688fafa913f0c46611a43aee83299667_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

688fafa913f0c46611a43aee83299667_JaffaCakes118
Size

74KB
MD5

688fafa913f0c46611a43aee83299667
SHA1

8e022d886d51e2c24bffbec668f289301c5e693f
SHA256

6b708ae5e7f2208d1dd16dcfd0b1a483308dfd321e1bd65274a2aa80d05cdbe1
SHA512

09783f99e1f80586f7fb90418014d96e4e8b53f9fc4d6d8349e8db82651ec56873b42e0c6ec4b92f92ce7bd27cb38f2fcf4ec0393ef9638a90862a6dd8c2d686
SSDEEP

768:Nk+2dPPtM+p6umMvuf69pDaP/qPW1Qqk+qdsZuHldbPWVDtSU:6ddPa+hFWf6PDaZ1Q7zFHTWVD8U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
688fafa913f0c46611a43aee83299667_JaffaCakes118

Files

688fafa913f0c46611a43aee83299667_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c3cbd590270d7920f05f57ddfad01a75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlpNotOwnerCriticalSection
RtlDuplicateUnicodeString
_ltow
RtlQueryRegistryValues
_itow
NtAllocateVirtualMemory
ZwNotifyChangeKey
NtQuerySystemEnvironmentValueEx
ZwTerminateProcess
NtOpenEvent
RtlFlushSecureMemoryCache
ZwAllocateUuids
NtMakeTemporaryObject
ZwFindAtom
ZwCreateIoCompletion
RtlNewSecurityObjectWithMultipleInheritance
RtlSetIoCompletionCallback
NtReleaseKeyedEvent
RtlSetInformationAcl
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
NtSetDefaultLocale
RtlSetAttributesSecurityDescriptor
ZwOpenThreadTokenEx
RtlAppendUnicodeStringToString
RtlFirstFreeAce
NtSetLdtEntries
RtlNtStatusToDosError
ZwSetSecurityObject
NtQueryBootEntryOrder
wcstol
NtPlugPlayControl
NtAccessCheck
NtSetValueKey
RtlAreAllAccessesGranted
RtlEnumerateGenericTableAvl

setupapi

SetupDiCreateDeviceInterfaceW
CM_Request_Eject_PC_Ex
CM_First_Range
SetupDiClassGuidsFromNameExA
CM_Create_DevNodeW
pSetupAddMiniIconToList
SetupDiDestroyDriverInfoList
SetupDiGetDeviceInterfaceDetailA
CM_Locate_DevNodeA
SetupDecompressOrCopyFileW
CM_Enumerate_Classes
SetupGetLineCountW
SetupLogErrorA
CM_Request_Device_EjectA
SetupDiDestroyDeviceInfoList
CM_Connect_MachineW
CM_Get_Class_Key_NameW
pSetupEnablePrivilege
SetupSetPlatformPathOverrideW
SetupDiAskForOEMDisk
SetupQuerySourceListA
SetupGetInfInformationW
CM_Get_Child_Ex
SetupDiInstallDevice
pSetupStringFromGuid
SetupCloseLog
CM_Get_HW_Prof_FlagsW
CM_Get_Device_Interface_ListW

syssetup

SetupChangeFontSize
AsrCreateStateFileA
SetupSetDisplay
AsrAddSifEntryW
AsrRestorePlugPlayRegistryData
SetupInfObjectInstallActionW
AsrFreeContext
AsrAddSifEntryA
AsrCreateStateFileW

msvcp60

?_Getdays@_Locinfo@std@@QBEPBDXZ
?do_truename@?$numpunct@G@std@@MBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?length@?$char_traits@G@std@@SAIPBG@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@KAPADPADDH@Z
??4?$complex@M@std@@QAEAAV01@ABV01@@Z
??9std@@YA_NABNABV?$complex@N@0@@Z
??_7?$basic_filebuf@GU?$char_traits@G@std@@@std@@6B@
?max@?$numeric_limits@_N@std@@SA_NXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGPAG0@Z
?pow@std@@YA?AV?$complex@N@1@ABNABV21@@Z
?_Term@?$ctype@D@std@@KAXXZ
??_F?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?tolower@?$ctype@G@std@@QBEPBGPAGPBG@Z
?toupper@?$ctype@G@std@@QBEPBGPAGPBG@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?get@?$messages@D@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@HHHABV32@@Z
??0_Locinfo@std@@QAE@HPBD@Z
??_7?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
?min@?$numeric_limits@F@std@@SAFXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PBX@Z
?table@?$ctype@D@std@@IBEPBFXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?log10@std@@YA?AV?$complex@N@1@ABV21@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
??_7?$basic_ofstream@GU?$char_traits@G@std@@@std@@6B@
??_F?$complex@N@std@@QAEXXZ
?_Isnan@?$_Ctr@M@std@@SA_NM@Z
?iword@ios_base@std@@QAEAAJH@Z
??1ios_base@std@@UAE@XZ

