774a2d0f611ae025f2d2b797f0abceb3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

774a2d0f611ae025f2d2b797f0abceb3_JaffaCakes118
Size

84KB
MD5

774a2d0f611ae025f2d2b797f0abceb3
SHA1

41938a4301345cc38e2380d6e069756501418674
SHA256

ea6ea77584eeaaa0181d1a7e6121ac1fccbf64a019cc2572133cbca7163f78e1
SHA512

e77bdb63909076c17796e92a1312096183f7a973eb5a3d5cb070c517498354922cded465d10a04a3ddb2d64c1ea864d5ea58cd0512a52368b78ff0824ffa095f
SSDEEP

1536:vJUJ23GBTCWDONM9R4wc2TUhyhG4cQAqQn2180w7QmArOQlC51ZOQY:vq2GBGbNMj4UTUh4lQn21pAACNY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
774a2d0f611ae025f2d2b797f0abceb3_JaffaCakes118

Files

774a2d0f611ae025f2d2b797f0abceb3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1531aba399011185c8f17d63bdd8abb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

_tell
rename
_wsopen
_wcsdup
malloc
??_7stdiobuf@@6B@
??4exception@@QAEAAV0@ABV0@@Z
_getdiskfree
??6ostream@@QAEAAV0@K@Z
?xsgetn@streambuf@@UAEHPADH@Z
_vsnprintf

kernel32

GetCurrentThreadId
GlobalUnfix
MapUserPhysicalPagesScatter
VirtualAlloc
SetFirmwareEnvironmentVariableW
WritePrivateProfileStructA
LocalUnlock
GetCurrentProcessId
QueryPerformanceCounter
GetLastError
LoadLibraryA
GetLocaleInfoA
GetStartupInfoA
GetFileAttributesW
GetTickCount
HeapCreate
GetExitCodeThread
IsWow64Process
GetMailslotInfo
RtlCaptureStackBackTrace
GetSystemDefaultLCID
GetSystemTimeAsFileTime
AddAtomW
SetConsoleCursorInfo
SetThreadUILanguage
QueryDepthSList
GetFileAttributesExA
GetAtomNameA

msvcrt

_ismbcl0
__p__wcmdln
_mbsinc
_getdrives
realloc
wcstoul
_mbsnicoll
??0bad_cast@@QAE@ABQBD@Z
_mktemp
_clearfp
_ismbbgraph
_adj_fdivr_m64
_wstat
_wspawnlp

ntdll

ZwQuerySymbolicLinkObject
ZwContinue
NtWaitLowEventPair
ZwNotifyChangeMultipleKeys
CsrCaptureMessageString
ZwCreateMutant
RtlGetNtGlobalFlags
RtlGetFrame
NtAssignProcessToJobObject
ZwCreateEvent
RtlCopyString
strstr
ZwReplyWaitReplyPort
RtlConvertSharedToExclusive
log
RtlMoveMemory
_CIcos
RtlTimeToElapsedTimeFields
NtFindAtom
NtClose
NtQueryDefaultLocale
DbgUiWaitStateChange
ZwQueryValueKey

user32

EndDialog

msvcp60

??9std@@YA_NABNABV?$complex@N@0@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?length@?$char_traits@G@std@@SAIPBG@Z
?do_decimal_point@?$_Mpunct@D@std@@MBEDXZ
?scan_is@?$ctype@G@std@@QBEPBGFPBG0@Z
??4?$basic_ios@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
?is_open@?$basic_fstream@GU?$char_traits@G@std@@@std@@QBE_NXZ
??_F?$messages@D@std@@QAEXXZ
??Dstd@@YA?AV?$complex@O@0@ABV10@0@Z
?infinity@?$numeric_limits@N@std@@SANXZ

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1531aba399011185c8f17d63bdd8abb7

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

kernel32

msvcrt

ntdll

user32

msvcp60

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 18KB - Virtual size: 29KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 260B

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 18KB - Virtual size: 29KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 260B