3fc3b94aa447bcbe667b716a352f1249_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3fc3b94aa447bcbe667b716a352f1249_JaffaCakes118
Size

861KB
MD5

3fc3b94aa447bcbe667b716a352f1249
SHA1

a5c87b8d34c4e0595c2b0bbf84a3fd4e01336c87
SHA256

57d12dd087cb3f741d00cd4ac38efee9ec2a9df4c7202bc4b64304d8773bf66d
SHA512

ea706470454efab57f776e93f451ba41758e054b3119911d7897d9c5e5fa9a2820ac92e9a685c3ecf01cd5ba00490706b057a0fafbc361e6ed61a62966103c69
SSDEEP

12288:ixZZftFIjbL0Y85zG/nAehjqrQk+zjhRMbCmCDKWINOwxcrHWY0fZo:uffIjkzG/AehSV+pRhuOucCffZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fc3b94aa447bcbe667b716a352f1249_JaffaCakes118

Files

3fc3b94aa447bcbe667b716a352f1249_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4f3ef8c237f9a2202e6b510a9ccc564d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wsplitpath
_pclose
__set_app_type
_strtoi64
_mbsrev
_ismbbpunct
_ultoa
??0exception@@QAE@ABQBD@Z
_filelengthi64
__getmainargs
exit
puts
_acmdln
_commode
wcsstr
_finite
_findnext64
_seterrormode
fgetc
_fputwchar
__p__commode
is_wctype
_wremove
_stat
_lrotr
_adj_fdivr_m16i
swprintf
_cabs
__unDNameEx
??_Gbad_cast@@UAEPAXI@Z
_strset

oleaut32

VarBstrFromI4
VarOr
VarUI4FromR8
VarUI4FromI1
VarI1FromBool
SafeArrayGetUBound
LoadRegTypeLib
VarUI2FromDec
VariantClear
DosDateTimeToVariantTime
VarUI2FromUI8
SafeArrayAllocData
CreateStdDispatch
VarUI1FromBool
VarI1FromUI1
VarMod
VARIANT_UserFree
VarBstrFromUI4
VarR4FromUI1
SafeArrayLock
VarI4FromDisp
DispCallFunc
VarDiv
VarDateFromUI1
VarCyFromDec
VarAdd
GetErrorInfo
VarDateFromUI4
VarI2FromDate
VariantInit
VarBoolFromR4
VarDecFromI4
LPSAFEARRAY_Marshal
GetRecordInfoFromGuids
VarI4FromI8
VarNeg
OaBuildVersion
VarDecInt
VarCyRound
SafeArrayGetVartype
VarCyFromUI4
VarI4FromDec
VarR8FromBool

ntdll

ZwCreateNamedPipeFile
RtlpNtSetValueKey
RtlSetCriticalSectionSpinCount
NtSystemDebugControl
NtSetSystemTime
CsrCaptureTimeout
NtWriteRequestData
NtQueryAttributesFile
ZwSetIoCompletion
DbgPrintReturnControlC
RtlUnicodeStringToOemString
NtAreMappedFilesTheSame
NtDeleteObjectAuditAlarm
ZwFreeVirtualMemory
isdigit
NtCreateKeyedEvent
NtNotifyChangeMultipleKeys
RtlEnterCriticalSection
NtCreatePort
RtlWalkFrameChain
sin
ZwWaitForSingleObject
ZwQuerySystemEnvironmentValue
isgraph
ZwQuerySymbolicLinkObject
RtlDeleteTimerQueue
NtRestoreKey
RtlUpcaseUnicodeStringToOemString
RtlFreeUnicodeString
NtSetIoCompletion
RtlAnsiStringToUnicodeSize
NtOpenKeyedEvent
NtQueryPerformanceCounter
NtOpenThreadToken
NtCreateSection
ZwQueryKey

