67d7e9938c5f513d2b3e065254b2318b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

67d7e9938c5f513d2b3e065254b2318b_JaffaCakes118
Size

55KB
MD5

67d7e9938c5f513d2b3e065254b2318b
SHA1

36cd681bd7cec9a535daa1b2bbc3f46b0445cc77
SHA256

5ec775f20a1e8c3832c0413526bab879deacf2650f2144e4cd7ac48f95d9b1f2
SHA512

66cb2a04d9cb1b6702603fa9619c21507d59df01cf47be3e8d1dc4f1f60e2ab32d1828b14e70ce3dfbcedb76035cbf874f85e22b72d76d12a810040a74440af0
SSDEEP

1536:DvauySj/PBf54lMEfXvnn1+oBJVBMw9r7PHQpZiNxJ9zQ2:Dva3c4l/9LJv1rEpoN/9zn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67d7e9938c5f513d2b3e065254b2318b_JaffaCakes118

Files

67d7e9938c5f513d2b3e065254b2318b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bb730437a7ac20d1a92bb5cae3212b80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GdiPlayEMF
GetTextExtentExPointW
FONTOBJ_pxoGetXform
GetCurrentObject
EqualRgn
GetOutlineTextMetricsA
SetDCBrushColor
GetPath
CreateBrushIndirect
EngQueryLocalTime
CreateEnhMetaFileA
OffsetWindowOrgEx
GetObjectType
UnrealizeObject
DdEntry49
SetRectRgn
GetEnhMetaFileDescriptionA
PatBlt
GetViewportOrgEx
GetObjectA
GetClipBox
SetROP2
EngTransparentBlt
Ellipse
Polyline
CreateDCW
GetPixelFormat
EngCreateBitmap
ClearBitmapAttributes
XLATEOBJ_iXlate
PlayEnhMetaFile
CopyEnhMetaFileW
GdiStartPageEMF
GetColorSpace
CreateColorSpaceW
PATHOBJ_bEnumClipLines
GdiArtificialDecrementDriver
GetSystemPaletteUse
GdiStartDocEMF
CreatePen
DdEntry7
GetCharABCWidthsI
SetEnhMetaFileBits
DdEntry5
GdiPlayScript
AddFontResourceExA
GdiEntry12
GetICMProfileW
OffsetViewportOrgEx
DdEntry56
EngCreateDeviceBitmap
TextOutW
GetEnhMetaFilePixelFormat
OffsetClipRgn
EnumICMProfilesA
GetAspectRatioFilterEx
GetPixel
SwapBuffers
GetHFONT
GetBkColor
RectVisible
SetPolyFillMode

winsta

_WinStationShadowTarget
WinStationSendMessageW
WinStationQueryInformationA
WinStationServerPing
WinStationConnectCallback
LogonIdFromWinStationNameW
WinStationGenerateLicense
WinStationQueryLogonCredentialsW
WinStationShutdownSystem
WinStationQueryUpdateRequired
ServerLicensingFreePolicyInformation
WinStationInstallLicense
_WinStationBeepOpen
WinStationQueryLicense
WinStationVirtualOpen
ServerLicensingOpenA
ServerLicensingGetAvailablePolicyIds
WinStationSetInformationA
_WinStationAnnoyancePopup
WinStationGetMachinePolicy
ServerLicensingDeactivateCurrentPolicy
ServerLicensingClose
_WinStationFUSCanRemoteUserDisconnect
WinStationFreeMemory
WinStationSetInformationW
_WinStationCheckForApplicationName
WinStationIsHelpAssistantSession

msvcrt40

ceil
?lock@ios@@QAAXXZ
_CIexp
?setf@ios@@QAEJJJ@Z
strtok
??_Efilebuf@@UAEPAXI@Z
_mbsncpy
?lockc@ios@@KAXXZ
?rdbuf@ifstream@@QBEPAVfilebuf@@XZ
tan
?binary@filebuf@@2HB
_chmod
?overflow@stdiobuf@@UAEHH@Z
_wcsnicmp
_ismbclegal
_CIcosh
_wopen
_filelengthi64
??_7istream_withassign@@6B@
system
_ctype
_mtlock
??0Iostream_init@@QAE@AAVios@@H@Z
_putch
asctime

msvcirt

??_Eostream@@UAEPAXI@Z
??1exception@@UAE@XZ
?out_waiting@streambuf@@QBEHXZ
??0strstream@@QAE@XZ
??0ostream@@IAE@ABV0@@Z
?pcount@ostrstream@@QBEHXZ
?str@strstreambuf@@QAEPADXZ
?sync@stdiobuf@@UAEHXZ
?get@istream@@QAEAAV1@PAEHD@Z
??_Efstream@@UAEPAXI@Z
?sync@strstreambuf@@UAEHXZ
??_Estdiobuf@@UAEPAXI@Z
?egptr@streambuf@@IBEPADXZ
??_8stdiostream@@7Bistream@@@
?close@ifstream@@QAEXXZ
?fd@ofstream@@QBEHXZ
??_Gostream_withassign@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
?getint@istream@@AAEHPAD@Z
?unbuffered@streambuf@@IAEXH@Z
?bitalloc@ios@@SAJXZ
?freeze@strstreambuf@@QAEXH@Z
?basefield@ios@@2JB
??_7ios@@6B@
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
?base@streambuf@@IBEPADXZ
??_Distream@@QAEXXZ
??4ifstream@@QAEAAV0@ABV0@@Z
?oct@@YAAAVios@@AAV1@@Z
??0iostream@@IAE@XZ
?getline@istream@@QAEAAV1@PAEHD@Z

kernel32

lstrcmpW
lstrcat
GetModuleHandleW
DeleteFileA
GetConsoleFontSize
OpenSemaphoreW
SetPriorityClass
GetModuleHandleA
SetComPlusPackageInstallStatus
InterlockedPopEntrySList
SetConsoleCursorPosition
SetConsoleCursor
GlobalAlloc
SetLastError
QueueUserWorkItem
ReadConsoleOutputAttribute
QueryMemoryResourceNotification
FileTimeToLocalFileTime
_lclose
SleepEx
LoadLibraryA
WideCharToMultiByte
GetLogicalDriveStringsW
DeleteVolumeMountPointA
SetDefaultCommConfigW
EnumResourceNamesW
LockResource
GetComputerNameW
SetUnhandledExceptionFilter
FindFirstFileExW
Process32FirstW
BuildCommDCBAndTimeoutsA
CreateThread
GetCurrentThread
FillConsoleOutputAttribute
CreateSemaphoreW
VirtualAlloc
EnumDateFormatsExA
IsValidLocale
GetDiskFreeSpaceA
GetEnvironmentStringsA

ntlanman

NPGetConnectionPerformance
NPEnumResource
NPGetConnection3
NPFormatNetworkName
NPGetUniversalName
NPAddConnection3
NPCloseEnum
DllMain
NPGetConnection
NPGetCaps
NPGetReconnectFlags
NPGetResourceParent
NPOpenEnum
NPGetResourceInformation
NPCancelConnection
I_SystemFocusDialog
NPAddConnection
NPGetUser

Sections

.text
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb730437a7ac20d1a92bb5cae3212b80

Headers

File Characteristics

Imports

gdi32

winsta

msvcrt40

msvcirt

kernel32

ntlanman

Sections

.text Size: 33KB - Virtual size: 36KB

.rdata Size: 13KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 44KB

.rsrc Size: 6KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 33KB - Virtual size: 36KB

.rdata
Size: 13KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 44KB

.rsrc
Size: 6KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 4KB