5c467a6d63e504bddb4874f2a6d0f3ac_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5c467a6d63e504bddb4874f2a6d0f3ac_JaffaCakes118
Size

394KB
MD5

5c467a6d63e504bddb4874f2a6d0f3ac
SHA1

3dbf2b46825b95ad38d8623b95ba63eea66e971b
SHA256

69ac0a2c71ff729a68c58620cacf1a9c56656684c6a3080b887518247becc1a1
SHA512

73f49bcfb1348e5af205d0626d389f7833bfae912bf4ea558839cfa64062f556accbd13127734a07642231157dddc1817df10fe35f09047f4a61e480cb148349
SSDEEP

6144:4a+yKkmd5SJhSTAlXBQUBImCdkXbx0DlI14XyIhIsC9Gvim:F3wd5shST8BQUvCEbOGUhIsmGq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c467a6d63e504bddb4874f2a6d0f3ac_JaffaCakes118

Files

5c467a6d63e504bddb4874f2a6d0f3ac_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e9f5d7cf3d2684f596962b54b93fc7e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtQuerySystemInformation
LdrUnloadAlternateResourceModule
RtlGetControlSecurityDescriptor
NtFilterToken
ZwSetBootEntryOrder
RtlInitializeAtomPackage
ZwSetSystemPowerState
NtSetContextThread
RtlRandomEx
RtlGetElementGenericTableAvl
RtlNtPathNameToDosPathName
RtlInsertElementGenericTable
tolower
RtlDeleteRegistryValue
RtlInterlockedPushListSList
ZwAlertResumeThread
NtPlugPlayControl
NtCreateWaitablePort
ZwSetSecurityObject
NtAdjustGroupsToken
RtlOemStringToUnicodeSize
ZwDisplayString
ZwWriteFile
RtlAssert
ZwAccessCheckByType
RtlDestroyEnvironment
RtlResetRtlTranslations
RtlActivateActivationContext
RtlGetDaclSecurityDescriptor

scecli

SceSetupBackupSecurity
SceWriteSecurityProfileInfo
SceGetScpProfileDescription
SceGetDatabaseSetting
SceSetupUpdateSecurityKey
SceRollbackTransaction
SceDcPromoteSecurityEx
SceSvcFree
SceSetupRootSecurity
SceDcPromoCreateGPOsInSysvolEx
SceSysPrep
SceSetupGenerateTemplate
SceDcPromoCreateGPOsInSysvol
SceGenerateGroupPolicy
SceGetAnalysisAreaSummary
SceNotifyPolicyDelta
SceOpenProfile
SceSetupSystemByInfName
SceSvcConvertTextToSD
SceAddToObjectList
SceSetDatabaseSetting
SceSetupConfigureServices
SceSetupUnwindSecurityFile
SceCompareSecurityDescriptors
SceSvcSetInformationTemplate
SceBrowseDatabaseTable
SceDcPromoteSecurity

crtdll

swscanf
_spawnvpe
_y0
_memccpy
_CIlog10
_commode_dll
_chmod
_rmtmp
cos
wcsrchr
_rotl
_filelength
wcsxfrm
_fmode_dll
sprintf
_heapchk
fputs
_ismbcl0
_fileinfo_dll
_mbscspn
_mbsspnp
_ismbbpunct
difftime
fabs
_environ_dll
_purecall
_strlwr
mbstowcs
signal
iswascii
_execlp
__doserrno
_mbsnset
_strdec
localeconv
_cwait
_CIcosh
_strerror
_mbsnbcnt
isalpha
iswalpha
_mbsrchr
_mbslen

msvcrt40

?attach@fstream@@QAEXH@Z
_wstrdate
_CIsin
?sync@strstreambuf@@UAEHXZ
?fLockcInit@ios@@0HA
??4Iostream_init@@QAEAAV0@ABV0@@Z
_ismbbkprint
??1ios@@UAE@XZ
_stricmp
??0exception@@QAE@ABV0@@Z
_spawnve
??_Gifstream@@UAEPAXI@Z
_wfopen
?cin@@3Vistream_withassign@@A
?fd@ifstream@@QBEHXZ
??_Dfstream@@QAEXXZ
_mbsnbcat
_mbsncoll
??1bad_typeid@@UAE@XZ
_snwprintf
??0istream_withassign@@QAE@PAVstreambuf@@@Z
?rdbuf@ifstream@@QBEPAVfilebuf@@XZ
??4ostream@@IAEAAV0@PAVstreambuf@@@Z
??0ifstream@@QAE@PBDHH@Z
_fgetchar
??_7filebuf@@6B@
??Bios@@QBEPAXXZ
swscanf
strcat

rasapi32

RasClearConnectionStatistics
DwEnumEntryDetails
RasGetCountryInfoW
RasGetEapUserIdentityA
RasFreeEapUserIdentityA
RasSetAutodialParamW
RasDeleteSubEntryW
RasGetAutodialEnableW
RasSetEapUserDataW
RasHangUpW
RasScriptInit
RasSetCustomAuthDataW
RasGetSubEntryHandleA
RasConnectionNotificationW
RasGetErrorStringW
RasSetAutodialEnableA
RasGetEntryPropertiesW
RasDeleteSubEntryA
RasGetAutodialEnableA
RasEnumConnectionsA
RasGetEapUserDataA
RasSetCredentialsA
RasSetEntryDialParamsA
RasValidateEntryNameA
RasGetEntryPropertiesA
RasScriptTerm
DwRasUninitialize
RasAutoDialSharedConnection
RasRenameEntryW
DDMGetPhonebookInfo
RasSetSubEntryPropertiesW

kernel32

SetThreadPriorityBoost
VerifyVersionInfoA
GlobalFindAtomW
GetConsoleCommandHistoryA
SetConsoleMode
RegisterWaitForInputIdle
SetConsoleHardwareState
GetConsoleInputWaitHandle
RegisterWowBaseHandlers
GetStartupInfoW
SetFileValidData
VirtualAlloc
SetEndOfFile
Thread32First
Beep
EnumResourceLanguagesA
GetNamedPipeHandleStateA
GetModuleHandleW
GetEnvironmentVariableA
QueryPerformanceCounter
GetStringTypeW
_hwrite
GetLogicalDrives
SearchPathW
SetNamedPipeHandleState
OutputDebugStringA
Thread32Next
GetTapeStatus
GetProfileIntW
FindNextVolumeMountPointA
LoadLibraryA
CancelIo
GetConsoleCommandHistoryW
ResetEvent
GetConsoleScreenBufferInfo
IsBadWritePtr
FileTimeToSystemTime
BackupSeek
UTRegister
SetClientTimeZoneInformation
VirtualProtectEx
LocalReAlloc
DosPathToSessionPathW
MoveFileWithProgressW

mmcshext

DllGetClassObject

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 171KB - Virtual size: 627KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9f5d7cf3d2684f596962b54b93fc7e1

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

scecli

crtdll

msvcrt40

rasapi32

kernel32

mmcshext

Sections

.text Size: 83KB - Virtual size: 83KB

.rdata Size: 122KB - Virtual size: 122KB

.data Size: 171KB - Virtual size: 627KB

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 83KB - Virtual size: 83KB

.rdata
Size: 122KB - Virtual size: 122KB

.data
Size: 171KB - Virtual size: 627KB

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 1024B - Virtual size: 1024B