48cf7524f22065762a370dab0b76f58b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

48cf7524f22065762a370dab0b76f58b_JaffaCakes118
Size

806KB
MD5

48cf7524f22065762a370dab0b76f58b
SHA1

addbd03e627ff6244c38b0893eb317550464d61b
SHA256

c9000c2d17c32f03b2f39c66d714bea80ca2da907826d49b6014fc8f95336812
SHA512

225a347852c47d319b329ab9d865a5fcae79db50c4e9fbfe625c663b9a4f92b07bc66766894e4ca30088a4fcf870080f56cb0dbd2277e3b34ce14cac3e77149f
SSDEEP

24576:OwN4GPuTqpz+SWXE1Qgh64+9t3LuaeMjL3:OBGGTMz+oCvRjbuZMjD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48cf7524f22065762a370dab0b76f58b_JaffaCakes118

Files

48cf7524f22065762a370dab0b76f58b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ed3c76dbc372b290cca90a598b9050fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadPriorityBoost
PrivMoveFileIdentityW
VirtualQueryEx
GetTempPathA
ResetWriteWatch
GetFileSize
LoadLibraryA
WritePrivateProfileSectionA
SetUserGeoID
VirtualProtectEx
GetConsoleAliasExesLengthW
WTSGetActiveConsoleSessionId
VDMConsoleOperation
EnumCalendarInfoW
ReadConsoleOutputAttribute
DeleteTimerQueueEx
FlushViewOfFile
AreFileApisANSI
CompareStringW
GetDateFormatA
SetConsoleDisplayMode
FindResourceExA
OpenThread
OpenFileMappingA
GetConsoleCP
FindNextVolumeMountPointA
MoveFileExW
VirtualAlloc
lstrcpyn
CreateMailslotW
SetComputerNameExA

oleaut32

VarI1FromUI8
VarUI1FromI2
VarR8FromDate
VarDateFromCy
VarBstrFromUI8
SafeArrayUnlock
VarDecMul
VarBoolFromR8
VarCyFromI2
VarDecFromUI8
VarUI8FromUI4
VarDecRound
VarI2FromDisp
VarI1FromR4
ClearCustData
VarCyFromI1
VarUI4FromI8
VarCySub
SafeArraySetRecordInfo
VarR8FromUI8
VarDecFromI1
VarR4FromI4
VarDateFromUI1
VarI1FromCy
VarI2FromR4
SafeArrayAllocDescriptor

wldap32

ldap_rename_ext
ldap_result2error
ldap_controls_freeA
ldap_initW
LdapGetLastError
ldap_cleanup
LdapUTF8ToUnicode
ldap_dn2ufnA
ldap_control_free
ldap_search_ext_sW
ldap_sslinit
ber_alloc_t
ber_bvecfree
ldap_modrdn2
ldap_delete_sW
ldap_bind_sA
ldap_bind_s
ldap_delete
ldap_search_init_pageW
ldap_sasl_bindA
ldap_value_free_len
ldap_add_ext_sA

duser

GetStdColorName
GetGadgetRect
GetActionTimeslice
SetGadgetBufferInfo
SetGadgetCenterPoint
DUserStopAnimation
DeleteHandle
PeekMessageExW
RemoveGadgetMessageHandler
GetStdColorPenF
FireGadgetMessages
GetDebug
InitGadgets
DUserRegisterStub
SetGadgetFillF
UtilGetColor
SetGadgetParent
IsStartDelete
InvalidateGadget
InitGadgetComponent
DUserSendEvent
DUserCastClass
SetGadgetFillI

msvcrt20

?snextc@streambuf@@QAEHXZ
modf
memchr
?cin@@3Vistream_withassign@@A
??0ostrstream@@QAE@PADHH@Z
_adj_fdiv_r
??_8fstream@@7Bostream@@@
??_Efilebuf@@UAEPAXI@Z
exp
bsearch
?osfx@ostream@@QAEXXZ
??_Distrstream@@QAEXXZ
??5istream@@QAEAAV0@AAH@Z
?hex@@YAAAVios@@AAV1@@Z
_ismbbtrail
??_Gofstream@@UAEPAXI@Z
isdigit
__p__wcmdln
??6ostream@@QAEAAV0@J@Z
_mbsspnp
_pipe
strtok
_tcsinc
??0istream_withassign@@QAE@ABV0@@Z

msvcrt40

_mbccpy
_CIfmod
_wrmdir
?fd@fstream@@QBEHXZ
?underflow@filebuf@@UAEHXZ
vfprintf
_tzset
_mtunlock
??2@YAPAXI@Z
_rmdir
_ismbbalpha
fwscanf
ctime
??_Efstream@@UAEPAXI@Z
_gcvt
_adj_fdiv_m16i
??5istream@@QAEAAV0@PAC@Z
_ungetch
?get@istream@@IAEAAV1@PADHH@Z
?binary@filebuf@@2HB
_waccess
__lconv_init
??_7istream_withassign@@6B@
?clrlock@ios@@QAAXXZ

mf3216

Mf3216DllInitialize
ConvertEmfToWmf

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 651KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed3c76dbc372b290cca90a598b9050fa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

wldap32

duser

msvcrt20

msvcrt40

mf3216

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 137KB - Virtual size: 137KB

.data Size: 651KB - Virtual size: 2.0MB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 300B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 137KB - Virtual size: 137KB

.data
Size: 651KB - Virtual size: 2.0MB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 300B