36e9e69d6bd5b3ab4b3dcb4259971b39_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

36e9e69d6bd5b3ab4b3dcb4259971b39_JaffaCakes118
Size

387KB
MD5

36e9e69d6bd5b3ab4b3dcb4259971b39
SHA1

d52372a966f45c89ee58053ac24fd7c024f903e6
SHA256

f20fbff98c8aec4b9f41029e0937d92d002fff17ae17d43ac25c388d6cd4d52f
SHA512

d5a235c500ed2fb004ba256263949d3d126f242ac4c0610a727c40ad3df4b207433bdc3c6b60e563209c8b33079dc19427cfc8622c4e544fec13a6ef59139e6e
SSDEEP

6144:YeYUQClY2WvPB2mdCZqMSLwZeieNQWxXcMer6GdV2I/fmQboNQB5GwOilDthX8T+:9xJWR1CZEDtCWO9NdBqI5Jlq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36e9e69d6bd5b3ab4b3dcb4259971b39_JaffaCakes118

Files

36e9e69d6bd5b3ab4b3dcb4259971b39_JaffaCakes118
.exe windows:5 windows x86 arch:x86

987a4bd734f7bbbbf336938fcd50ef4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

glGetMapiv
glRasterPos3iv
glNormal3sv
glTexCoord1sv
glIndexfv
wglSetPixelFormat
glVertex2s
glGetLightfv
glTexCoord2s
glTexParameterfv
glViewport
glFinish
glPassThrough
glColor3s
glDisable
glRasterPos3dv
glColor3i
glLoadMatrixf
glRectiv
glVertex3d
wglSwapLayerBuffers
glGetString
glPointSize
glIsList
glCallLists
wglUseFontBitmapsW
glCopyTexSubImage2D
glPopName
glPopMatrix
glDepthFunc
glCopyPixels
glEvalPoint2
glTexGendv
glCopyTexImage2D
glVertex2f
glPixelStorei
glTexCoord4d
glIsTexture
wglGetProcAddress
glColor4us
glRasterPos2s

iphlpapi

_PfAddFiltersToInterface@24
IcmpCloseHandle
_PfBindInterfaceToIPAddress@12
InternalGetIpAddrTable
InternalGetTcpTable
_PfMakeLog@4
DisableMediaSense
DeleteIpForwardEntry
InternalGetUdpTable
InternalDeleteIpForwardEntry
GetAdaptersInfo
GetUdpStatistics
_PfRemoveGlobalFilterFromInterface@8
SetAdapterIpAddress
UnenableRouter
GetUniDirectionalAdapterInfo
IcmpSendEcho
SetIpStatistics
SetTcpEntry
GetAdapterIndex
InternalSetIpForwardEntry
GetIpAddrTable
EnableRouter
NhpAllocateAndGetInterfaceInfoFromStack
GetTcpStatisticsEx
DeleteIpNetEntry
GetIpStatisticsEx
GetUdpStatisticsEx
CreateIpNetEntry
InternalSetIpStats
AllocateAndGetIpAddrTableFromStack
GetIcmpStatistics
InternalGetIpForwardTable
NotifyAddrChange
IpReleaseAddress
IcmpSendEcho2
IpRenewAddress
GetFriendlyIfIndex

ntprint

PSetupInstallICMProfiles
PSetupInstallInboxDriverSilently
PSetupDriverInfoFromName
PSetupEnumMonitor
PSetupGetPathToSearch
PSetupInstallPrinterDriver
PSetupGetSelectedDriverInfo
PSetupDestroyDriverInfo3
PSetupCreatePrinterDeviceInfoList
PSetupShowBlockedDriverUI
PSetupInstallMonitor
PSetupAssociateICMProfiles
PSetupSelectDeviceButtons
ServerInstallW
PSetupSetSelectDevTitleAndInstructions
PSetupFreeMem
PSetupCreateDrvSetupPage
PSetupIsDriverInstalled
ClassInstall32
PSetupDestroySelectedDriverInfo
PSetupSelectDriver
PSetupIsCompatibleDriver
PSetupPreSelectDriver
PSetupDestroyMonitorInfo
PSetupGetDriverInfo3
PSetupIsTheDriverFoundInInfInstalled
PSetupBuildDriversFromPath
PSetupGetLocalDataField

