682ec94bb1d5b92d31ec47d4f543269d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

682ec94bb1d5b92d31ec47d4f543269d_JaffaCakes118
Size

864KB
MD5

682ec94bb1d5b92d31ec47d4f543269d
SHA1

8da6bb7afa72a470dcdf410700d4bcf63ce4587d
SHA256

1ccded529cd86bcc7835625bb7d12dce03a0bd36a4e71904cd4600b71a1180a5
SHA512

9b94e41859b0c008e1ac36c410dcbe8b90bf38812f7476868cd3b07b835f14b96e208194c5acc624680aa30e76ce980ebabff2224dd40b08e48e8c6efd917f8d
SSDEEP

24576:OoJ+2/MfPnj3irL8JH8KLjYHRV8ZY9wQZdTSRiOU5MQ:bJN/MfPnmrL8ZBLSHY0rSTUi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
682ec94bb1d5b92d31ec47d4f543269d_JaffaCakes118

Files

682ec94bb1d5b92d31ec47d4f543269d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

926aa73210ef0a0bd7fca32b49a177b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

mblen
_wfsopen
_osplatform
_ismbcpunct
wcsrchr
_wspawnve
_pwctype
__unDName
mbstowcs
ungetc
_mbsrchr
exit
_control87
_wfindnexti64
_mbsspn
??0bad_typeid@@QAE@PBD@Z
ungetwc
wcscoll
_sys_nerr
_cputws
__p___mb_cur_max
_ismbcspace
_mbctohira
__p__commode
_spawnl
??_Eexception@@UAEPAXI@Z
_CIacos
_wcsdup
_splitpath
_mbsspnp
??_G__non_rtti_object@@UAEPAXI@Z
mbtowc
_eof
_ui64toa
_adj_fdiv_m32
isleadbyte
_wtof
__crtLCMapStringA
_except_handler2
_setmbcp
_strlwr
__lc_codepage
_local_unwind2
strpbrk
_dstbias
__set_app_type
_wfindnext
_adj_fdiv_m64
_exit
_ultoa
_wexecle
__getmainargs
__mb_cur_max
??0bad_cast@@QAE@ABV0@@Z
_endthreadex
iswspace

kernel32

lstrcmpiW
Heap32First
GetFileAttributesExA
LoadLibraryExW
GetConsoleAliasExesLengthW
GetConsoleFontInfo
WritePrivateProfileStructA
TlsFree
GetLocaleInfoA
IsValidCodePage
GetConsoleOutputCP
CreateFileW
IsDebuggerPresent
EnumCalendarInfoW
GetFileInformationByHandle
GetUserDefaultLCID
SearchPathW
GetBinaryTypeW
SetFileShortNameW
VirtualFreeEx
GetSystemDefaultLCID
VirtualAlloc
RemoveLocalAlternateComputerNameW
GetExitCodeThread
GlobalCompact
GetWindowsDirectoryW
ReadConsoleInputExW
GetCurrentDirectoryW
GetThreadLocale
LeaveCriticalSection
IsBadHugeReadPtr
GetStartupInfoW
EnterCriticalSection
FindFirstVolumeW
GetConsoleKeyboardLayoutNameW
GetCompressedFileSizeW
LoadLibraryA
GetConsoleCommandHistoryW
LoadLibraryExA
GetLastError
IsValidLocale
CreateTapePartition
GetDateFormatW
GetVersionExW
GlobalUnfix
VerifyConsoleIoHandle
GetShortPathNameA
SetProcessShutdownParameters

setupapi

SetupBackupErrorA
SetupGetFileCompressionInfoExA
CMP_WaitNoPendingInstallEvents
CM_Set_Class_Registry_PropertyA
pSetupOpenAndMapFileForRead
SetupGetLineByIndexW
pSetupUnmapAndCloseFile
SetupGetInfFileListW
SetupDiGetHwProfileFriendlyNameA
SetupDiInstallClassW
SetupEnumInfSectionsW
pSetupAddMiniIconToList
SetupDiSetClassInstallParamsA
CM_Set_HW_Prof
pSetupStringTableLookUpStringEx
SetupCommitFileQueueW
CM_Get_Device_ID_ExA
SetupOpenLog
SetupOpenInfFileA
CM_Get_Device_ID_List_Size_ExA
SetupOpenMasterInf
pSetupGetFileTitle
SetupSetFileQueueAlternatePlatformA
pSetupVerifyQueuedCatalogs
CM_Add_Empty_Log_Conf
CM_Add_Res_Des_Ex
CM_Get_HW_Prof_Flags_ExA
SetupDiSetDriverInstallParamsA
CM_Query_Arbitrator_Free_Data_Ex
CM_Unregister_Device_InterfaceW
SetupRemoveFileLogEntryW
CM_Uninstall_DevNode
SetupDiOpenClassRegKeyExA
SetupDiDestroyClassImageList

