412522bc3005e8a029375874fd5cc853_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

412522bc3005e8a029375874fd5cc853_JaffaCakes118
Size

871KB
MD5

412522bc3005e8a029375874fd5cc853
SHA1

6f9b8c70afd32dcf7d68e432ac38cf6e4164daa9
SHA256

7f52bcea1770233f3781fa96b7261d0447c4e3c1d8b91f31f1e6418a41bb5feb
SHA512

631e2d546e227631621a0d2bf42458f907bf4e5185a46d67736f1926f6919ea445213c4316e73667ef0529e7795900ee47fd63c9db76a81494652ade9b60ee6a
SSDEEP

12288:YGO4JkY3yRCZibaNppsd0O+wfZx5QI5sFFl7kKBer3DNNIMyWHq7fEonqNdUOipx:THGagaVOtf6I5cu7tY7fhnGcuEmV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
412522bc3005e8a029375874fd5cc853_JaffaCakes118

Files

412522bc3005e8a029375874fd5cc853_JaffaCakes118
.exe windows:5 windows x86 arch:x86

961498b86ed95e3d00bea38f371305c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

_strlwr
wctomb
_isatty
_mbslwr
_fcloseall
_mbctype
_osversion_dll
_fputchar
strtod
_lfind
_msize
strspn
_searchenv
_read
rewind
feof
_amsg_exit
_fileinfo_dll
swprintf
_flsbuf
iswcntrl
_lsearch
wcscmp
_ismbbalnum
_ismbbkalnum
_jn
_wcsdup
tanh
_ismbcl2

msdart

?IsWin2k@CMdVersionInfo@@SAHXZ
?_Clear@CLKRLinearHashTable@@AAEX_N@Z
?RemoveHead@CDoubleList@@QAEQAVCListEntry@@XZ
?_LockSpin@CSpinLock@@AAEXXZ
?TryReadLock@CReaderWriterLock@@QAE_NXZ
??0CFakeLock@@QAE@XZ
?DeleteKey@CLKRLinearHashTable@@QAE?AW4LK_RETCODE@@K@Z
?IsUnlocked@CLockedDoubleList@@QBE_NXZ
?IsLocked@CLockedSingleList@@QBE_NXZ
?sm_pfnTryEnterCriticalSection@CCriticalSection@@0P6GHPAU_RTL_CRITICAL_SECTION@@@ZA
?DeleteIf@CLKRLinearHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1@Z
?TryWriteLock@CSpinLock@@QAE_NXZ
?IsReadLocked@CLKRLinearHashTable@@QBE_NXZ
?WriteUnlock@CFakeLock@@QAEXXZ
?IsReadLocked@CLKRHashTable@@QBE_NXZ
FXMemAttach
??0CDoubleList@@QAE@XZ
??0CReaderWriterLock2@@QAE@XZ
?IsReadLocked@CReaderWriterLock2@@QBE_NXZ
?WriteLock@CReaderWriterLock3@@QAEXXZ
?ConvertExclusiveToShared@CReaderWriterLock@@QAEXXZ
?SetSpinCount@CFakeLock@@QAE_NG@Z
mpRealloc
?TryWriteLock@CReaderWriterLock3@@QAE_NXZ
?sm_dblDfltSpinAdjFctr@CFakeLock@@1NA
?ConvertSharedToExclusive@CSpinLock@@QAEXXZ
?ReadLock@CReaderWriterLock3@@QAEXXZ
?IsReadUnlocked@CSpinLock@@QBE_NXZ
?_Unlock@CSpinLock@@AAEXXZ
?First@CDoubleList@@QBEQAVCListEntry@@XZ
??4CFakeLock@@QAEAAV0@ABV0@@Z
?ReadUnlock@CReaderWriterLock2@@QAEXXZ
?ConvertSharedToExclusive@CFakeLock@@QAEXXZ
?WriteLock@CSpinLock@@QAEXXZ
?WriteUnlock@CReaderWriterLock2@@QAEXXZ
?IsWriteUnlocked@CCritSec@@QBE_NXZ
?ConvertExclusiveToShared@CLKRLinearHashTable@@QBEXXZ
?ReadOrWriteLock@CCritSec@@QAE_NXZ
??4CSpinLock@@QAEAAV0@ABV0@@Z

t2embed

TTIsEmbeddingEnabled
TTGetEmbeddedFontInfo
TTGetEmbeddingType
_TTRunValidationTests@8
TTRunValidationTests
_TTIsEmbeddingEnabledForFacename@8
TTEmbedFont
TTDeleteEmbeddedFont
TTEnableEmbeddingForFacename
_TTLoadEmbeddedFont@40
_TTCharToUnicode@24
_TTEnableEmbeddingForFacename@8
TTEmbedFontFromFileA
TTRunValidationTestsEx
TTLoadEmbeddedFont
_TTIsEmbeddingEnabled@8
_TTEmbedFontFromFileA@52
TTEmbedFontEx
_TTDeleteEmbeddedFont@12
_TTGetEmbeddedFontInfo@28
_TTEmbedFont@44
TTCharToUnicode
TTGetNewFontName
TTIsEmbeddingEnabledForFacename
_TTGetEmbeddingType@8

