5b05685a21128aa2fc3c082e7b194a14_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5b05685a21128aa2fc3c082e7b194a14_JaffaCakes118
Size

71KB
MD5

5b05685a21128aa2fc3c082e7b194a14
SHA1

e42bed5b84166f0341dd1140f3e1995fe1a07d18
SHA256

ae42f52e20f0b55aed98dbea7648ff966afddd880f294cfa5bf43119ab300b94
SHA512

bc28c1ef34d618a4a9a3b486f3463f2795174f944cab1f917b7af188532ad40332cc0203ee22264a2e169204fe0d2a527eeb9e4f7bb52b3f8f2623d364edb7f7
SSDEEP

1536:B6KxD6ZiTs0I02M9U+ECIm+b72J0XS/EcSaEmYGHfwdAT8yyofNyF7cc7+:1OwJ06zECIm+bCsSMcSXikATTfYZ77+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b05685a21128aa2fc3c082e7b194a14_JaffaCakes118

Files

5b05685a21128aa2fc3c082e7b194a14_JaffaCakes118
.exe windows:1 windows x86 arch:x86

7d73c54882e94af5f3d1f76c2de27e4b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcirt

?ends@@YAAAVostream@@AAV1@@Z
??4fstream@@QAEAAV0@AAV0@@Z
?flush@ostream@@QAEAAV1@XZ
??6ostream@@QAEAAV0@K@Z
?attach@fstream@@QAEXH@Z
??5istream@@QAEAAV0@PAD@Z
??0ofstream@@QAE@H@Z
?str@istrstream@@QAEPADXZ
?cin@@3Vistream_withassign@@A
??0filebuf@@QAE@XZ
?pcount@strstream@@QBEHXZ
?seekoff@streambuf@@UAEJJW4seek_dir@ios@@H@Z
??1ios@@UAE@XZ
??5istream@@QAEAAV0@AAF@Z
??_Dofstream@@QAEXXZ
??0strstreambuf@@QAE@ABV0@@Z

hhsetup

?ParseFile@CCollection@@AAEKPBD@Z
?GetNextLocation@CLocation@@QAEPAV1@XZ
?GetCollectionFileNameW@CCollection@@QAEPBGXZ
?GetTitle@CFolder@@QAEPADXZ
?AddChildFolder@CFolder@@QAEKPAV1@@Z
?AddLocation@CCollection@@QAEPAVCLocation@@PBG000PAK@Z
?Save@CCollection@@QAEKXZ
?GetTail@CFIFOString@@QAEKPAPAD@Z
?GetTitleW@CLocation@@QAEPBGXZ
??0CFolder@@QAE@XZ
??0CTitle@@QAE@XZ
?GetId@CLocation@@QBEPADXZ
?SetFindMergedCHMS@CCollection@@QAEXH@Z
?NewTitle@CCollection@@AAEPAVCTitle@@XZ
?AddRef@CCollection@@QAEXXZ
?SetTitle@CFolder@@QAEXPBD@Z
?SetId@CLocation@@QAEXPBG@Z
?SetMasterCHM@CCollection@@QAEXPBGG@Z

kernel32

IsProcessorFeaturePresent
GetVDMCurrentDirectories
TryEnterCriticalSection
SetCommBreak
GetLogicalDriveStringsA
GetProcessHeaps
GetFileSize
FreeUserPhysicalPages
CopyFileExW
SetNamedPipeHandleState
FindFirstChangeNotificationW
GetSystemTimeAsFileTime
GetModuleFileNameA
PeekConsoleInputW
SetErrorMode
PrivCopyFileExW
VirtualUnlock
ReadConsoleW
GetNamedPipeHandleStateW
DosDateTimeToFileTime
GetProcAddress
ConvertDefaultLocale
LoadLibraryA
VirtualAlloc
WaitNamedPipeW
GetStringTypeW
DosPathToSessionPathA
ReadConsoleInputExA
GetStartupInfoA
ShowConsoleCursor
CommConfigDialogA
InterlockedPopEntrySList
RemoveDirectoryW
MapViewOfFile
ExitProcess
CreateFileMappingW
RemoveLocalAlternateComputerNameW
RequestDeviceWakeup
EnumResourceTypesA
QueryDosDeviceA
IsBadStringPtrA
RequestWakeupLatency
WriteConsoleA

ntdll

RtlCreateEnvironment
ZwSetIoCompletion
ZwQueryMutant
bsearch
NtYieldExecution
RtlGetElementGenericTableAvl
RtlLengthSecurityDescriptor
RtlApplicationVerifierStop
ZwSetHighWaitLowEventPair
ZwPlugPlayControl
ZwReplaceKey
CsrIdentifyAlertableThread
ZwDeleteFile
RtlpNtEnumerateSubKey
RtlMapSecurityErrorToNtStatus
ZwVdmControl
wcsncat
RtlDeleteNoSplay
iswspace
ZwOpenObjectAuditAlarm
RtlInitializeGenericTableAvl

msvcrt

vfwprintf
_pwctype
_CIexp
__CxxLongjmpUnwind
clock
_ismbcspace
_wexecle
wcsncpy
_CIlog
_vscwprintf
___lc_handle_func
_ismbcalnum
__p__pwctype
_cscanf
__uncaught_exception
_adjust_fdiv
?name@type_info@@QBEPBDXZ

user32

PostQuitMessage
RegisterClassA
DefWindowProcA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d73c54882e94af5f3d1f76c2de27e4b

Headers

File Characteristics

Imports

msvcirt

hhsetup

kernel32

ntdll

msvcrt

user32

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 33KB - Virtual size: 202KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 33KB - Virtual size: 202KB

.rsrc
Size: 1KB - Virtual size: 1KB