2e8cdc5172c3de87957d9dc2337b1d2e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e8cdc5172c3de87957d9dc2337b1d2e_JaffaCakes118
Size

871KB
MD5

2e8cdc5172c3de87957d9dc2337b1d2e
SHA1

079c9fcf77f881c41665955705ca0519ab4116b0
SHA256

381d39cbb07737b9460336b461c6259808992a4814578e9bcf9c87c8d328cd1d
SHA512

e229e137d86dcf6dad89a4054bebd853256ab4e68a99b58e68eee0c611eba9fed1c5d290c32e212b38976a3e7d2d5f267f54f6431b0bd86ebc299f7653f85de9
SSDEEP

24576:fYfqbir0B2N7W631dDtCxYZAVNC0dcGT:gCouuR3VCxYKVNBc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e8cdc5172c3de87957d9dc2337b1d2e_JaffaCakes118

Files

2e8cdc5172c3de87957d9dc2337b1d2e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2e867f43e095bf523f54bcc4bfb69cdb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFileScatter
SetTapePosition
FillConsoleOutputCharacterW
GetConsoleKeyboardLayoutNameA
OpenSemaphoreW
GetFirmwareEnvironmentVariableW
IsBadStringPtrA
GetStringTypeA
GetThreadContext
TransmitCommChar
LoadLibraryA
GetHandleContext
GetNumberOfConsoleFonts
DeactivateActCtx
VerifyVersionInfoA
FindNextVolumeA
GetTimeZoneInformation
PeekConsoleInputA
EnumLanguageGroupLocalesW
GetSystemTimeAsFileTime
GlobalHandle
PulseEvent
SetFirmwareEnvironmentVariableA
LocalAlloc
GetLocaleInfoW
Module32NextW
CancelIo
HeapCreate
AddRefActCtx
SetProcessWorkingSetSize
QueryActCtxW
LoadResource
MapUserPhysicalPagesScatter
GetSystemWindowsDirectoryW
SetMessageWaitingIndicator
OpenEventW
GetConsoleAliasesLengthA
ResetWriteWatch
MoveFileWithProgressW
VirtualAlloc
CreateJobObjectW
UnlockFile
Process32Next
GetFileAttributesExW
GlobalMemoryStatusEx
ConsoleMenuControl
CreateEventW
EnumResourceTypesW

msoert2

HrGetCertKeyUsage
HrStreamSeekCur
IUnknownList_CreateInstance
IVoidPtrList_CreateInstance
CryptFreeFunc
CreateSystemHandleName
AppendTempFileList
CleanupFileNameInPlaceA
UnlocStrEqNW
ShellUtil_GetSpecialFolderPath
HrIStreamToBSTR
CleanupFileNameInPlaceW
HrFindInetTimeZone
PszEscapeMenuStringA
PszScanToWhiteA
IsValidFileIfFileUrlW
FIsEmptyW
CchFileTimeToDateTimeW
DeleteTempFile
CreateStreamOnHFile
HrDecodeObject
PVGetCertificateParam
RicheditStreamOut
IsPrint
FBuildTempPath
PszMonthFromIndex
HrSetDirtyFlagImpl
CreateTempFile
HrStreamSeekEnd
PszDupA
PszSkipWhiteA
FIsSpaceA
HrCopyStreamCBEndOnCRLF

msvcrt

_wfindnexti64
atoi
mktime
vfwprintf
_mbctype
_rotr
_getdrives
_open
_ismbbgraph
_ismbbkalnum
_mbsnbcnt
_spawnvp
_adj_fdiv_m64
_mbsnicmp
__p__wenviron
_getws
_getdrive
_ismbbkprint
fabs
__CxxCallUnwindDtor
__lc_codepage
__crtCompareStringW
_beep
getchar
_expand
??_Ebad_cast@@UAEPAXI@Z
_snwscanf
_wspawnl
_mbsset
_adj_fdivr_m32i
_osplatform
_purecall
_except_handler3
_spawnl
__p___mb_cur_max
wcspbrk
_atoi64

msvcrt40

?openprot@filebuf@@2HB
_setmbcp
_ismbcspace
_wfindnexti64
?str@ostrstream@@QAEPADXZ
??_Estdiobuf@@UAEPAXI@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
__p__osver
??_8iostream@@7Bistream@@@
?sync_with_stdio@ios@@SAXXZ
acos
?get@istream@@QAEAAV1@AAE@Z
$I10_OUTPUT
??0stdiostream@@QAE@PAU_iobuf@@@Z
iscntrl
scanf
iswxdigit
_execv
?gbump@streambuf@@IAEXH@Z
_spawnlpe
_wchdir
time
?init@ios@@IAEXPAVstreambuf@@@Z
??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z
?sh_read@filebuf@@2HB
??_7strstreambuf@@6B@
?get@istream@@QAEAAV1@PADHD@Z
??5istream@@QAEAAV0@AAD@Z
_findclose
??_Efstream@@UAEPAXI@Z
?write@ostream@@QAEAAV1@PBEH@Z
?allocate@streambuf@@IAEHXZ
_wexecl
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
__toascii
??1streambuf@@UAE@XZ
_mbbtombc
_wchmod
_fmode
?open@ifstream@@QAEXPBDHH@Z
?rdbuf@stdiostream@@QBEPAVstdiobuf@@XZ
_getsystime
setbuf

