_withassign@@A
??_8stdiostream@@7Bistream@@@
?is_open@filebuf@@QBEHXZ
??0strstream@@QAE@PADHH@Z
?seekoff@strstreambuf@@UAEJJW4seek_dir@ios@@H@Z
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fksTvuAK
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idat_77
Size: 14KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

138f3cfa9f666cd561f2827174df8910

Headers

DLL Characteristics

File Characteristics

Imports

user32

opengl32

msvcrt20

ntdsapi

ntdll

kernel32

msvcirt

Sections

.text Size: 20KB - Virtual size: 20KB

fksTvuAK Size: 8KB - Virtual size: 7KB

.idat_77 Size: 14KB - Virtual size: 28KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 20KB

fksTvuAK
Size: 8KB - Virtual size: 7KB

.idat_77
Size: 14KB - Virtual size: 28KB

.rsrc
Size: 2KB - Virtual size: 1KB