47754bf9c692a964efd5c295b467e502_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

47754bf9c692a964efd5c295b467e502_JaffaCakes118
Size

858KB
MD5

47754bf9c692a964efd5c295b467e502
SHA1

e2066da1d8e4a077c57f2a3499a256458b1e04a0
SHA256

b1c07ebcb812023a58f674ad6c00e6f2aeb9cb5c8d922cbba2b4218427631c61
SHA512

85ac02cb28d4b53e96d3be4ef1296ccccdcc15f5f8deaaa9c244995e41715849a789b8d3cec85b9645603fd9acab5a370803d8a4611224e9edfa7fab3d1b68f7
SSDEEP

24576:0unTWx6MeTN+xIYxQJRZ6S71gWdRkNChD:0Px6N+5OiS71gWd/D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47754bf9c692a964efd5c295b467e502_JaffaCakes118

Files

47754bf9c692a964efd5c295b467e502_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c50ea4cd0a1a388f63b1ddc51686d915

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

_mbctombb
_adj_fdivr_m32
_heapused
getenv
??_Gios@@UAEPAXI@Z
?is_open@fstream@@QBEHXZ
_mbsncoll
_putenv
?unlockc@ios@@KAXXZ
_fpreset
??7ios@@QBEHXZ
wcsrchr
wcscoll
_flushall
__p___wargv
?rdbuf@ostrstream@@QBEPAVstrstreambuf@@XZ
isxdigit
??0stdiobuf@@QAE@PAU_iobuf@@@Z
?unsetf@ios@@QAEJJ@Z
vswprintf
_mbstok
??0istream@@IAE@ABV0@@Z
??0filebuf@@QAE@HPADH@Z
_wcsicmp
_wexecve
_setsystime
??0streambuf@@IAE@XZ
_ecvt
??_Glogic_error@@UAEPAXI@Z
_wcsnicmp
mktime
_mbctype
_telli64
vfprintf
vfwprintf
?close@ifstream@@QAEXXZ

ntdll

RtlInitializeGenericTableAvl
NtCreateDirectoryObject
RtlEnlargedIntegerMultiply
NtLockVirtualMemory
ZwQueryInstallUILanguage
NtCreatePagingFile
ispunct
RtlLogStackBackTrace
RtlCopyLuid
_wtol
NtPrivilegeObjectAuditAlarm
NtQueryPerformanceCounter
NtQuerySymbolicLinkObject
RtlDestroyHandleTable
RtlGetLastNtStatus
ZwSetInformationJobObject
RtlQueryHeapInformation
NtAllocateUserPhysicalPages
RtlCreateTagHeap
RtlRegisterWait
NtSetSystemTime
ZwRaiseHardError
iswspace
RtlFreeOemString
ZwSetSystemPowerState
RtlNtPathNameToDosPathName
NtQueryMutant
_allrem
RtlEnumerateGenericTableAvl
NtOpenIoCompletion
ZwOpenKeyedEvent

kernel32

IsBadStringPtrW
GetCurrentProcessId
RegisterWowBaseHandlers
SetConsoleOutputCP
InterlockedFlushSList
OpenJobObjectA
EnumResourceTypesA
MoveFileExA
SetConsoleLocalEUDC
IsBadStringPtrA
SetVolumeMountPointA
EnumSystemLocalesW
GetLastError
SetStdHandle
CreateMutexA
FindFirstVolumeMountPointA
GetOEMCP
AttachConsole
WaitForDebugEvent
FindActCtxSectionStringW
GetVersionExA
GetACP
UnregisterWaitEx
DeleteFileA
GetCompressedFileSizeA
VirtualQueryEx
SetThreadUILanguage
RemoveDirectoryA
CancelTimerQueueTimer
CancelIo
FoldStringA
GetVolumeInformationA
WriteFileEx
SearchPathA
LoadLibraryA
GlobalAlloc
SetUnhandledExceptionFilter
OpenSemaphoreW
VirtualUnlock
VirtualAlloc
EnumCalendarInfoW
CloseHandle
GetTempPathW
EnumResourceTypesW
GetSystemDirectoryW
SetLastError
GetSystemDefaultLangID
GetLocaleInfoW
GetNumaProcessorNode
WaitForSingleObjectEx
lstrcmpiW
IsProcessInJob

sqlunirl

_RegisterClassEx_@4
_NDdeGetShareSecurity_@24
_GetCharacterPlacement_@24
_CreateService_@52
_LoadAccelerators_@8
_GetTextExtentPoint32@16
_ExtractIcon_@12
_EnumResourceTypes_@12
_MapVirtualKey_@8
_NDdeShareEnum_@24
_CopyEnhMetaFile_@8
_CharToOem_@8
_SendMessageTimeout_@28
_GetUserObjectInformation_@20
_lstrcmpi_@8
_LoadBitmap@8
_GetICMProfile_@12
_MapVirtualKeyEx_@12
_CallNamedPipe_@28
_DlgDirListComboBox_@20
_EnumDisplaySettings_@12
_SHGetPathFromIDList_@8
_QueryDosDevice_@12
_MessageBoxEx_@20
_CreateDirectory_@8
_GlobalFindAtom_@4
_RegEnumKey_@16
_CommConfigDialog_@12
_RegisterWindowMessage_@4
_OutputDebugString_@4
_RegDeleteKey_@8
_WaitNamedPipe_@8
_CreateStatusWindow_@16
_SystemParametersInfo_@16

user32

UnregisterClassA
MB_GetString
PrintWindow
GetDCEx
InitializeLpkHooks
PostThreadMessageW
UnpackDDElParam
GetSystemMenu
RemovePropA
CountClipboardFormats
CreatePopupMenu
EnumThreadWindows
RegisterClipboardFormatA
RedrawWindow
GetWindowModuleFileNameW
TileWindows
GetKeyState
DisableProcessWindowsGhosting
GetWindowTextLengthW
OemKeyScan
WaitMessage
EnableScrollBar
LoadBitmapW
MenuWindowProcA
UserRegisterWowHandlers
DrawTextExW
ResolveDesktopForWOW
DdeGetQualityOfService
RemoveMenu
SetMenuItemBitmaps
LookupIconIdFromDirectoryEx
SetParent
CopyAcceleratorTableW
GetClipboardOwner

Sections

.text
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c50ea4cd0a1a388f63b1ddc51686d915

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

ntdll

kernel32

sqlunirl

user32

Sections

.text Size: 371KB - Virtual size: 371KB

.rdata Size: 343KB - Virtual size: 343KB

.data Size: 141KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 371KB - Virtual size: 371KB

.rdata
Size: 343KB - Virtual size: 343KB

.data
Size: 141KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B