gdi32

PatBlt
GdiCreateLocalMetaFilePict
DdEntry40
ColorMatchToTarget
DdEntry15
EngStretchBltROP
DdEntry32
DdEntry3
GetTextExtentPointW
CreateFontW
GdiEntry2
EngWideCharToMultiByte
BRUSHOBJ_pvAllocRbrush
PlayMetaFile
UnloadNetworkFonts
SetWorldTransform
GdiEndDocEMF
GetNearestPaletteIndex
FontIsLinked
CopyMetaFileA
GetTextExtentExPointA
PolyBezierTo
GetLayout
GetFontResourceInfoW
RoundRect
StartDocA

query

?SetFILETIME@CStorageVariant@@QAEXU_FILETIME@@I@Z
?DoIt@CCopyRcovObject@@QAEJXZ
?ResetType@CAllocStorageVariant@@IAEXAAVPMemoryAllocator@@@Z
LocateCatalogsW
?EnumerateFilesInDir@CiStorage@@SGXPBGAAVCEnumString@@@Z
??0CRequestClient@@QAE@PBGPAUIDBProperties@@@Z
CIRestrictionToFullTree
?SetValue@CPropertyRestriction@@QAEXPAU_GUID@@@Z
?Add@CKeyArray@@QAEHHABVCKey@@@Z
?GetCGIVariableW@CWebServer@@QAEHPBGAAV?$XArray@G@@AAK@Z
?IsValid@COccRestriction@@QBEHXZ
CIMakeICommand
?GetI8@CAllocStorageVariant@@QBE?AT_LARGE_INTEGER@@I@Z
?AddSortColumn@CDbSortNode@@QAEHABUtagDBID@@HK@Z
?AddRef@CFwPropertyMapper@@UAGKXZ
?GetBrowserCodepage@@YGKAAVCWebServer@@K@Z
??1COccRestriction@@QAE@XZ
?SetPhrase@CNatLanguageRestriction@@QAEXPBG@Z
??0CAllocStorageVariant@@QAE@PBDAAVPMemoryAllocator@@@Z
?Find@CCombinedPropertyList@@UAEPBVCPropEntry@@PBG@Z
?SetProperty@CDbPropBaseRestriction@@QAEHABUtagDBID@@@Z
??0CPidLookupTable@@QAE@XZ
??0CFwEventItem@@QAE@GKGKPAX@Z
?ValidateScopeRestriction@@YGHPAVCRestriction@@@Z
DllGetClassObject

olecli32

ConnectDlgProc
SetNetName
OleEnumFormats
DibSaveToStream
BmEnumFormat
LeReconnect
OleSaveToStream
OleQueryBounds
LeSetHostNames
DibGetData
DefCreateFromFile
LeQueryType
OleQueryCreateFromClip
DibEqual
ErrQueryOpen
GenClone
OleQueryReleaseError
GenDraw
WEP
OleReconnect
OleDelete
LeExecute
GenSaveToStream
ErrReconnect
GenEnumFormat
PbCreateFromFile
ObjQuerySize
DibClone
PbCreate
OleCreateFromTemplate
LeEqual
ErrQueryOutOfDate
OleCreateInvisible
OleExecute
LeDraw
OleCreateFromFile
OleQueryOutOfDate
OleIsDcMeta
OleSetTargetDevice
GenRelease
OleRequestData
GenQueryBounds
OleQueryLinkFromClip
OleUpdate
OleQueryReleaseStatus

user32

PostQuitMessage
RegisterClassW
DefWindowProcW

Sections

.text
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e867f43e095bf523f54bcc4bfb69cdb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msoert2

msvcrt

msvcrt40

gdi32

query

olecli32

user32

Sections

.text Size: 308KB - Virtual size: 308KB

.rdata Size: 320KB - Virtual size: 320KB

.data Size: 1KB - Virtual size: 1.6MB

.rsrc Size: 240KB - Virtual size: 240KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 308KB - Virtual size: 308KB

.rdata
Size: 320KB - Virtual size: 320KB

.data
Size: 1KB - Virtual size: 1.6MB

.rsrc
Size: 240KB - Virtual size: 240KB

.reloc
Size: 1024B - Virtual size: 1024B