6ef9102aad5a248408894dec7a9cc63a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6ef9102aad5a248408894dec7a9cc63a_JaffaCakes118
Size

61KB
MD5

6ef9102aad5a248408894dec7a9cc63a
SHA1

c78469830daddee661f49fff6565de386b8c54e8
SHA256

738aab666899e364f8a0d6317966646ceeaa8475484549396cf320cff6086223
SHA512

8193e1d3d422db6a2def5efd07418322530e68ef825bac9a7a14e2fd49a233c6f5d6d1c0c1a1da0ece0bfb10adba086bebd84d3909e2c4af7c04c917b4f4cd6d
SSDEEP

1536:nl/bWIC6Feh6bWrSJTe1619GV1xiGkUZYXnNrzGZrft:Vb3FehaW2JBiliGGHQTt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ef9102aad5a248408894dec7a9cc63a_JaffaCakes118

Files

6ef9102aad5a248408894dec7a9cc63a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

796eae28bbe0ef57f23f85d023993d70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertNameToStrW
CertAddCertificateLinkToStore
CertSerializeCertificateStoreElement
CertEnumSystemStore
CryptSIPCreateIndirectData
I_CryptAddRefLruEntry
CertStrToNameA
CertAddEncodedCRLToStore
CertRegisterSystemStore
CertAddCRLLinkToStore
CryptEnumKeyIdentifierProperties
CertGetCertificateChain
CertFindCTLInStore
I_CertUpdateStore
CertStrToNameW
CertSetCTLContextProperty
CertAddCTLLinkToStore
I_CryptGetOssGlobal
CertDuplicateCRLContext
CryptSetAsyncParam
CryptImportPublicKeyInfo
I_CryptDetachTls
CertFindSubjectInSortedCTL
CertDeleteCRLFromStore
CertCompareCertificate

msvcirt

?cout@@3Vostream_withassign@@A
??6ostream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
??_8ostream@@7B@
??4istream_withassign@@QAEAAV0@ABV0@@Z
?getdouble@istream@@AAEHPADH@Z
??6ostream@@QAEAAV0@J@Z
??_Gistrstream@@UAEPAXI@Z
?get@istream@@QAEAAV1@PAEHD@Z
??0istrstream@@QAE@ABV0@@Z
??1strstreambuf@@UAE@XZ
??5istream@@QAEAAV0@AAH@Z
?read@istream@@QAEAAV1@PACH@Z
?ends@@YAAAVostream@@AAV1@@Z
?str@ostrstream@@QAEPADXZ
??5istream@@QAEAAV0@PAE@Z
??0ifstream@@QAE@XZ
?setf@ios@@QAEJJJ@Z
??_Difstream@@QAEXXZ
??0istream@@IAE@ABV0@@Z
?lockc@ios@@KAXXZ
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
??_7ifstream@@6B@
??0ostream_withassign@@QAE@ABV0@@Z
?sunk_with_stdio@ios@@0HA
??0stdiobuf@@QAE@PAU_iobuf@@@Z
?snextc@streambuf@@QAEHXZ

msoert2

CenterDialog
PszAllocA
WriteStreamToFileHandle
RicheditStreamOut
CreateNotify
HrBSTRToLPSZ
HrIsStreamUnicode
UlStripWhitespaceW
FIsSpaceA
strtrim
HrRewindStream
PszDayFromIndex
PszDupW
CreateDataObject
OpenFileStreamShare
FBuildTempPathW
StrToUintW
HrGetStreamPos
GetHtmlCharset
CreateStreamOnHFile
CreateTempFile
RicheditStreamIn
CchFileTimeToDateTimeW
PszScanToWhiteA
IsPrint
HrDecodeObject
IUnknownList_CreateInstance
WriteStreamToFile
OpenFileStreamWithFlagsW
HrFindInetTimeZone

kernel32

DuplicateConsoleHandle
QueryPerformanceCounter
VirtualAlloc
LoadLibraryA
FindFirstVolumeMountPointA
IsDebuggerPresent
ReadConsoleInputW
EnumSystemLanguageGroupsA
EscapeCommFunction
OpenJobObjectW
GlobalSize
GetSystemTime
WideCharToMultiByte
SetFileApisToOEM
SetLastError
CreateFiberEx
CancelTimerQueueTimer
GetConsoleAliasA
GetStartupInfoW
GetThreadPriorityBoost
GetProfileSectionW
GetTickCount
WriteConsoleOutputAttribute
GetAtomNameA
CreateActCtxW
GetModuleHandleExA
GetOverlappedResult
LoadLibraryExW
SetConsoleMode
DuplicateHandle
GetCurrentProcessId
LZDone
SearchPathA
VerLanguageNameW
GetCurrentThreadId
GetThreadLocale
GetModuleHandleW

msvcrt20

??0ifstream@@QAE@PBDHH@Z
??_Estdiobuf@@UAEPAXI@Z
fmod
?is_open@ifstream@@QBEHXZ
??0ifstream@@QAE@XZ
?fd@ifstream@@QBEHXZ
_eof
strspn
_getch
_spawnvpe
??6ostream@@QAEAAV0@C@Z
?setbuf@fstream@@QAEPAVstreambuf@@PADH@Z
??_8strstream@@7Bostream@@@
_wexeclp
??1strstream@@UAE@XZ
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
?attach@filebuf@@QAEPAV1@H@Z
_control87
??_Eiostream@@UAEPAXI@Z
??_7istream_withassign@@6B@
wcsncmp
??4strstreambuf@@QAEAAV0@ABV0@@Z
__p__pctype
?seekoff@streambuf@@UAEJJW4seek_dir@ios@@H@Z
_filelength
_ismbbkpunct

ole32

CoTaskMemRealloc
RevokeDragDrop
CoGetStandardMarshal
CLSIDFromProgID
CoInitializeSecurity
CoTestCancel
ComPs_NdrDllCanUnloadNow
CoImpersonateClient
StgCreatePropSetStg
OleConvertIStorageToOLESTREAM
SNB_UserSize
CoDisableCallCancellation
GetHookInterface
CoPopServiceDomain
CoCopyProxy
HBRUSH_UserMarshal
HWND_UserFree
CoGetClassVersion
StgCreateDocfileOnILockBytes
CoGetInterfaceAndReleaseStream
CoGetComCatalog
FmtIdToPropStgName

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

796eae28bbe0ef57f23f85d023993d70

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

msvcirt

msoert2

kernel32

msvcrt20

ole32

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 24KB - Virtual size: 113KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 300B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 24KB - Virtual size: 113KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 300B