64270e40d33445177a3c3e726d3d4d29_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

64270e40d33445177a3c3e726d3d4d29_JaffaCakes118
Size

41KB
MD5

64270e40d33445177a3c3e726d3d4d29
SHA1

d70d5a9efb703b8eb65ba47cf7e567dcb4999d43
SHA256

166321f015e89b3ffedefcb019fdf93a37d4f9048752344a19bdfbefe22b2178
SHA512

e2d00a6453e2c02ab73bf39aaa57d4fa027d91129a880f7b16365fa8a97fffccddc64929bd8444268a78ef31bee68e5600bc7137c53f9944dad9f2d9c04a0e1d
SSDEEP

768:hd5H9B0grRkl1dbN83cWwHskbLJb8hBmuuUPXL7tfbVWmi/u1o:hd5H9lmlPbuFwHxbUmuu+vtzVWjwo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64270e40d33445177a3c3e726d3d4d29_JaffaCakes118

Files

64270e40d33445177a3c3e726d3d4d29_JaffaCakes118
.exe windows:5 windows x86 arch:x86

126cadbe31b8de09564d83ecd058165e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatW
GetUserDefaultLCID
IsDebuggerPresent
SetClientTimeZoneInformation
_lread
HeapWalk
DefineDosDeviceA
WriteConsoleW
lstrlenA
RtlFillMemory
InterlockedPopEntrySList
GetTapeStatus
GetAtomNameA
SetMailslotInfo
MoveFileWithProgressA
LocalFree
GetModuleHandleExW
IsValidLocale
LoadLibraryA
GetEnvironmentVariableA
VirtualAlloc
GetSystemDefaultLCID
SetConsoleIcon
VirtualProtectEx
CallNamedPipeA
EnumDateFormatsA
CreateMailslotA
EnterCriticalSection
GetCommMask
SetFileShortNameW
WriteFile
TlsSetValue
GetCurrentThread
AddConsoleAliasA
IsValidCodePage
LeaveCriticalSection
SetFileApisToOEM
SetTimeZoneInformation
GetPrivateProfileStructW

dbghelp

SymCleanup
SymFunctionTableAccess
FindDebugInfoFileEx
SymGetSymFromName
FindFileInPath
SymSetContext
SymGetTypeFromName
FindFileInSearchPath
SymGetSymFromName64
SymGetSymFromAddr64
SymEnumerateSymbolsW
SymFromName
SearchTreeForFile
SymGetSymNext
SymInitialize
SymGetSymNext64
MakeSureDirectoryPathExists
SymFromAddr
SymUnDName64
ImageRvaToSection
SymGetModuleInfo
SymGetFileLineOffsets64
ImageDirectoryEntryToDataEx
MiniDumpWriteDump
SymFunctionTableAccess64
SymGetLineNext
SymGetModuleInfoW64
SymEnumSourceFiles
FindExecutableImageEx
omap
StackWalk64
vc7fpo
SymGetLinePrev
SymRegisterCallback

gdi32

GetICMProfileA
GetLogColorSpaceW
GetMiterLimit
EnumICMProfilesA
PathToRegion
SetBoundsRect
SetPixel
CreateEllipticRgn
ExtTextOutA
GdiGetCodePage
GdiAddGlsRecord
EngDeleteSurface
DdEntry40
SelectObject
MirrorRgn
GetBitmapAttributes
InvertRgn
SwapBuffers
GdiPlayPrivatePageEMF
EngQueryEMFInfo
GetColorSpace
IntersectClipRect
DdEntry14
FloodFill
ResetDCW
DdEntry55
PolyTextOutA
GdiPlayJournal