sqlunirl

_GetToolsFilePath@16
_RegLoadKey_@12
_GetFullPathName_@16
_CharLowerBuff_@8
_BackupEventLog_@8
_QueryDosDevice_@12
_MoveFile@8
_RegConnectRegistry_@12
_SetClassLong_@12
_GetEnvironmentStrings_@4
_ExtractIconEx_@20
_NDdeIsValidAppTopicList_@4
_GetPrivateProfileSectionNames_@12
_RegQueryValueEx_@24
_CreateColorSpace_@4
_GetCompressedFileSize_@8
_ExtractIcon_@12
_LoadMenu@8
_EnumResourceNames_@16
newMultiByteFromWideCharSize
_CreateIC_@16
_SHGetFileInfo_@20
_CreateDialogParam_@20
_SetFileAttributes_@8
_lstrcmp_@8
_GetModuleFileName@12
_GetTextExtentPoint@16
_CreateFileMapping_@24
_RegReplaceKey_@16
_CreateScalableFontResource_@16
_ExtTextOut@32
_CreateFile@28

msasn1

ASN1objectidentifier2_cmp
ASN1BERDecCharString
ASN1utf8string_free
ASN1CEREncNewBlkElement
ASN1BEREncU32
ASN1_CloseModule
ASN1BERDecFlush
ASN1_CreateEncoder
ASN1CEREncBeginBlk
ASN1CEREncBitString
ASN1BERDecTag
ASN1char16string_free
ASN1BERDecS16Val
ASN1BERDecMultibyteString
ASN1BERDecOpenType
ASN1BERDecEoid
ASN1BEREncSX
ASN1BEREncOctetString
ASN1BEREncObjectIdentifier
ASN1BERDecS32Val
ASN1_CloseEncoder2
ASN1char32string_free
ASN1BERDecU16Val
ASN1CEREncZeroMultibyteString
ASN1charstring_free
ASN1CEREncFlushBlkElement
ASN1BEREncBitString
ASN1CEREncUTCTime
ASN1utctime_cmp
ASN1charstring_cmp
ASN1ztchar16string_cmp
ASN1BERDecU32Val
ASN1objectidentifier_free
ASN1BERDecChar32String
ASN1_GetEncoderOption
ASN1_CloseEncoder
ASN1BEREncS32
ASN1BERDecUTCTime
ASN1BERDotVal2Eoid
ASN1DecAlloc
ASN1BERDecEndOfContents
ASN1BERDecLength

kernel32

GetConsoleCommandHistoryLengthA
LoadLibraryExA
GetSystemDefaultUILanguage
ReadConsoleOutputW
LoadLibraryA
FindFirstVolumeMountPointA
VirtualQuery
SetConsoleInputExeNameW
EnumUILanguagesA
WideCharToMultiByte
GetConsoleCursorMode
GetConsoleSelectionInfo
FindFirstChangeNotificationW
VirtualAlloc
VerifyVersionInfoA
GetPriorityClass
GetConsoleKeyboardLayoutNameA
GetCompressedFileSizeW
CommConfigDialogW
SetConsoleFont
UpdateResourceA
GetCommState
GetSystemTimeAsFileTime
GetQueuedCompletionStatus
GetConsoleTitleW
BaseCheckAppcompatCache
lstrcat
GetAtomNameW
GetDiskFreeSpaceW
GetComputerNameExA
GetConsoleScreenBufferInfo
GetConsoleAliasExesLengthW
GetOverlappedResult
SetConsoleNumberOfCommandsA

user32

CreateDesktopW
SetMenu
CascadeChildWindows
SetShellWindowEx
CreateWindowExW
MapVirtualKeyExW
GetClipboardFormatNameW
GetScrollBarInfo
GetWindowDC
MessageBoxW
RegisterClassExA
GrayStringW
GetWindowTextLengthW
EndTask
DefWindowProcW
ShowWindowAsync
LoadStringA
GetKeyNameTextW
CallMsgFilterW
GetWindowThreadProcessId
SendNotifyMessageA
GetClassLongA
GetDlgItemTextA
EnumChildWindows
CreateWindowStationA
CopyRect
wvsprintfW
OffsetRect
SetSystemMenu
PostQuitMessage
GetAltTabInfoA
GetMonitorInfoA
GetTabbedTextExtentA
DdeDisconnect
RegisterClassW
LoadMenuA
GetTabbedTextExtentW

Sections

.text
Size: 374KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f3ef8c237f9a2202e6b510a9ccc564d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

oleaut32

ntdll

sqlunirl

msasn1

kernel32

user32

Sections

.text Size: 374KB - Virtual size: 374KB

.rdata Size: 344KB - Virtual size: 344KB

.data Size: 140KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 374KB - Virtual size: 374KB

.rdata
Size: 344KB - Virtual size: 344KB

.data
Size: 140KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B