cfgmgr32

CM_Set_HW_Prof
CM_Get_Res_Des_Data_Ex
CM_Query_And_Remove_SubTree_ExA
CM_Locate_DevNode_ExA
CM_Query_And_Remove_SubTree_ExW
CM_Modify_Res_Des
CM_Create_DevNode_ExA
CM_Free_Log_Conf_Ex
CM_Next_Range
CM_Add_Range
CM_Delete_Class_Key
CM_Open_Class_KeyW
CM_Free_Res_Des_Handle
CM_Register_Device_InterfaceA
CM_Enumerate_Classes_Ex
CM_Get_Device_Interface_ListA
CM_Delete_Class_Key_Ex
CM_Remove_SubTree_Ex
CM_Add_Res_Des
CM_Query_Arbitrator_Free_Size_Ex
CM_Run_Detection
CM_Open_Class_Key_ExA
CM_Request_Eject_PC_Ex
CM_Setup_DevNode_Ex
CM_Delete_Range
CMP_WaitServicesAvailable
CM_Get_Hardware_Profile_Info_ExA
CM_Test_Range_Available
CM_Query_Arbitrator_Free_Size
CM_Enumerate_Enumerators_ExA
CM_Get_Device_ID_List_Size_ExW
CM_Dup_Range_List
CM_Get_Device_ID_ListA
CM_Free_Res_Des_Ex
CM_Get_Global_State
CM_Set_DevNode_Registry_Property_ExW
CMP_Init_Detection
CM_Add_ID_ExA
CM_Get_Device_Interface_Alias_ExA
CM_Get_Device_ID_List_Size_ExA
CM_Register_Device_Driver
CM_Query_Arbitrator_Free_Data_Ex

kernel32

GetPriorityClass
VirtualAlloc
CreateHardLinkW
GetComputerNameExA
FreeUserPhysicalPages
LocalFlags
SetCommMask
QueryPerformanceFrequency
GetProcessTimes
SetComPlusPackageInstallStatus
GetCommTimeouts
VirtualProtectEx
GetNamedPipeInfo
WriteProfileSectionW
GetCurrentThread
GetSystemDefaultUILanguage
FindActCtxSectionStringA
CreateFileW
CreateIoCompletionPort
Toolhelp32ReadProcessMemory
GetProfileStringW
GlobalUnlock
VirtualLock
GetDateFormatW
WritePrivateProfileStructA
GetEnvironmentStringsW
GetCommandLineA
LoadLibraryA
lstrcpynW
OpenSemaphoreA
GetTapePosition
GetLogicalDriveStringsW
LocalAlloc
QueueUserWorkItem
AddConsoleAliasA
VerLanguageNameA
EnumDateFormatsExA
DebugBreak
QueryPerformanceCounter
FindNextVolumeA
GetThreadPriorityBoost
ConvertDefaultLocale
GetProcessVersion

msvcrt

_j1
??3@YAXPAX@Z
wcscmp
iswprint
_wtoi64
_execl
__p___argv
__p__winminor
strcspn
_fmode
_ismbbtrail
??0bad_cast@@AAE@PBQBD@Z
strlen
__mb_cur_max
_wperror
_ismbcpunct
_wstati64
_localtime64
wcsrchr
fflush
_CxxThrowException
??0__non_rtti_object@@QAE@ABV0@@Z
_ui64tow
_wsearchenv
_safe_fdivr
mblen
_mbsnicmp
_wmakepath
_mbsdec
__winitenv
_ltow
_lseeki64
_statusfp
_exit
iscntrl
getc
_fcloseall
__badioinfo
fopen
_ismbchira
__unDName
_fstati64
wcscat
modf
atof

avifil32

AVIFileCreateStreamA
AVIFileOpenA
AVIFileWriteData
EditStreamSetInfoW
AVIStreamFindSample
AVIFileExit
AVIStreamInfoA
AVIStreamStart
AVISaveV
AVIFileInfoA
AVIStreamOpenFromFile
AVIMakeCompressedStream
IID_IAVIFile
AVISaveOptionsFree
AVISaveVA
AVIStreamGetFrameClose
EditStreamCopy
EditStreamSetName
AVIStreamOpenFromFileA
AVIMakeStreamFromClipboard
AVIFileRelease
AVIStreamSetFormat
AVIStreamWrite
EditStreamSetNameW
AVIStreamInfoW
AVIStreamLength
AVIStreamBeginStreaming
AVIFileEndRecord
AVIStreamAddRef
AVIStreamOpenFromFileW
AVIFileAddRef
AVISaveVW
AVIStreamReadFormat
EditStreamPaste
AVISaveW
AVIFileReadData
EditStreamCut
AVISave
AVIFileInit
AVIFileInfoW
AVIBuildFilterW

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

961498b86ed95e3d00bea38f371305c6

Headers

DLL Characteristics

File Characteristics

Imports

crtdll

msdart

t2embed

cfgmgr32

kernel32

msvcrt

avifil32

Sections

.text Size: 349KB - Virtual size: 349KB

.rdata Size: 304KB - Virtual size: 304KB

.data Size: 1KB - Virtual size: 1.6MB

.rsrc Size: 215KB - Virtual size: 215KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 349KB - Virtual size: 349KB

.rdata
Size: 304KB - Virtual size: 304KB

.data
Size: 1KB - Virtual size: 1.6MB

.rsrc
Size: 215KB - Virtual size: 215KB

.reloc
Size: 1024B - Virtual size: 1024B