winmm

mmioRead
midiInGetErrorTextA
mixerGetLineControlsA
WOWAppExit
midiOutGetDevCapsA
midiOutShortMsg
waveInGetNumDevs
midiInStart
midiInUnprepareHeader
mixerGetLineControlsW
mmioCreateChunk
mmTaskBlock
waveOutMessage
midiStreamPosition
midiOutGetErrorTextW
timeGetTime
auxGetVolume
waveInUnprepareHeader
midiStreamProperty
waveOutSetPlaybackRate
midiOutGetDevCapsW
waveOutGetID
waveOutGetErrorTextA
mixerGetID
GetDriverModuleHandle

query

??1CCatState@@QAE@XZ
?AddArg@CEventItem@@QAEXPBG@Z
?VT_VARIANT_NE@@YGHABUtagPROPVARIANT@@0@Z
?GetR8@CAllocStorageVariant@@QBENI@Z
?SkipLong@CMemDeSerStream@@UAEXXZ
??0CKeyArray@@QAE@HH@Z
?ChangeCurrentCatalog@CCatState@@QAEXPBG@Z
?StopFiltering@CFilterDaemon@@QAEXXZ
??1CLangList@@QAE@XZ
CollectCIISAPIPerformanceData
?ExtensionHasScriptMap@CMetaDataMgr@@QAEHPBG@Z
?GetString@CMemDeSerStream@@UAEPADXZ
?GetSectorSize@CDriveInfo@@QAEKXZ
??0CAllocStorageVariant@@QAE@PBU_GUID@@AAVPMemoryAllocator@@@Z
?Marshall@CDbProp@@QBEXAAVPSerStream@@@Z
?QueryInterface@CEnumWorkid@@UAGJABU_GUID@@PAPAX@Z
?Marshall@CNodeRestriction@@QBEXAAVPSerStream@@@Z
??1COccRestriction@@QAE@XZ
SvcEntry_CiSvc
??1CWorkManager@@QAE@XZ
?SkipWChar@CMemDeSerStream@@UAEXK@Z
?InitIterator@CPropertyList@@UAEXXZ
??0CCiRegParams@@QAE@PBG@Z
?GetProperties@CGetDbProps@@QAEXPAUIDBProperties@@K@Z
?QueryInterface@CEnumString@@UAGJABU_GUID@@PAPAX@Z
??1CWin32RegAccess@@QAE@XZ
?SetRestriction@CDbSelectNode@@QAEHPAVCDbCmdTreeNode@@@Z
?Get@CRegAccess@@QAEKPBG@Z
?Empty@CSdidLookupTable@@QAEXXZ
?Close@CPropSetMap@COLEPropManager@@QAEXXZ

lz32

LZDone
LZOpenFileA
LZOpenFileW
LZClose
LZRead
CopyLZFile
LZCopy
LZInit
LZCloseFile
LZSeek
GetExpandedNameA
LZStart

wintrust

CryptCATAdminAddCatalog
CryptCATClose
WintrustCertificateTrust
WinVerifyTrustEx
OpenPersonalTrustDBDialogEx
WVTAsn1SpcIndirectDataContentDecode
CryptCATCDFEnumCatAttributes
WTHelperCertFindIssuerCertificate
AddPersonalTrustDBPages
mssip32DllUnregisterServer
HTTPSFinalProv
CryptCATPutMemberInfo
CryptCATEnumerateMember
SoftpubLoadSignature
TrustFindIssuerCertificate
SoftpubDllRegisterServer
WVTAsn1SpcMinimalCriteriaInfoEncode
WinVerifyTrust
CryptCATCDFEnumMembersByCDFTagEx
WVTAsn1SpcMinimalCriteriaInfoDecode
CryptCATAdminAcquireContext
CryptCATCDFEnumMembers
CatalogCompactHashDatabase
WintrustAddActionID
WVTAsn1SpcSigInfoDecode
CryptCATCDFEnumMembersByCDFTag
HTTPSCertificateTrust
CryptCATCDFEnumAttributesWithCDFTag
CryptSIPGetInfo
WTHelperGetProvSignerFromChain

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

126cadbe31b8de09564d83ecd058165e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

dbghelp

gdi32

winmm

query

lz32

wintrust

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 55KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 55KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B