msvcrt40

fwrite
isalnum
?clog@@3Vostream_withassign@@A
?ws@@YAAAVistream@@AAV1@@Z
_wutime
isalpha
?lockptr@ios@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
_wcreat
??0streambuf@@IAE@PADH@Z
_local_unwind2
??0ostrstream@@QAE@XZ
vfwprintf
_wtol
cosh
??4ofstream@@QAEAAV0@ABV0@@Z
??5istream@@QAEAAV0@AAD@Z
fclose
??0Iostream_init@@QAE@XZ
iswspace
??_8istrstream@@7B@
?raw_name@type_info@@QBEPBDXZ
??_Gbad_typeid@@UAEPAXI@Z
fgetc
ungetwc
?get@istream@@IAEAAV1@PADHH@Z
__wargv
??_7fstream@@6B@
__threadhandle
?close@fstream@@QAEXXZ
wcsncpy

kernel32

GlobalReAlloc
RemoveDirectoryA
GetModuleHandleExA
LoadLibraryExW
VerSetConditionMask
FindResourceExA
ResetEvent
GetComputerNameExA
TlsFree
SetLastError
IsBadReadPtr
ChangeTimerQueueTimer
GetSystemDirectoryW
WriteConsoleOutputA
EnumSystemLanguageGroupsW
CreateFileMappingW
InitializeCriticalSection
SetCurrentDirectoryW
GetEnvironmentVariableA
EnumerateLocalComputerNamesA
GetCalendarInfoA
LocalReAlloc
UnmapViewOfFile
CreateHardLinkW
ActivateActCtx
SetThreadContext
PrivMoveFileIdentityW
WriteProcessMemory
CallNamedPipeA
GetThreadPriority
EnumResourceTypesA
IsValidCodePage
GetNumberFormatA
GlobalFindAtomA
InterlockedDecrement
lstrcmpi
LoadLibraryA
Module32Next
SetComputerNameW
CreateJobSet
ConvertThreadToFiber
GetNativeSystemInfo
GetStartupInfoA
DnsHostnameToComputerNameW
VirtualAlloc
GetSystemWow64DirectoryA
GetProcessPriorityBoost
SetTermsrvAppInstallMode

psapi

GetDeviceDriverFileNameW
InitializeProcessForWsWatch
GetModuleFileNameExW
QueryWorkingSet
GetMappedFileNameA
GetProcessImageFileNameW
GetMappedFileNameW
EnumPageFilesA
EnumProcesses
EnumDeviceDrivers
GetModuleInformation
GetProcessImageFileNameA
EnumPageFilesW
GetPerformanceInfo
EmptyWorkingSet
GetProcessMemoryInfo
GetDeviceDriverBaseNameA
GetWsChanges
GetModuleFileNameExA
GetDeviceDriverBaseNameW
GetModuleBaseNameA
GetDeviceDriverFileNameA
EnumProcessModules
GetModuleBaseNameW

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 469KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

987a4bd734f7bbbbf336938fcd50ef4c

Headers

DLL Characteristics

File Characteristics

Imports

opengl32

iphlpapi

ntprint

msvcrt40

kernel32

psapi

Sections

.text Size: 104KB - Virtual size: 104KB

.rdata Size: 237KB - Virtual size: 237KB

.data Size: 26KB - Virtual size: 469KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 104KB - Virtual size: 104KB

.rdata
Size: 237KB - Virtual size: 237KB

.data
Size: 26KB - Virtual size: 469KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 1024B - Virtual size: 1024B