30ab93daf020bdd3a3af894540247fef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30ab93daf020bdd3a3af894540247fef_JaffaCakes118
Size

864KB
MD5

30ab93daf020bdd3a3af894540247fef
SHA1

07a78019f69e9de24812d2be656a8920ba5577ea
SHA256

cfbda3c645eda8ce5e209b64f0e70bf9cc09db2b19e4d44dfbf81658f9caf80e
SHA512

8f86a3d4bd0dde957846534dac93f6a624607de11803a875a45d494d41ffb7d6b690d9c2f1de4d27f706ada657b3b20c19e08f7cb6e8656dfa9c2e5821e05734
SSDEEP

12288:sUqjjBk+Cc7yqdb4vlYG01LOjeZldJEBJa1DLiws2e4DQxV5emmdCrPc0dGvux:tgjBkLceqFGOOE7E61Hiws3cCgH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30ab93daf020bdd3a3af894540247fef_JaffaCakes118

Files

30ab93daf020bdd3a3af894540247fef_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b0a5129af6dd14c3aba129d26741a032

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
InterlockedIncrement
GlobalFindAtomW
GetStartupInfoW
ShowConsoleCursor
lstrcatW
SetHandleContext
SetProcessShutdownParameters
GetConsoleAliasExesW
MapUserPhysicalPages
GetDriveTypeW
VirtualAlloc
FindNextFileA
InitializeCriticalSectionAndSpinCount
RemoveDirectoryA
GetDateFormatA
RegisterWowExec
SetCommConfig
GetDevicePowerState
LoadLibraryA
GetSystemWindowsDirectoryW
GetShortPathNameA
GlobalHandle
SetStdHandle
AddAtomA
GetComputerNameA
GetTempFileNameA
VirtualQuery
GetSystemDirectoryW
ScrollConsoleScreenBufferA
CreateMutexW
SetCalendarInfoA
OutputDebugStringA
CompareStringA
lstrlenA
GetThreadSelectorEntry
GetModuleHandleW
GetDiskFreeSpaceW

imagehlp

ImageGetCertificateData
BindImageEx
SymCleanup
ReBaseImage64
SymGetSymFromName64
SymGetLineFromAddr64
SymGetSymFromAddr
SymGetModuleInfo64
SymLoadModule
SymGetSearchPath
FindExecutableImageEx
ImageUnload
FindDebugInfoFile
SymFromName
MapAndLoad
SymFunctionTableAccess
SymMatchString
SymUnDName
ImagehlpApiVersionEx
SymInitialize
UpdateDebugInfoFile
SymEnumSymbols
RemovePrivateCvSymbolicEx
SymGetLineFromName
SymGetLineNext
GetImageConfigInformation
UnmapDebugInformation
SetImageConfigInformation
SymEnumerateSymbolsW64
SymGetLineFromName64
FindFileInSearchPath
SymRegisterFunctionEntryCallback
SymSetOptions
SymUnloadModule
SymMatchFileName
SymGetModuleInfoW64
RemovePrivateCvSymbolic
SymEnumerateSymbols
SymEnumerateModules64
TouchFileTimes
SymGetLineFromAddr
MapFileAndCheckSumA
SymGetModuleInfo
ImageRvaToSection
SymGetSymPrev64

msoert2

StrToUintW
FIsHTMLFileW
PszFromANSIStreamA
CreateTempFileStream
CleanupFileNameInPlaceW
CreateTempFile
HrIStreamToBSTR
HrIndexOfWeek
HrGetStyleSheet
CchFileTimeToDateTimeSz
ReplaceCharsW
MessageBoxInstW
HrIStreamWToBSTR
FIsHTMLFile
HrCopyStreamToByte
CreateStreamOnHFile
HrCopyStreamCB
CleanupGlobalTempFiles
FIsSpaceA
ChConvertFromHex
FIsEmptyW
IsValidFileIfFileUrlW
RicheditStreamOut
HrBSTRToLPSZ
HrLPSZToBSTR
HrIsStreamUnicode
HrStreamToByte
CreateStreamOnHFileW
PszToUnicode
HrCreatePhonebookEntry
HrSafeGetStreamSize
IVoidPtrList_CreateInstance
OpenFileStreamWithFlagsW
IsDigit
HrStreamSeekBegin
OpenFileStreamShare
GetExePath
PszSkipWhiteA
CenterDialog
PszSkipWhiteW

shdocvw

HlinkFindFrame
AddUrlToFavorites
DoOrganizeFavDlg
HlinkFrameNavigateNHL
DllGetVersion
DoFileDownload
DllGetClassObject
ImportPrivacySettings
SoftwareUpdateMessageBox
SHAddSubscribeFavorite
SHGetIDispatchForFolder
DoPrivacyDlg
DoAddToFavDlg
SetQueryNetSessionCount
DllRegisterWindowClasses
DoAddToFavDlgW
URLQualifyW
OpenURL
HlinkFrameNavigate
DoOrganizeFavDlgW
URLQualifyA

msvcrt40

_fputchar
_outpd
??0streambuf@@QAE@ABV0@@Z
??6ostream@@QAEAAV0@K@Z
?pbackfail@streambuf@@UAEHH@Z
memmove
?flush@@YAAAVostream@@AAV1@@Z
_filbuf
__p__wenviron
atol
??_Eistrstream@@UAEPAXI@Z
?eof@ios@@QBEHXZ
_mbsnccnt
??_7ios@@6B@
??0bad_cast@@QAE@ABQBD@Z
_mbccpy
_wstrdate
_setmbcp
_strupr
_spawnlp
??0fstream@@QAE@XZ
_wgetdcwd
??5istream@@QAEAAV0@PAE@Z
??0stdiostream@@QAE@ABV0@@Z
??4streambuf@@QAEAAV0@ABV0@@Z
fsetpos
??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z
_getmbcp
??1ofstream@@UAE@XZ
_mbsstr
mktime
getenv

sqlwoa

_MessageBox@16
newWideCharFromMultiByte
newMultiByteFromWideCharEx
_MoveFile@8
_GetClassInfo@12
_SendMessage@16
_GetTextMetrics@8
AllocConvertMultiSZNameToA
_GetFileTitle@12
_LoadBitmap@8
_SetWindowText@8
_CommDlg_OpenSave_GetFilePath@12
_GetTextExtentPoint@16
_DeleteFile@4
_TranslateAccelerator@12
_FreeEnvironmentStrings@4
_SetProp@12
_SetDlgItemText@12
_WinHelp@16
_SendDlgItemMessage@20
newMultiByteFromWideCharSize
ConvertMultiSZNameToW
_PostMessage@16
_CommDlg_OpenSave_GetFolderPath@12
_CharUpper@4
_GetDiskFreeSpaceEx@16
_CharLower@4
_RemoveProp@8
_FindResource@12
_GetUserName@8
_SetWindowLong@12

msdmo

DMOGuidToStrW
MoFreeMediaType
MoCopyMediaType
DMOStrToGuidA
DMOStrToGuidW
DMORegister
DMOGuidToStrA
DMOGetName
DMOUnregister
MoDuplicateMediaType
DMOEnum
MoCreateMediaType
MoInitMediaType
DMOGetTypes
MoDeleteMediaType

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 388KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0a5129af6dd14c3aba129d26741a032

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

imagehlp

msoert2

shdocvw

msvcrt40

sqlwoa

msdmo

Sections

.text Size: 178KB - Virtual size: 178KB

.rdata Size: 294KB - Virtual size: 294KB

.data Size: 388KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 178KB - Virtual size: 178KB

.rdata
Size: 294KB - Virtual size: 294KB

.data
Size: 388KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B