74c05c39253b0c253ed11fd397023a51_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

74c05c39253b0c253ed11fd397023a51_JaffaCakes118
Size

325KB
MD5

74c05c39253b0c253ed11fd397023a51
SHA1

31fb4b7ce489844f4907a9a2aff75812dd10ddc7
SHA256

23a27fedee92aeb5588fb2f8306c3f595759ef387af8da85f1c80f71158f2818
SHA512

15f6d990974b7639a63b1c8c021665668a80208a93da7d8439af0bcb6d36c34495ad66f209b2aab4243f27b65204b92c78925413efca4203b76be9a6045b501b
SSDEEP

3072:lczo8Glk0qZycymch1gvlI1wG7nv9y1BpdavagfLjyGbifka4qYPVe4:lcE8GmZ8jhytYv7nv2pdavauLmtMjq4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74c05c39253b0c253ed11fd397023a51_JaffaCakes118

Files

74c05c39253b0c253ed11fd397023a51_JaffaCakes118
.exe windows:6 windows x86 arch:x86

23dcebdb56a7a55654661e760d1f2584

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cmd.pdb

Imports

msvcrt

exit
_getch
iswdigit
wcstol
_vsnwprintf
_controlfp
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_XcptFilter
_exit
_cexit
__getmainargs
calloc
free
_wcslwr
qsort
_dup2
_dup
_open_osfhandle
_close
swscanf
_ultoa
_pipe
_setmode
wcsncmp
iswxdigit
_wtol
time
srand
fflush
_get_osfhandle
_setjmp3
wcsstr
_local_unwind4
_errno
wcstoul
iswalpha
rand
wcsrchr
memcpy
printf
_iob
fprintf
towlower
realloc
setlocale
_wcsupr
_wpopen
ferror
fgets
feof
_pclose
memmove
wcschr
_tell
iswspace
memset
wcsspn
towupper
longjmp
_wcsnicmp
_wcsicmp

ntdll

RtlNtStatusToDosError
NtSetInformationProcess
NtQueryInformationProcess
RtlFreeHeap
NtFsControlFile
RtlDosPathNameToNtPathName_U
NtQueryInformationToken
NtClose
NtOpenProcessToken
NtOpenThreadToken

kernel32

GetDateFormatW
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
Sleep
InterlockedExchange
LoadLibraryExA
InterlockedCompareExchange
FreeLibrary
DelayLoadFailureHook
CreateHardLinkW
CreateSymbolicLinkW
GetVolumePathNameW
GetThreadLocale
GetSystemInfo
SetProcessAffinityMask
ResumeThread
FindFirstFileExW
DeviceIoControl
FindFirstStreamW
FindNextStreamW
GetDiskFreeSpaceExW
CompareFileTime
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
CopyFileW
SetFileAttributesW
SetEndOfFile
DeleteFileW
SetFileTime
CreateDirectoryW
FillConsoleOutputAttribute
SetConsoleTextAttribute
ScrollConsoleScreenBufferW
FormatMessageW
GetACP
DuplicateHandle
FlushFileBuffers
HeapReAlloc
HeapSize
VirtualAlloc
VirtualFree
GetCurrentThreadId
OpenThread
HeapSetInformation
GetFileAttributesExW
GetDriveTypeW
InitializeCriticalSection
SetConsoleCtrlHandler
GetWindowsDirectoryW
GetVersion
GetModuleFileNameW
ExpandEnvironmentStringsW
CancelSynchronousIo
EnterCriticalSection
LeaveCriticalSection
GetVolumeInformationW
SearchPathW
WriteFile
SetFilePointerEx
GlobalAlloc
GlobalFree
MoveFileW
SetConsoleTitleW
LocalFree
MoveFileExW
GetConsoleTitleW
GetFileAttributesW
NeedCurrentDirectoryForExePathW
GetBinaryTypeW
SetFilePointer
lstrcmpW
lstrcmpiW
HeapFree
GetProcessHeap
SetThreadLocale
GetProcAddress
GetModuleHandleW
VirtualQuery
HeapAlloc
CloseHandle
MultiByteToWideChar
ReadFile
WriteConsoleW
FillConsoleOutputCharacterW
SetConsoleCursorPosition
ReadConsoleW
GetConsoleScreenBufferInfo
GetStdHandle
GetFileType
GetLastError
WideCharToMultiByte
GetFileSize
FlushConsoleInputBuffer
GetCPInfo
GetConsoleOutputCP
CmdBatNotification
CreateFileW
FindClose
FindNextFileW
FindFirstFileW
GetFullPathNameW
GetUserDefaultLCID
SetLocalTime
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime
GetLocaleInfoW
FileTimeToLocalFileTime
GetTimeFormatW
GetLocalTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableW
SetEnvironmentStringsW
SetConsoleMode
GetConsoleMode
GetCommandLineW
GetEnvironmentVariableW
SetErrorMode
GetVDMCurrentDirectories
RegCloseKey
SetLastError
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyExW
ReadProcessMemory
LoadLibraryW
QueryFullProcessImageNameW
GetConsoleWindow
CreateProcessW
GetStartupInfoW
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
RegSetValueExW
RegCreateKeyExW

winbrand

BrandingFormatString

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xxuhzbk
Size: 4KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

23dcebdb56a7a55654661e760d1f2584

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

winbrand

Sections

.text Size: 138KB - Virtual size: 138KB

.data Size: 114KB - Virtual size: 114KB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 34KB - Virtual size: 35KB

xxuhzbk Size: 4KB - Virtual size: 32KB

.text
Size: 138KB - Virtual size: 138KB

.data
Size: 114KB - Virtual size: 114KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 34KB - Virtual size: 35KB

xxuhzbk
Size: 4KB - Virtual size: 32KB