75c5435cc12f9c3dc8527485f43a9171_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

75c5435cc12f9c3dc8527485f43a9171_JaffaCakes118
Size

41KB
MD5

75c5435cc12f9c3dc8527485f43a9171
SHA1

c47f1ab352802b9ce4241825f578f70887b38911
SHA256

014040e3ded3746944b1b8a1606496ba81bdcb9d1866fc77513c8d549750e726
SHA512

d72b7d1fb1340fb73c562e7603978a905b995f175d9577b3ffcd9779ed935c9f37e44ddd848aa1229a8aa30a12d1025dbb3200d7ee55de9cbe0e0cb3531cd7b9
SSDEEP

768:1xOrE4YTsCbzksczTymYQG2hGnLPDVvQKbYJ1AfcUp3tney0pmM37vbIv:1WNYT9kX+HxLR3rpomM37vM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75c5435cc12f9c3dc8527485f43a9171_JaffaCakes118

Files

75c5435cc12f9c3dc8527485f43a9171_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3992a8bafe3d8db17979798a5af6bd8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

_setsystime
_rotl
__dllonexit
??_Eostream_withassign@@UAEPAXI@Z
strerror
_wgetenv
_adj_fptan
?blen@streambuf@@IBEHXZ
sinh
strtoul
strrchr
?str@ostrstream@@QAEPADXZ
_adj_fdivr_m64
_mbctoupper
?tellp@ostream@@QAEJXZ
?underflow@stdiobuf@@UAEHXZ
_wperror
_cputs
__RTtypeid
_wfindfirsti64
??0ostrstream@@QAE@XZ
_ismbclegal
vfprintf
??_Eistream_withassign@@UAEPAXI@Z
??0istream@@IAE@XZ
_mktemp
__p__commode
??0strstream@@QAE@ABV0@@Z
??_Dostream@@QAEXXZ
??1stdiobuf@@UAE@XZ

wmi

WmiDevInstToInstanceNameW
WmiNotificationRegistrationW
WmiDevInstToInstanceNameA
EnableTrace
SetTraceCallback
RegisterTraceGuidsA
WmiSetSingleInstanceW
WmiFileHandleToInstanceNameA
WmiMofEnumerateResourcesA
ControlTraceW
TraceEvent
StartTraceA
GetTraceEnableLevel
CloseTrace
ProcessTrace
CreateTraceInstanceId
ControlTraceA
UnregisterTraceGuids
GetTraceEnableFlags
TraceEventInstance
OpenTraceW
WmiCloseBlock

msvcp60

?precision@ios_base@std@@QBEHXZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Doraise@bad_typeid@std@@MBEXXZ
?infinity@?$numeric_limits@D@std@@SADXZ
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDH@std@@QAE@I@Z
??Zstd@@YAAAV?$complex@O@0@AAV10@ABV10@@Z
?do_decimal_point@?$numpunct@D@std@@MBEDXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBC@Z
?_Getcat@?$codecvt@DDH@std@@SAIXZ
?arg@std@@YAOABV?$complex@O@1@@Z
?grouping@?$numpunct@G@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
_Getcoll
?do_neg_format@?$_Mpunct@D@std@@MBE?AUpattern@money_base@2@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?pow@std@@YA?AV?$complex@O@1@ABV21@0@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

kernel32

GetCommMask
GetModuleHandleA
ReplaceFile
DefineDosDeviceW
FindNextVolumeA
SetFilePointer
GetTapePosition
SleepEx
GetCalendarInfoA
FillConsoleOutputAttribute
GetLongPathNameA
EnumSystemCodePagesA
EnumResourceNamesW
SystemTimeToFileTime
VirtualAlloc
SetConsoleHardwareState
CallNamedPipeA
SetFileAttributesW
LoadLibraryA
SetSystemTime
UnregisterWaitEx
GetSystemWindowsDirectoryA
GetDriveTypeA
EnumResourceLanguagesA
GetTempFileNameW
TerminateThread
CreateSemaphoreA
GetUserDefaultUILanguage
GetModuleFileNameW
GlobalUnlock
GetHandleContext

gpedit

DllGetClassObject
ImportRSoPData
CreateGPOLink
BrowseForGPO
DllCanUnloadNow
ExportRSoPData
DeleteAllGPOLinks
DeleteGPOLink

gdi32

CreateEllipticRgnIndirect
GdiPlayEMF
EngPlgBlt
CLIPOBJ_cEnumStart
GetWorldTransform
SetLayout
DdEntry42
GdiDeleteSpoolFileHandle
GetRgnBox
DdEntry14
SetDCBrushColor
FloodFill
SetPolyFillMode
GetBitmapDimensionEx
SetMapMode
GetPath
AddFontMemResourceEx
CreateDIBSection
EngDeletePalette
GetTextExtentPointW

Sections

.text
Size: 1024B - Virtual size: 630B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3992a8bafe3d8db17979798a5af6bd8e

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

wmi

msvcp60

kernel32

gpedit

gdi32

Sections

.text Size: 1024B - Virtual size: 630B

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 16KB - Virtual size: 60KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1024B - Virtual size: 630B

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 60KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 64B