lz32

LZClose
LZOpenFileA
LZCopy
LZInit
LZSeek
LZOpenFileW
LZStart
CopyLZFile
LZRead
GetExpandedNameA
LZDone
LZCloseFile

advapi32

ObjectPrivilegeAuditAlarmW
DecryptFileW
LogonUserExW
ProcessIdleTasks
SetFileSecurityW
RegCreateKeyExW
CryptContextAddRef
ChangeServiceConfig2A
IsValidAcl
CryptVerifySignatureW
SetSecurityDescriptorDacl
LsaDeleteTrustedDomain
InitializeAcl
RegLoadKeyA
SystemFunction003
EncryptionDisable
GetSecurityDescriptorRMControl
RegQueryMultipleValuesW
LsaEnumeratePrivilegesOfAccount
GetTraceEnableLevel
TraceMessageVa
CryptExportKey
MD4Final
RegisterIdleTask
RegEnumKeyExW
LookupSecurityDescriptorPartsW
SetInformationCodeAuthzPolicyW
InitiateSystemShutdownW
FindFirstFreeAce
PrivilegedServiceAuditAlarmA
CryptSetProviderExW
RegisterTraceGuidsW
ConvertSecurityDescriptorToStringSecurityDescriptorW
WmiQuerySingleInstanceMultipleA
CredUnmarshalCredentialA
OpenServiceA
GetAccessPermissionsForObjectW
GetNamedSecurityInfoExA
SetSecurityDescriptorControl
CryptEnumProvidersA
GetSecurityDescriptorLength
LsaLookupNames2
ControlService
EqualSid
ProcessTrace
RegConnectRegistryW
GetExplicitEntriesFromAclA
WmiSetSingleInstanceA
SaferSetPolicyInformation
QueryAllTracesW
LsaNtStatusToWinError
LsaLookupSids
LsaOpenPolicy
MD4Update
SetNamedSecurityInfoA
SaferiChangeRegistryScope
LsaClose
RegEnumValueA
ElfBackupEventLogFileW
CredEnumerateW
ReportEventW
ElfRegisterEventSourceA
CredDeleteW
CredReadDomainCredentialsA
CheckTokenMembership
ConvertStringSDToSDDomainW
MSChapSrvChangePassword2
RegOpenCurrentUser
RegSaveKeyExW
LookupPrivilegeNameA
CryptDestroyHash
LsaGetSystemAccessAccount
RegOpenKeyA
ConvertStringSDToSDDomainA
LsaCreateTrustedDomainEx

msvcrt40

??0filebuf@@QAE@XZ
??0istream@@IAE@ABV0@@Z
??_Distream@@QAEXXZ
?openprot@filebuf@@2HB
wcstombs
ungetwc
??0strstreambuf@@QAE@PADH0@Z
_wfindnexti64
??0istream@@QAE@PAVstreambuf@@@Z
?open@filebuf@@QAEPAV1@PBDHH@Z
??_Ebad_cast@@UAEPAXI@Z
??1ios@@UAE@XZ
tan
_wcsrev
??_8ifstream@@7B@
localtime
rename
difftime
??0ofstream@@QAE@PBDHH@Z
_setjmp3
_mbscat
??0filebuf@@QAE@HPADH@Z
_wtmpnam
_exit
??0ostrstream@@QAE@XZ
??_Ebad_typeid@@UAEPAXI@Z
_ungetch
?seekoff@stdiobuf@@UAEJJW4seek_dir@ios@@H@Z
_HUGE
?_set_new_mode@@YAHH@Z
??0ios@@IAE@XZ
__RTCastToVoid
?lock@streambuf@@QAEXXZ
_dstbias

user32

EndDialog

Sections

.text
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

926aa73210ef0a0bd7fca32b49a177b4

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

setupapi

lz32

advapi32

msvcrt40

user32

Sections

.text Size: 456KB - Virtual size: 456KB

.rdata Size: 304KB - Virtual size: 304KB

.data Size: 99KB - Virtual size: 1.5MB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 456KB - Virtual size: 456KB

.rdata
Size: 304KB - Virtual size: 304KB

.data
Size: 99KB - Virtual size: 1.5MB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB