77bb5d109587af634f7a1b17a320b1fd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

77bb5d109587af634f7a1b17a320b1fd_JaffaCakes118
Size

381KB
MD5

77bb5d109587af634f7a1b17a320b1fd
SHA1

59ab28ee1ffa5d25cb617d0237bbb81bcde28a8a
SHA256

c6579c8b7120467a90331a97b4256d929810e2adde752be4c317818504cf95d1
SHA512

8fe35f442834f6bd7a3f3ff3bf99cf4fc0010613dfd0860d5e491c05280acf6331758688da8897c6dfe8490604757f3470e7a14c5c1648694048fc9ce95c54ee
SSDEEP

6144:bOnTgQ2H8W98QqkJaGwWaLubnOq53T3Nnzo1UssNU0ihVeA2DewiG:b8SqOaGJacNJnz9uZVeTDewi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
77bb5d109587af634f7a1b17a320b1fd_JaffaCakes118

Files

77bb5d109587af634f7a1b17a320b1fd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3670515757ef01dbf48261a9ba465338

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

DbgSetDebugFilterState
NtCancelIoFile
RtlCreateUserThread
ZwCreateKey
RtlImageRvaToVa
RtlNumberGenericTableElements
KiUserApcDispatcher
NtGetPlugPlayEvent
RtlGetCurrentDirectory_U
NtQueryTimer
ZwSetContextThread
ZwWaitLowEventPair
ZwEnumerateSystemEnvironmentValuesEx
NtTerminateProcess
NtQueryKey
ZwCreateProcess
RtlLengthRequiredSid
NtCreatePort
RtlTimeToTimeFields
NtLoadKey2
NtQueryQuotaInformationFile
ZwRestoreKey
RtlUpcaseUnicodeToCustomCPN
ZwSetHighWaitLowEventPair
NtSetLowWaitHighEventPair
RtlDowncaseUnicodeChar

msvcrt40

?rdstate@ios@@QBEHXZ
??0filebuf@@QAE@ABV0@@Z
??_7logic_error@@6B@
?setbuf@strstreambuf@@UAEPAVstreambuf@@PADH@Z
??0bad_typeid@@QAE@PBD@Z
??0ifstream@@QAE@HPADH@Z
memcmp
remove
_fpieee_flt
_tell
?rdbuf@strstream@@QBEPAVstrstreambuf@@XZ
_j0
?read@istream@@QAEAAV1@PAEH@Z
?overflow@stdiobuf@@UAEHH@Z
_fcvt
?tellg@istream@@QAEJXZ
rename
ungetwc
_seh_longjmp_unwind
_ismbbkpunct
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
_wexecl
_strerror
_ismbcsymbol
??1strstreambuf@@UAE@XZ
??_7ostream@@6B@
_execv
?setbuf@filebuf@@UAEPAVstreambuf@@PADH@Z
_fputchar
_tempnam
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
iswupper

duser

AutoTrace
RemoveGadgetMessageHandler
DUserDeleteGadget
SetGadgetRotation
DUserFindClass
DeleteHandle
GetStdColorI
IsInsideContext
RemoveGadgetProperty
GetGadgetTicket
GetGadgetFocus
GetGadgetStyle
SetActionTimeslice
UnregisterGadgetMessage
GetDebug
FindStdColor
DUserGetScalePRID
PeekMessageExW
CreateAction
EnumGadgets
GetGadgetSize
FindGadgetFromPoint
DUserBuildGadget
DUserPostMethod
GetGadgetRotation
GetStdColorF
GetGadgetProperty
IsStartDelete
GetStdColorBrushI
SetGadgetProperty
GetGadgetRootInfo
UtilDrawOutlineRect
FindGadgetMessages
DUserRegisterSuper
BuildDropTarget
GetStdColorName
SetGadgetParent
SetGadgetMessageFilter
BuildAnimation
MapGadgetPoints
PeekMessageExA
DUserCastHandle
GetGadgetRect
DUserGetRotatePRID
DUserSendEvent

