487e6c1730b6eb54b27bab5eb62adfd1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

487e6c1730b6eb54b27bab5eb62adfd1_JaffaCakes118
Size

375KB
MD5

487e6c1730b6eb54b27bab5eb62adfd1
SHA1

4331698ebc236764fbe227db07b78a92eb2f1e55
SHA256

75a5b171024858fb86c441439599a7c8ce3db8f3bc64005ac70154c43b82fcfb
SHA512

8d275a0270e67895f7a55cf65e086454d5a5fa702ceb314d96aba7ab2471fa8fec1331f7a7c7b2eedd0f26d368edba3ad74ca00de72ccb4126c09061d6dc1bd3
SSDEEP

6144:fLxhqeAGmtia3hetBO+Br60IT1u1hsjwqW4TaAl4Iva/jKkF5yA0xWZmyQVYHK:fW/7vC5G3Q1hsjGcaa4ICkA0xd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
487e6c1730b6eb54b27bab5eb62adfd1_JaffaCakes118

Files

487e6c1730b6eb54b27bab5eb62adfd1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c6d568f13fcb14bb16730ba824f737f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

msi

MsiGetFeatureUsageW
MsiCollectUserInfoA
MsiAdvertiseProductExA
MsiEnumClientsW
MsiCreateAndVerifyInstallerDirectory
MsiInstallMissingComponentA
MsiMessageBoxW
MsiDatabaseGetPrimaryKeysA
MsiCreateTransformSummaryInfoW
MsiGetFeatureUsageA
MsiOpenProductW
MsiSetComponentStateA
Migrate10CachedPackagesW
MsiEnumComponentQualifiersW
MsiGetSummaryInformationW
MsiGetFileVersionW
MsiDatabaseMergeW
MsiGetUserInfoW
MsiProvideQualifiedComponentA
MsiGetLanguage
MsiGetComponentPathA
MsiSourceListClearAllW
MsiDatabaseExportA
MsiFormatRecordA
MsiSourceListAddSourceA
MsiPreviewDialogA
MsiRecordIsNull
MsiRecordReadStream
MsiEnumPatchesA
MsiDoActionW
MsiSourceListAddSourceW
MsiGetProductInfoFromScriptA
MsiAdvertiseScriptW
MsiGetFileVersionA
MsiDeleteUserDataA
MsiGetProductCodeW
MsiOpenDatabaseW
MsiPreviewBillboardW
MsiOpenPackageA
MsiSequenceA
MsiViewGetColumnInfo
MsiCollectUserInfoW
MsiViewExecute

msvcirt

?open@fstream@@QAEXPBDHH@Z
??4filebuf@@QAEAAV0@ABV0@@Z
?unbuffered@streambuf@@IAEXH@Z
??5istream@@QAEAAV0@AAD@Z
?setbuf@streambuf@@UAEPAV1@PADH@Z
??_Eistream_withassign@@UAEPAXI@Z
?sync@istream@@QAEHXZ
?attach@ofstream@@QAEXH@Z
??0fstream@@QAE@XZ
??_Gfilebuf@@UAEPAXI@Z
??6ostream@@QAEAAV0@C@Z
?xsgetn@streambuf@@UAEHPADH@Z
?pcount@strstream@@QBEHXZ
??_Distream_withassign@@QAEXXZ
?sbumpc@streambuf@@QAEHXZ
??0strstreambuf@@QAE@H@Z
?sync@strstreambuf@@UAEHXZ
?hex@@YAAAVios@@AAV1@@Z
?attach@fstream@@QAEXH@Z
??6ostream@@QAEAAV0@PBX@Z
??_Estrstreambuf@@UAEPAXI@Z
?x_curindex@ios@@0HA
??0iostream@@IAE@XZ
?seekoff@streambuf@@UAEJJW4seek_dir@ios@@H@Z
?x_lockc@ios@@0U_CRT_CRITICAL_SECTION@@A
?doallocate@streambuf@@MAEHXZ
?sh_read@filebuf@@2HB
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
?cout@@3Vostream_withassign@@A
?getline@istream@@QAEAAV1@PADHD@Z
??0exception@@QAE@XZ
?get@istream@@QAEAAV1@PACHD@Z
??_Dostream@@QAEXXZ

