2fe3e9154485c452eef6676814a73f39_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2fe3e9154485c452eef6676814a73f39_JaffaCakes118
Size

58KB
MD5

2fe3e9154485c452eef6676814a73f39
SHA1

3405318f6a675a250128cc36e18d5551511b22bf
SHA256

fe591a0928e005dd95042935475b40d27aea0d914864665a286716782ab8ee8e
SHA512

74d81cae3689db5b5fd157251305894600366959d7cd334317bdaae0f4f9135d0523c185434ab7ae230afc80b33dfd526a2c064bbe4baa8022103c59dea77a73
SSDEEP

1536:xzMdmMtVwMT1DjkTgA/cPF7cmBbzUHBZF7StCdY:xzUmMtVfT1DjkTgn7nso/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fe3e9154485c452eef6676814a73f39_JaffaCakes118

Files

2fe3e9154485c452eef6676814a73f39_JaffaCakes118
.exe windows:5 windows x86 arch:x86

585ac1852e3cbefa745c31e3c0234d5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupGetSourceFileSizeW
SetupCreateDiskSpaceListA
SetupGetTargetPathW
pSetupStringTableInitializeEx
SetupDiGetClassDescriptionA
SetupDiCreateDeviceInterfaceRegKeyA
CM_Disconnect_Machine
CM_Set_HW_Prof_FlagsA
CM_Get_Class_Registry_PropertyW
SetupDiCreateDeviceInfoW
InstallHinfSectionW
SetupDefaultQueueCallbackW
SetupGetInfFileListW
SetupDiGetDeviceInterfaceDetailA
SetupInstallFileExA
CM_Setup_DevNode
SetupSetNonInteractiveMode
SetupDiGetDriverInfoDetailW
SetupDiGetHwProfileFriendlyNameA
SetupQueueCopySectionW
SetupDiGetDriverInstallParamsW
SetupDiGetClassDevsA
CM_Get_Class_Key_Name_ExA

msvcp60

??0logic_error@std@@QAE@ABV01@@Z
??4?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
?quiet_NaN@?$numeric_limits@M@std@@SAMXZ
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAF@Z
??0locale@std@@QAE@W4_Uninitialized@1@@Z
_LNan
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??_7?$messages@D@std@@6B@
?denorm_min@?$numeric_limits@F@std@@SAFXZ
??Dstd@@YA?AV?$complex@M@0@ABV10@0@Z
?_Tidy@strstreambuf@std@@IAEXXZ
?quiet_NaN@?$numeric_limits@F@std@@SAFXZ
??Z?$_Complex_base@N@std@@QAEAAV01@ABN@Z
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??4?$_Ctr@N@std@@QAEAAV01@ABV01@@Z
?transform@?$collate@G@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@PBG0@Z
?polar@std@@YA?AV?$complex@N@1@ABN0@Z
??_D?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?stossc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ

user32

EndDialog
MessageBoxW

ntdll

ZwDeleteValueKey
RtlAddAttributeActionToRXact
ZwRenameKey
NtQueryInformationJobObject
RtlLengthSid
RtlQueryRegistryValues
RtlApplyRXact
RtlInitString
NtCreateMutant
RtlGetNtVersionNumbers
ZwSetSecurityObject
strstr
RtlAppendPathElement
ZwDeleteObjectAuditAlarm
ZwAcceptConnectPort
sqrt
ZwCancelTimer
RtlCreateAtomTable
_aulldiv
RtlDeleteTimerQueueEx
RtlLargeIntegerShiftRight
NtCompactKeys

kernel32

WaitForDebugEvent
HeapCreate
CreateWaitableTimerW
VirtualAlloc
VirtualAllocEx
GetProfileIntA
GetExpandedNameW
GetConsoleInputExeNameA
LZClose
InitializeSListHead
CreateDirectoryExW
Thread32First
IsProcessorFeaturePresent
ClearCommBreak
MultiByteToWideChar
GetModuleFileNameA
SetConsoleMode
LZOpenFileW
DebugActiveProcess
FormatMessageA
GetConsoleDisplayMode
RtlCaptureContext
UTRegister
LoadLibraryA
GetMailslotInfo
FileTimeToSystemTime
FillConsoleOutputCharacterW

msvcrt

iswalnum
_wfindnext64
??0bad_cast@@QAE@PBD@Z
_filelengthi64
_ismbcupper
_wspawnv
_wexeclpe
_rotl
system
iswdigit
?_query_new_handler@@YAP6AHI@ZXZ
_wspawnvpe
fflush
_wrmdir
??0bad_cast@@AAE@PBQBD@Z
_stati64
?unexpected@@YAXXZ
_ismbblead
calloc
_assert

msvcrt20

??4ostream_withassign@@QAEAAVostream@@PAVstreambuf@@@Z
?clear@ios@@QAEXH@Z
_popen
?sunk_with_stdio@ios@@0HA
_filbuf
?fill@ios@@QBEDXZ
?pptr@streambuf@@IBEPADXZ
putwc
_mbsnicoll
_tzname
_onexit
_filelength
?endl@@YAAAVostream@@AAV1@@Z
?rdbuf@ios@@QBEPAVstreambuf@@XZ
wcslen
strstr
__p___argc
?precision@ios@@QAEHH@Z
_strlwr
_ecvt
?overflow@filebuf@@UAEHH@Z
??_7istrstream@@6B@
signal
wprintf
?sync@strstreambuf@@UAEHXZ
?unbuffered@streambuf@@IBEHXZ
?hex@@YAAAVios@@AAV1@@Z

shell32

SHGetMalloc

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

585ac1852e3cbefa745c31e3c0234d5c

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

msvcp60

user32

ntdll

kernel32

msvcrt

msvcrt20

shell32

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 19KB - Virtual size: 58KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 268B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 19KB - Virtual size: 58KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 268B