334d746117b3b3e32d5151feee860813_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

334d746117b3b3e32d5151feee860813_JaffaCakes118
Size

84KB
MD5

334d746117b3b3e32d5151feee860813
SHA1

65e4e999f4ee083e619bf3c499d0fe1323746601
SHA256

ba1ed2aa1176422bc7dfe61245f352f88481791664e2088411a5f3198fbf0d49
SHA512

f20fcb1ecbde5e7c3ba0dd25692651c2c85c3517e8dd539d252549f5070cfcb86e4764bd7e5d54401dd5554b07dd06d07bbe6dccb6f8ca7200ad20bb04743b93
SSDEEP

1536:by+a6Cimj75QKAc2zQnVJLyGA4O8RdnkDBiUIr3sKhlSc6SaNd+zF4chdiFiSQLQ:mB7WKAVQVUw/RdkDBiUIr3DlXa3wdLwV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
334d746117b3b3e32d5151feee860813_JaffaCakes118

Files

334d746117b3b3e32d5151feee860813_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2df5a4a068df626511a905ca1f206c50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
VirtualAlloc
GetVersionExA
LZCreateFileW
GetExitCodeProcess
GetStartupInfoA
GetCurrentProcessId
LoadLibraryA
PostQueuedCompletionStatus
GetTickCount
HeapCreate
GetSystemTimeAsFileTime
LocalReAlloc
GetCurrentThreadId
SetCommMask
QueryPerformanceCounter
GlobalLock
FindNextVolumeA
EndUpdateResourceA
HeapAlloc
SetThreadPriority
GetLastError

imagehlp

SymGetSymFromAddr
SymGetSymPrev64
FindExecutableImageEx
SymGetSymNext
SymEnumerateSymbolsW
SymGetLineNext
SymSetContext
UpdateDebugInfoFile
MapFileAndCheckSumW
SymLoadModule
RemoveRelocations
UnmapDebugInformation
ImagehlpApiVersionEx
SymFromAddr
CheckSumMappedFile
SymGetLineFromAddr
SymGetLineNext64
SymRegisterCallback64
SymSetSearchPath

ntdll

swprintf
LdrSetDllManifestProber
ZwQueryInstallUILanguage
RtlCreateSystemVolumeInformationFolder
NtCreateProcessEx
strstr
RtlIntegerToUnicodeString
CsrClientConnectToServer
ZwAlertThread
NtOpenSection
ZwReadFileScatter
ZwQueryTimer
RtlReAllocateHeap
NtImpersonateThread
ZwCreatePagingFile
NtQuerySystemInformation
ZwCompareTokens
wcschr

msi

MsiGetFeatureUsageW
MsiGetActiveDatabase
MsiProvideAssemblyW
MsiEnumPatchesW
MsiGetComponentStateW
MsiInvalidateFeatureCache
MsiAdvertiseProductW
MsiDoActionW
MsiGetFeatureUsageA
MsiGetMode
MsiRecordSetStringW
MsiViewGetErrorA
MsiReinstallFeatureFromDescriptorW
MsiRecordGetStringA
MsiEnumProductsA
MsiVerifyDiskSpace
MsiGetFileVersionW
MsiDecomposeDescriptorA
MsiProcessMessage
MsiSetFeatureAttributesW
MsiGetProductCodeFromPackageCodeW
MsiDatabaseApplyTransformA
MsiCreateAndVerifyInstallerDirectory
MsiSetFeatureStateW
MsiConfigureFeatureFromDescriptorW

msvcirt

?underflow@stdiobuf@@UAEHXZ
?setbuf@filebuf@@UAEPAVstreambuf@@PADH@Z
?endl@@YAAAVostream@@AAV1@@Z
?writepad@ostream@@AAEAAV1@PBD0@Z
?sync@filebuf@@UAEHXZ
??_Eostrstream@@UAEPAXI@Z
?getline@istream@@QAEAAV1@PADHD@Z
?sync_with_stdio@ios@@SAXXZ
??_7ostream@@6B@
?unlockbuf@ios@@QAAXXZ
?flush@ostream@@QAEAAV1@XZ
??5istream@@QAEAAV0@AAE@Z
??0ifstream@@QAE@HPADH@Z
?ws@@YAAAVistream@@AAV1@@Z
?setbuf@fstream@@QAEPAVstreambuf@@PADH@Z

usp10

ScriptCPtoX
ScriptLayout
ScriptGetLogicalWidths
ScriptApplyLogicalWidth
UspAllocCache
ScriptXtoCP
ScriptStringValidate
ScriptStringOut
ScriptPlace
UspAllocTemp
ScriptShape
ScriptStringCPtoX

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2df5a4a068df626511a905ca1f206c50

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

imagehlp

ntdll

msi

msvcirt

usp10

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 19KB - Virtual size: 22KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 280B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 19KB - Virtual size: 22KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 280B