780138fec97037e5ea8952a6bce1ba2a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

780138fec97037e5ea8952a6bce1ba2a_JaffaCakes118
Size

70KB
MD5

780138fec97037e5ea8952a6bce1ba2a
SHA1

57707003695ae01cf7544496c47b48face792e9b
SHA256

c5844d0601159a353ff3b5c45ebe62795ff7a883d5cfdb3fad1b2d8b60f9f59e
SHA512

351ff0c5f1dbd834ba8eac490cc1a7b503cced1a516c66afc49d40638599ffe06d76f2b41e5812046afb2e98fd31f6040439801999b112a70c4b8992402f1a93
SSDEEP

1536:UPGu/VjqQkBe2N4weMVlXNZVt+AELpgwj4omtVBa/imVeOXax4Ws9gy:OGusvBP6wNrLVt+AE9gwjsVBI9e6qtQt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
780138fec97037e5ea8952a6bce1ba2a_JaffaCakes118

Files

780138fec97037e5ea8952a6bce1ba2a_JaffaCakes118
.exe windows:1 windows x86 arch:x86

bfb0d7b9d712a9656d46689a0341635c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmIMPSetIMEA
ImmAssociateContext
ImmGetCompositionFontA
ImmGetCompositionWindow
ImmDestroyIMCC
ImmGetConversionListW
ImmIsUIMessageA
ImmRegisterClient
ImmSetCompositionStringW
ImmGetImeInfoEx
ImmGetConversionStatus
ImmGetCompositionFontW
ImmRequestMessageW
ImmGetDefaultIMEWnd
ImmSetActiveContextConsoleIME
ImmSendIMEMessageExA
ImmSystemHandler
ImmCallImeConsoleIME
ImmInstallIMEW
ImmEscapeA
ImmGetImeMenuItemsW
ImmShowSoftKeyboard
ImmDestroyContext
ImmGetIMCLockCount
ImmEnumInputContext
ImmCreateContext
ImmRegisterWordW
ImmLockIMCC
ImmUnregisterWordA
ImmIsIME
ImmCreateSoftKeyboard
ImmGetGuideLineW
ImmGetHotKey

crypt32

I_CryptDisableLruOfEntries
CryptSIPGetSignedDataMsg
CertNameToStrA
CertFindCertificateInCRL
CryptGetOIDFunctionAddress
CryptMemRealloc
CertFreeCertificateContext
CryptEnumOIDFunction
CryptHashMessage
CryptUnregisterOIDInfo
CertEnumCTLsInStore
I_CryptUninstallAsn1Module
I_CryptCreateLruCache
CertAddEncodedCertificateToSystemStoreW
CryptVerifySignatureU
CertUnregisterPhysicalStore
CertDuplicateStore
CertCreateCTLContext
CertAddEnhancedKeyUsageIdentifier
CryptEnumOIDInfo
CertCreateCRLContext
CertEnumCRLsInStore
CertSerializeCTLStoreElement
CryptEncryptMessage
CertComparePublicKeyInfo
CryptSetProviderU
CertGetEnhancedKeyUsage
CertSerializeCertificateStoreElement
I_CertSrvProtectFunction
CertAddCRLContextToStore
CryptMsgVerifyCountersignatureEncoded
CertAddCertificateLinkToStore
CryptInitOIDFunctionSet
CryptStringToBinaryW
I_CryptGetDefaultCryptProvForEncrypt
I_CryptDetachTls
CertAddStoreToCollection
CryptEnumKeyIdentifierProperties
CertGetSubjectCertificateFromStore
CryptSIPLoad
CryptImportPublicKeyInfoEx
CryptVerifyCertificateSignatureEx
CertFindSubjectInCTL
I_CryptReleaseLruEntry
CertAddEncodedCertificateToSystemStoreA

msdart

??0CReaderWriterLock2@@QAE@XZ
?Unlock@CLockedDoubleList@@QAEXXZ
?DeleteRecord@CLKRLinearHashTable@@QAE?AW4LK_RETCODE@@PBX@Z
?IsLocked@CLockedDoubleList@@QBE_NXZ
?ReadLock@CReaderWriterLock2@@QAEXXZ
??4CLKRHashTableStats@@QAEAAV0@ABV0@@Z
?_TryReadLock@CReaderWriterLock@@AAE_NXZ
?_RemoveThisFromGlobalList@CLKRHashTable@@AAEXXZ
?IsReadUnlocked@CLKRHashTable@@QBE_NXZ
?InsertTail@CDoubleList@@QAEXQAVCListEntry@@@Z
?FindRecord@CLKRLinearHashTable@@QBE?AW4LK_RETCODE@@PBX@Z
?sm_dblDfltSpinAdjFctr@CSmallSpinLock@@1NA
??0CFakeLock@@QAE@XZ
?Last@CDoubleList@@QBEQAVCListEntry@@XZ
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGXN@Z
?ConvertSharedToExclusive@CReaderWriterLock@@QAEXXZ
?SetTableLockSpinCount@CLKRHashTable@@QAEXG@Z
?SetSpinCount@CSpinLock@@QAE_NG@Z
?SetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGXN@Z
?RemoveTail@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?TryReadLock@CReaderWriterLock2@@QAE_NXZ
?WriteLock@CSpinLock@@QAEXXZ
?GetDefaultSpinCount@CReaderWriterLock3@@SGGXZ
?IsWriteLocked@CLKRLinearHashTable@@QBE_NXZ
??0CLockedSingleList@@QAE@XZ
?ReadOrWriteUnlock@CSpinLock@@QAEX_N@Z
?ConvertSharedToExclusive@CFakeLock@@QAEXXZ
?_TryLock@CSmallSpinLock@@AAE_NXZ
?_CalcKeyHash@CLKRHashTable@@ABEKK@Z
?_InsertThisIntoGlobalList@CLKRLinearHashTable@@AAEXXZ
?TryWriteLock@CCritSec@@QAE_NXZ
?ReadUnlock@CReaderWriterLock2@@QAEXXZ
?SetSpinCount@CSmallSpinLock@@QAE_NG@Z
?IsWinNt4orLater@CMdVersionInfo@@SAHXZ
?ReadLock@CReaderWriterLock3@@QAEXXZ
?s_aBucketSizes@?1??BucketSizes@CLKRHashTableStats@@SGPBJXZ@4QBJB
?_TryReadLock@CReaderWriterLock2@@AAE_NXZ
?ReadOrWriteLock@CFakeLock@@QAE_NXZ

kernel32

GetCurrentDirectoryA
CloseHandle
RegisterWowBaseHandlers
VirtualAlloc
SetThreadAffinityMask
DeleteFileW
LocalSize
GetPrivateProfileStructW
WritePrivateProfileSectionW
lstrcat
GetLocaleInfoW
GetPriorityClass
TerminateThread
CreateEventW
GetStartupInfoW
LocalLock
GetFileAttributesExW
SetupComm
GetPrivateProfileSectionNamesA
FlushFileBuffers
SetFileTime
DeleteAtom
OpenEventW
LocalAlloc
SetTapeParameters
GetCommTimeouts
EnumUILanguagesW
GetSystemDefaultLCID
DebugBreakProcess
ReleaseMutex
SetProcessWorkingSetSize
GetConsoleMode
RtlZeroMemory
DeactivateActCtx
ReadConsoleOutputAttribute
RegisterWaitForSingleObject
OpenMutexW
HeapCreate
GetConsoleAliasExesLengthW
EnumSystemGeoID
LoadLibraryA

imagehlp

ImageNtHeader
SymFunctionTableAccess
ImageDirectoryEntryToData
UpdateDebugInfoFileEx
UnmapDebugInformation
SymGetLineNext64
ImageRemoveCertificate
FindExecutableImageEx
ImageEnumerateCertificates
SymEnumerateModules64
SymGetSymFromAddr64
SymGetSymPrev64
SymGetLineNext
SymGetLineFromAddr
ImageGetCertificateData
ReBaseImage64
SymEnumSymbols
SymSetSearchPath
MapAndLoad
SymUnDName64
SymUnloadModule64
SymEnumerateSymbols64
SymRegisterFunctionEntryCallback64
MapFileAndCheckSumA
ReBaseImage
SymGetSymFromName64
GetTimestampForLoadedLibrary
ImageAddCertificate
SymSetContext
SymLoadModule64
SymInitialize
SymLoadModule
MakeSureDirectoryPathExists

mswsock

SetServiceW
GetAddressByNameA
GetServiceA
EnumProtocolsA
GetAddressByNameW
NPLoadNameSpaces
NSPStartup
MigrateWinsockConfiguration
GetServiceW
GetAcceptExSockaddrs
WSPStartup
SetServiceA
StopWsdpService
s_perror
EnumProtocolsW
GetTypeByNameW
WSARecvEx
GetNameByTypeW
AcceptEx
StartWsdpService
TransmitFile
GetNameByTypeA
dn_expand
GetTypeByNameA

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfb0d7b9d712a9656d46689a0341635c

Headers

File Characteristics

Imports

imm32

crypt32

msdart

kernel32

imagehlp

mswsock

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 24KB - Virtual size: 170KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 24KB - Virtual size: 170KB

.rsrc
Size: 2KB - Virtual size: 2KB