kernel32

SetVolumeMountPointA
EnumSystemLocalesA
GetLogicalDriveStringsW
_hwrite
SetCurrentDirectoryW
_lwrite
GetSystemTime
WriteConsoleInputA
DnsHostnameToComputerNameA
MoveFileExW
LeaveCriticalSection
FindFirstFileExA
VirtualAlloc
IsValidCodePage
EnterCriticalSection
GetEnvironmentVariableW
WriteConsoleOutputCharacterW
FindActCtxSectionGuid
SetConsoleActiveScreenBuffer
GlobalAddAtomW
FindFirstFileExW
WriteFileGather
DeleteCriticalSection
CreateJobSet
GetCurrentDirectoryW
EnumLanguageGroupLocalesW
VirtualQuery
GetPrivateProfileSectionNamesW
ReadFileEx
LoadLibraryA
OpenFileMappingA
GetCalendarInfoW
ConnectNamedPipe
SetFileShortNameA
DosDateTimeToFileTime
GetVolumePathNamesForVolumeNameA
CreateEventA
GetDateFormatA
GetConsoleAliasesA
ReadConsoleInputW
GetNumaProcessorNode
GetLongPathNameW
ClearCommError
GetGeoInfoA
GetLargestConsoleWindowSize
RaiseException
SetFileApisToANSI

atl

AtlIPersistPropertyBag_Save
AtlModuleLoadTypeLib
AtlRegisterClassCategoriesHelper
AtlModuleInit
AtlModuleRegisterTypeLib
AtlAxCreateDialogA
AtlAxGetControl
AtlModuleUnregisterServer
AtlAxAttachControl
AtlAxDialogBoxA
AtlModuleUpdateRegistryFromResourceD
AtlPixelToHiMetric
AtlInternalQueryInterface
AtlGetObjectSourceInterface
AtlModuleRegisterServer
AtlMarshalPtrInProc
AtlAxCreateControlEx
AtlAxWinInit
AtlWaitWithMessageLoop
AtlComPtrAssign
AtlModuleRegisterWndClassInfoA
AtlDevModeW2A
AtlModuleAddCreateWndData
AtlModuleRegisterClassObjects
AtlIPersistStreamInit_Load
AtlUnmarshalPtr
AtlModuleTerm
AtlModuleUnRegisterTypeLib
AtlModuleUnregisterServerEx
AtlModuleRegisterWndClassInfoW

msvcrt40

rewind
localeconv
_getdcwd
??0ostream@@IAE@XZ
?is_open@ofstream@@QBEHXZ
rename
__dllonexit
__p__winminor
ceil
?sync_with_stdio@ios@@SAXXZ
strspn
??0streambuf@@QAE@ABV0@@Z
?set_new_handler@@YAP6AXXZP6AXXZ@Z
??_8stdiostream@@7Bistream@@@
_findclose
_strrev
_adj_fdivr_m16i
_winminor
__p__daylight
_outpw
??_Eofstream@@UAEPAXI@Z
?delbuf@ios@@QAEXH@Z
_ismbbkalnum
_y0
??0istream_withassign@@QAE@ABV0@@Z
_adj_fdiv_m16i
_wexeclpe
__p__wpgmptr
_safe_fprem
_local_unwind2
iswupper
?fail@ios@@QBEHXZ
towupper
??_Eiostream@@UAEPAXI@Z
??0filebuf@@QAE@H@Z
_winmajor
?raw_name@type_info@@QBEPBDXZ
??_Dostream_withassign@@QAEXXZ
vsprintf
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z

dsound

GetDeviceID
DirectSoundCaptureEnumerateA
DirectSoundCaptureCreate8
DirectSoundCaptureEnumerateW
DirectSoundCreate
DirectSoundFullDuplexCreate
DirectSoundEnumerateA
DllGetClassObject
DirectSoundCaptureCreate
DirectSoundCreate8
DirectSoundEnumerateW

msvcrt

exit

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c3cbd590270d7920f05f57ddfad01a75

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

setupapi

syssetup

msvcp60

kernel32

atl

msvcrt40

dsound

msvcrt

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 10KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB