71fa556b7da6bf3b3921ed95a07dedba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

71fa556b7da6bf3b3921ed95a07dedba_JaffaCakes118
Size

169KB
MD5

71fa556b7da6bf3b3921ed95a07dedba
SHA1

b0f36247907f866c4e0f5d8627929378bc171ec6
SHA256

01a87c8055e0d987c6e5a40f7db50fd623e9536be4763a77bc44f0ba2f50659b
SHA512

937cf73fe4812a1625d171cf8f228fd0937409e4c9b7cad68b3b946664eadb548595d4a8dea5a7df41def20cf9db1eafb4770b8b058dc6e7ed4e90657a582329
SSDEEP

3072:kWYByUXMbZk0AieckzAfxzsdMa2MpAO1j6h6YzZF/fuubmjPhS/QbG7kERJ/LNsC:kWSyOMlk0feckI6Ma/yO1j6h6YzjuubD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71fa556b7da6bf3b3921ed95a07dedba_JaffaCakes118

Files

71fa556b7da6bf3b3921ed95a07dedba_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3c78eb86d1c4fb9ebc4f8c3d8286317a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsQueryExW
DnsNotifyResolver
DnsNameCompare_UTF8
Dns_InitializeMsgRemoteSockaddr
DnsNameCopyAllocate
DnsUtf8ToUnicode
DnsIpv6StringToAddress
Dns_ParsePacketRecord
DnsRecordTypeForName
DnsGetDomainName
NetInfo_Copy
DnsQuery_A
DnsRemoveRegistrations
DnsRecordBuild_W
DnsNameCompare_W
DnsRecordStringForType
DnsExtractRecordsFromMessage_W
DnsAsyncRegisterTerm
Dns_CloseSocket
DnsQuery_W
DnsDhcpSrvRegisterTerm
DnsNameCopy
DnsApiFree
DnsNameCompareEx_W
DnsStatusString
DnsNotifyResolverClusterIp
DnsGetBufferLengthForStringCopy
Dns_BuildPacket
DnsExtractRecordsFromMessage_UTF8
GetCurrentTimeInSeconds
DnsStringCopyAllocateEx
DnsValidateName_UTF8
Dns_CreateSocketEx
Dns_CloseConnection
Dns_RecvTcp
DnsApiSetDebugGlobals
Dns_WriteDottedNameToPacket
Dns_AllocateMsgBuf

kernel32

ScrollConsoleScreenBufferW
CreateJobObjectW
GlobalHandle
RtlZeroMemory
SetConsoleTextAttribute
lstrlenA
SetComPlusPackageInstallStatus
Beep
EnumSystemGeoID
CreateEventA
LoadLibraryA
FreeConsole
GlobalUnfix
CreateDirectoryExA
SetMailslotInfo
DeleteFileA
BaseFlushAppcompatCache
WriteProfileSectionW
GetTimeZoneInformation
BeginUpdateResourceA
VerifyVersionInfoA
SetConsoleKeyShortcuts
GetConsoleProcessList
WriteProfileStringW
HeapReAlloc
VerifyConsoleIoHandle
GetLocalTime
MapUserPhysicalPages
GetCurrentThread
GetModuleHandleW
MoveFileWithProgressW
TerminateJobObject
SetUserGeoID
SetDefaultCommConfigW
IsBadStringPtrA
BackupWrite
FormatMessageW
GetConsoleCursorInfo
SetConsoleInputExeNameW
AttachConsole
GetSystemWow64DirectoryW
ExpungeConsoleCommandHistoryA
ZombifyActCtx
GetCommandLineA
QueryPerformanceCounter
VirtualAlloc
EnumDateFormatsExW
EnumTimeFormatsW
GetFileAttributesExA
LocalAlloc

ntdll

NtWriteFile
LdrFindEntryForAddress
ZwSetLowWaitHighEventPair
RtlCreateTimerQueue
NtQueryInformationJobObject
RtlWriteRegistryValue
ZwAccessCheckAndAuditAlarm
RtlFlushSecureMemoryCache
RtlFreeAnsiString
_itow
RtlDeleteTimerQueue
NtEnumerateSystemEnvironmentValuesEx
RtlGetUserInfoHeap
RtlEnterCriticalSection
NtStopProfile
ZwResetWriteWatch
RtlSubtreePredecessor
NtQueryTimer
ZwLockRegistryKey
RtlQueryTimeZoneInformation
RtlIpv4AddressToStringW
ZwMapViewOfSection
_ltoa
_CIsin
ZwGetDevicePowerState
RtlFindNextForwardRunClear
RtlFindLongestRunClear
RtlIsValidIndexHandle
RtlDeactivateActivationContext
NtQuerySystemEnvironmentValueEx
RtlTraceDatabaseAdd
ZwTerminateJobObject
RtlQueryHeapInformation
ZwTraceEvent
ZwOpenJobObject
abs
NtDeleteAtom
RtlDestroyEnvironment
RtlAbortRXact
NtWaitForMultipleObjects
ZwRemoveIoCompletion
DbgPrint
NtAccessCheckAndAuditAlarm
strcspn
wcscmp
NtAreMappedFilesTheSame
RtlRandom
NtCreatePagingFile
RtlLargeIntegerSubtract
RtlAddAccessAllowedAceEx
RtlpNtMakeTemporaryKey
ZwQueryVirtualMemory
RtlGetElementGenericTable
CsrClientCallServer
RtlIsActivationContextActive
ZwCloseObjectAuditAlarm
NtFsControlFile
NtContinue
ZwCreateThread
RtlPrefixUnicodeString
NtSaveMergedKeys
isdigit
RtlEqualPrefixSid
RtlCaptureStackBackTrace
NtAccessCheckByTypeResultList
ZwEnumerateSystemEnvironmentValuesEx
RtlAllocateHandle
RtlAreBitsSet
RtlZombifyActivationContext
ZwOpenProcess
NtQueryAttributesFile
RtlFreeHandle
RtlAddCompoundAce
RtlIdentifierAuthoritySid
NtImpersonateThread
NtAccessCheckByTypeAndAuditAlarm
RtlConvertSharedToExclusive
NtOpenIoCompletion
ZwShutdownSystem
NtImpersonateClientOfPort
RtlGetCallersAddress

msvcrt40

_umask
??4ofstream@@QAEAAV0@ABV0@@Z
?rdbuf@strstream@@QBEPAVstrstreambuf@@XZ
??6ostream@@QAEAAV0@N@Z
_CIcosh
??0ostream@@IAE@ABV0@@Z
_daylight
_wchdir
_aexit_rtn
_wexecvpe
_setmbcp
??0__non_rtti_object@@QAE@PBD@Z
??0ofstream@@QAE@PBDHH@Z
??1exception@@UAE@XZ
??_Giostream@@UAEPAXI@Z
__wargv
??2@YAPAXI@Z
?write@ostream@@QAEAAV1@PBCH@Z
??_Distream@@QAEXXZ
??_8stdiostream@@7Bistream@@@
_strdup
?ipfx@istream@@QAEHH@Z
_setmode
_mbstrlen
??6ostream@@QAEAAV0@G@Z
putwchar
?rdbuf@stdiostream@@QBEPAVstdiobuf@@XZ
fread
_wexecl
_onexit
??0istream@@IAE@XZ
??0fstream@@QAE@XZ
_wfindfirst

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c78eb86d1c4fb9ebc4f8c3d8286317a

Headers

DLL Characteristics

File Characteristics

Imports

dnsapi

kernel32

ntdll

msvcrt40

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 88KB - Virtual size: 247KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 816B

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 88KB - Virtual size: 247KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 816B