kernel32

VirtualAlloc
ZombifyActCtx
SetDefaultCommConfigW
VirtualUnlock
SetVolumeMountPointA
FormatMessageA
SetHandleCount
SetComputerNameA
CreateMutexA
SwitchToThread
OpenProfileUserMapping
GetConsoleWindow
IsValidCodePage
QueryPerformanceCounter
GetEnvironmentStringsW
VerifyConsoleIoHandle
RemoveDirectoryA
RemoveLocalAlternateComputerNameA
Process32FirstW
OutputDebugStringA
ReadConsoleA
GetNumaProcessorNode
ReadConsoleOutputW
ChangeTimerQueueTimer
_lcreat
GetTimeZoneInformation
GetCurrentThread
SetMailslotInfo
GetNumaNodeProcessorMask
LoadLibraryA
HeapWalk
lstrcmpi
AllocateUserPhysicalPages
SetConsoleTextAttribute
WriteConsoleInputA

ntdll

CsrClientCallServer
ZwSetUuidSeed
RtlUshortByteSwap
ispunct
ZwDeleteFile
ZwQueryDirectoryObject
RtlAddAccessAllowedObjectAce
RtlConvertUiListToApiList
RtlConvertSharedToExclusive
RtlDosApplyFileIsolationRedirection_Ustr
_snprintf
KiUserApcDispatcher
NtDeleteKey
NtFreeVirtualMemory
RtlSubAuthoritySid
RtlCopyLuidAndAttributesArray
NtProtectVirtualMemory
RtlQueryInformationAcl
ZwQueueApcThread
isupper
RtlDeleteCriticalSection
RtlDeleteElementGenericTable
_strlwr
_wtoi64
RtlMoveMemory
RtlFindMessage
NtClose
RtlDeleteTimerQueue
NtQueryTimerResolution
_allshl
LdrLoadAlternateResourceModule
NtRequestWaitReplyPort
NtSetTimer
RtlFillMemoryUlong

sqlunirl

_GetCurrentDirectory_@8
_CopyMetaFile_@8
_ObjectCloseAuditAlarm_@12
_ReadEventLog_@28
wsprintf_
_CharLowerBuff_@8
_DlgDirList_@20
_EnumDependentServices_@24
_GetFileVersionInfo_@16
_OpenFile_@12
_ChangeServiceConfig_@44
_CreateSemaphore_@16
_GetWindowLong@8
_AccessCheckAndAuditAlarm_@44
_EnumResourceLanguages_@20
_LoadMenu@8
_GetClassInfo@12
_CreateProcessAsUser_@44
_GetTabbedTextExtent_@20
_EnumWindowStations_@8
_GetVersionEx@4
_FindResourceEx_@16
_CreateEnhMetaFile_@16
_FatalAppExit_@8
_LookupAccountName_@28
_BackupEventLog_@8
_StartService_@12
_PropertySheet_@4
_OpenService_@12

msvcrt40

?sync@stdiobuf@@UAEHXZ
?sbumpc@streambuf@@QAEHXZ
_wfindnexti64
??_Gistream_withassign@@UAEPAXI@Z
_mbscat
??1strstreambuf@@UAE@XZ
?text@filebuf@@2HB
?fd@ifstream@@QBEHXZ
?getline@istream@@QAEAAV1@PADHD@Z
?iword@ios@@QBEAAJH@Z
_setmaxstdio
_swab
??6ostream@@QAEAAV0@PBE@Z
rewind
_rmdir
_mbsdec
_osver
??4iostream@@IAEAAV0@AAV0@@Z
_CIexp
sqrt
fmod
_popen
$I10_OUTPUT
isxdigit
_ftime
abort
??0ostream@@QAE@PAVstreambuf@@@Z

Sections

.text
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6d568f13fcb14bb16730ba824f737f2

Headers

File Characteristics

Imports

msi

msvcirt

kernel32

ntdll

sqlunirl

msvcrt40

Sections

.text Size: 102KB - Virtual size: 104KB

.rdata Size: 79KB - Virtual size: 80KB

.data Size: 512B - Virtual size: 512KB

.rsrc Size: 192KB - Virtual size: 192KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 102KB - Virtual size: 104KB

.rdata
Size: 79KB - Virtual size: 80KB

.data
Size: 512B - Virtual size: 512KB

.rsrc
Size: 192KB - Virtual size: 192KB

.reloc
Size: 1024B - Virtual size: 4KB