6310c182158f3a24128a4f78e729fa47_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6310c182158f3a24128a4f78e729fa47_JaffaCakes118
Size

84KB
MD5

6310c182158f3a24128a4f78e729fa47
SHA1

9618d04bdba0ca2f23100626c706f4d91fb43262
SHA256

160905deda858dd260748f4085bfcc4ec54db619f37b20a613707a906f9950d6
SHA512

928ccc428a57a21b409c69846540a36d267ca959b8d5b628691854a66f7f7383987010c0b3438b2dd27be698468bb054ac88a33f2ab786f75455fff22b968f79
SSDEEP

1536:xX8jw5ugDIJav2Bb+A7cf7ezGj58J7si91oB04Y:30BJ42BqAI6zKeYk1F4Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6310c182158f3a24128a4f78e729fa47_JaffaCakes118

Files

6310c182158f3a24128a4f78e729fa47_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fcaeb229270b3e3dbd77eeda728b628a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

expsrv

__vbaFileSeek
__vbaLateMemCallSt
__vbaR8Sgn
__vbaInStrB
PutMemEvent
__vbaRedimVar2
rtcQBColor
PutMemNewObj
_adj_fdiv_m32i
__vbaFpCDblR8
_adj_fdiv_m32
rtcFileLocation
__vbaVarIndexStore
rtcSpaceVar
rtcBstrFromError
_adj_fdivr_m32
EbGetVBAObject
__vbaRsetFixstr
__vbaCyUI1
__vbaVarForInit
__vbaVarSetObjAddref
rtcFormatDateTime
__vbaStrTextCmp

wmi

CreateTraceInstanceId
WmiCloseBlock
WmiQuerySingleInstanceA
WmiEnumerateGuids
GetTraceLoggerHandle
TraceEvent
QueryAllTracesA
EnableTrace
OpenTraceA
WmiExecuteMethodW
WmiFileHandleToInstanceNameW
GetTraceEnableFlags
OpenTraceW
WmiMofEnumerateResourcesW
WmiFreeBuffer
RegisterTraceGuidsW
WmiDevInstToInstanceNameW
StartTraceW
CloseTrace
WmiMofEnumerateResourcesA
QueryAllTracesW
GetTraceEnableLevel

kernel32

GetTickCount
HeapCreate
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTapePosition
ReadConsoleInputA
Module32FirstW
GetStartupInfoA
LocalShrink
SetConsoleHardwareState
GetLastError
WriteFileGather
GetCurrentProcessId
QueryDepthSList
LoadLibraryA
VirtualAlloc
GetCommState
QueryPerformanceCounter
DosDateTimeToFileTime
InterlockedPopEntrySList

untfs

?ResetIterator@NTFS_INDEX_TREE@@QAEXXZ
?Read@NTFS_FRS_STRUCTURE@@UAEEXZ
?Initialize@NTFS_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@VBIG_INT@@2@Z
??1NTFS_FRS_STRUCTURE@@UAE@XZ
?IsAllocated@NTFS_BITMAP@@QBEEVBIG_INT@@0@Z
?ReadAgain@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
?QueryFileReference@NTFS_INDEX_TREE@@QAEEKPAXKPAU_MFT_SEGMENT_REFERENCE@@PAE@Z
?Save@NTFS_INDEX_TREE@@QAEEPAVNTFS_FILE_RECORD_SEGMENT@@@Z
??0NTFS_LOG_FILE@@QAE@XZ
??1NTFS_EXTENT_LIST@@UAE@XZ
?Initialize@NTFS_BITMAP@@QAEEVBIG_INT@@EPAVLOG_IO_DP_DRIVE@@K@Z
??0NTFS_UPCASE_TABLE@@QAE@XZ
??1NTFS_MFT_FILE@@UAE@XZ

msdart

?IsWriteLocked@CReaderWriterLock@@QBE_NXZ
?_Contract@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?GetDefaultSpinCount@CReaderWriterLock3@@SGGXZ
?Pop@CLockedSingleList@@QAEQAVCSingleListEntry@@XZ
?SetSpinCount@CReaderWriterLock2@@QAE_NG@Z
?IsLocked@CLockedSingleList@@QBE_NXZ
?GetDefaultSpinCount@CReaderWriterLock2@@SGGXZ
?_LockSpin@CReaderWriterLock2@@AAEX_N@Z
?_LockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
?IsReadLocked@CLKRHashTable@@QBE_NXZ

resutils

ResUtilResourcesEqual
ResUtilDupParameterBlock
ResUtilVerifyService
ResUtilEnumResourcesEx
ResUtilGetMultiSzProperty
ResUtilDupString
ResUtilSetPropertyTableEx
ResUtilSetPrivatePropertyList
ResUtilFreeParameterBlock
ResUtilGetProperties
ResUtilGetResourceDependencyByClass
ResUtilStopService

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcaeb229270b3e3dbd77eeda728b628a

Headers

DLL Characteristics

File Characteristics

Imports

expsrv

wmi

kernel32

untfs

msdart

resutils

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 17KB - Virtual size: 44KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 296B

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 17KB - Virtual size: 44KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 296B