kernel32

CopyFileExA
ConvertThreadToFiber
lstrcatW
WriteFileGather
LocalAlloc
SetThreadUILanguage
GetLogicalDriveStringsA
EnumSystemLanguageGroupsW
WriteFile
IsWow64Process
BuildCommDCBAndTimeoutsA
CancelWaitableTimer
CreateFileMappingW
lstrcpynW
ClearCommError
PeekConsoleInputA
EnumUILanguagesA
CreateSemaphoreA
SetFileTime
Heap32Next
GetCurrentProcessId
FindFirstFileExA
GetVersionExW
DeleteCriticalSection
GetConsoleInputExeNameA
PulseEvent
SetConsoleWindowInfo
SetFilePointerEx
IsValidLanguageGroup
WaitForSingleObjectEx
UnregisterConsoleIME
GetEnvironmentVariableW
SetVolumeMountPointA
GetEnvironmentStringsW
GetCurrentThread
CreateMemoryResourceNotification
GetFileInformationByHandle
EnumSystemLocalesW
GetPriorityClass
LCMapStringA
EnumerateLocalComputerNamesA
CreateMailslotW
EndUpdateResourceA
_lclose
BuildCommDCBW
LoadLibraryA
VirtualAlloc
CreateSemaphoreW
GetPrivateProfileStringW
GetStartupInfoA
ReadConsoleA
CloseConsoleHandle
GetFileType
OpenMutexA
SetSystemTimeAdjustment
CreateDirectoryA
DeleteFileW
ReadConsoleOutputA
ZombifyActCtx
UnhandledExceptionFilter
WriteConsoleInputA
IsProcessorFeaturePresent
GetNumaNodeProcessorMask
SetLastConsoleEventActive
RemoveDirectoryA
RegisterConsoleOS2
ReleaseSemaphore
LZOpenFileW
DeleteAtom
ConnectNamedPipe
QueryPerformanceCounter

catsrvut

QueryUserDllW
??0CComPlusObject@@QAE@ABV0@@Z
??1CComPlusInterface@@UAE@XZ
RunMTSToCom
??4CComPlusTypelib@@QAEAAV0@ABV0@@Z
CGMIsAdministrator
SysprepComplus2
StartMTSTOCOM
??4CComPlusObject@@QAEAAV0@ABV0@@Z
??0CComPlusInterface@@QAE@ABV0@@Z
??4CComPlusInterface@@QAEAAV0@ABV0@@Z
RegDBRestore
??_7CComPlusMethod@@6B@
DllGetClassObject
FindAssemblyModulesW
WinlogonHandlePendingInfOperations
??0CComPlusComponent@@QAE@ABV0@@Z
??4CComPlusMethod@@QAEAAV0@ABV0@@Z
??0CComPlusMethod@@QAE@ABV0@@Z
COMPlusUninstallActionW
??4CComPlusComponent@@QAEAAV0@ABV0@@Z
ManagedRequestW
??_7CComPlusComponent@@6B@
??_7CComPlusInterface@@6B@
?GetITypeLib@CComPlusTypelib@@QAEPAUITypeLib@@XZ
??1CComPlusComponent@@UAE@XZ
SysprepComplus
??_7CComPlusObject@@6B@
RegDBBackup

ole32

CreateErrorInfo
IsValidInterface
CoFreeAllLibraries
OleCreateFromFileEx
DcomChannelSetHResult
CoReleaseServerProcess
CoDisconnectObject
WriteClassStm
HACCEL_UserSize
StringFromCLSID
DoDragDrop
CoDosDateTimeToFileTime
HMETAFILE_UserUnmarshal
HICON_UserUnmarshal
HBITMAP_UserMarshal
HDC_UserFree
HENHMETAFILE_UserFree
UtConvertDvtd32toDvtd16
StgCreatePropStg
ComPs_NdrDllGetClassObject
HMETAFILEPICT_UserSize
CoGetDefaultContext
CoRegisterPSClsid
OleRegEnumVerbs
CoInitializeSecurity
ReleaseStgMedium
ReadClassStg

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3670515757ef01dbf48261a9ba465338

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

msvcrt40

duser

kernel32

catsrvut

ole32

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 126KB - Virtual size: 126KB

.data Size: 512B - Virtual size: 640KB

.rsrc Size: 181KB - Virtual size: 181KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 126KB - Virtual size: 126KB

.data
Size: 512B - Virtual size: 640KB

.rsrc
Size: 181KB - Virtual size: 181KB

.reloc
Size: 1024B - Virtual size: 1024B