7869cb89c3d13848cc2f8a701a43f977_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7869cb89c3d13848cc2f8a701a43f977_JaffaCakes118
Size

370KB
MD5

7869cb89c3d13848cc2f8a701a43f977
SHA1

6a7b20769d4b2ecc248e43a1b348689ce12d112f
SHA256

70a7d9499e7498c778198ffbb8b705fb5eaf51664acb725e9ba8118e1fb2ed99
SHA512

cf86d6ef4459963f6743ef5fad727026a3d5ab035698aeb7c17967dc8801794b28362e33aa33f08117c5d12f172a4d03b74e135c667ed7132f263a925154ff60
SSDEEP

6144:vR+UpPckN4fzZU+FRwELJrbSA0d3mAA/rc0k8DrH9aeLAIo+rC6YJDOaWR0ErlV+:j0fzq+FKiJrbGJmAKhv9LLAbkC7mVd/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7869cb89c3d13848cc2f8a701a43f977_JaffaCakes118

Files

7869cb89c3d13848cc2f8a701a43f977_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bbb2cb04efc9f65d61f681f81f1325bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

msvcrt

_setjmp
__getmainargs
_pgmptr
getchar
_yn
_wcsicoll
strpbrk
__winitenv
fprintf
_getwche
_wunlink
_ismbclegal
_fputchar
wcscat
_vscprintf
??_G__non_rtti_object@@UAEPAXI@Z
asin
??_7__non_rtti_object@@6B@
_heapadd
_wtmpnam
_strrev
ldexp
___lc_handle_func
_aligned_offset_malloc
_purecall
_amsg_exit
_itow
__wgetmainargs
malloc
??0exception@@QAE@ABQBD@Z
_getmbcp
_wfdopen
_isatty
iswcntrl
_spawnv
_mbsbtype
_ismbcl0
_mbsspn
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
__doserrno

d3d8thk

OsThunkDdUnlockD3D
OsThunkDdDeleteSurfaceObject
OsThunkD3dDrawPrimitives2
OsThunkDdFlip
OsThunkDdDestroyD3DBuffer
OsThunkDdUpdateOverlay
OsThunkDdGetBltStatus
OsThunkD3dContextCreate
OsThunkDdEndMoCompFrame
OsThunkDdCreateSurface
OsThunkDdGetDxHandle
OsThunkDdCreateSurfaceObject
OsThunkD3dContextDestroy
OsThunkDdColorControl
OsThunkD3dValidateTextureStageState
OsThunkDdSetColorKey
OsThunkDdSetGammaRamp
OsThunkDdResetVisrgn
OsThunkDdCreateDirectDrawObject
OsThunkDdReenableDirectDrawObject
OsThunkDdCreateD3DBuffer
OsThunkDdBeginMoCompFrame
OsThunkDdGetMoCompFormats
OsThunkDdRenderMoComp
OsThunkDdAddAttachedSurface
OsThunkDdUnlock
OsThunkDdGetMoCompBuffInfo
OsThunkDdBlt
OsThunkDdDeleteDirectDrawObject
OsThunkDdGetAvailDriverMemory
OsThunkDdCreateSurfaceEx
OsThunkDdGetScanLine
OsThunkDdGetFlipStatus
OsThunkDdFlipToGDISurface
OsThunkDdAlphaBlt
OsThunkDdReleaseDC

rasapi32

RasSetEntryDialParamsA
RasValidateEntryNameA
RasGetErrorStringA
RasQueryRedialOnLinkFailure
RasQuerySharedAutoDial
RasGetAutodialAddressW
RasClearLinkStatistics
RasSetAutodialParamW
RasAutodialEntryToNetwork
RasClearConnectionStatistics
DwEnumEntryDetails
RasEnumDevicesW
RasGetProjectionInfoA
RasAutoDialSharedConnection
RasSetSharedAutoDial
UnInitializeRAS
RasGetEntryDialParamsA
RasScriptSend
RasEnumConnectionsA
RasEditPhonebookEntryA
RasSetCredentialsW
RasGetSubEntryHandleW
RasSetCredentialsA
RasGetEntryPropertiesA
RasInvokeEapUI
RasSetSubEntryPropertiesW
RasCreatePhonebookEntryW
RasEnumEntriesW
DwCloneEntry
RasSetAutodialAddressA
RasConnectionNotificationW
RasSetCustomAuthDataA
RasGetEapUserDataA
RasIsSharedConnection
RasGetEntryHrasconnW
RasRenameEntryW
RasGetCredentialsW
RasAutodialAddressToNetwork
RasGetAutodialEnableA

ntdll

RtlEnumerateGenericTable
strcmp
strncpy
NtCreateKeyedEvent
ZwRequestPort
RtlEnlargedUnsignedMultiply
ZwCreateSection
RtlAppendAsciizToString
RtlGetElementGenericTable
abs
RtlInterlockedPushListSList
ZwWaitForMultipleObjects
RtlUpcaseUnicodeToCustomCPN
RtlUnicodeStringToAnsiSize
RtlAnsiCharToUnicodeChar
NtCreateDirectoryObject
RtlMultiByteToUnicodeN
NtSetDefaultLocale
ZwEnumerateValueKey
ZwIsSystemResumeAutomatic
isdigit
ZwDuplicateObject
ZwUnlockFile
_atoi64
RtlInitString
RtlQueryInformationActiveActivationContext
RtlCreateActivationContext
RtlCreateBootStatusDataFile

crtdll

_rmtmp
_filbuf
_open
_dup2
_getsystime
__doserrno
_cabs
_global_unwind2
_assert
_mbscmp
strncpy
iscntrl
_fstat
strcpy
fwprintf
_ismbslead
wcstoul
_popen
_putenv
_iob
_splitpath
_ismbchira
acos
_strnextc
_CItan
swprintf
_CIfmod
_sopen
ldiv
iswgraph
__threadid
__isascii
_mbsdup
is_wctype
isxdigit
_baseversion_dll
abort
wcscpy
_mbcjistojms

mpr

WNetGetProviderTypeA
WNetGetUniversalNameW
MultinetGetErrorTextW
WNetConnectionDialog2
WNetGetProviderTypeW
WNetSetLastErrorW
MultinetGetErrorTextA
WNetCancelConnectionA
WNetGetConnection2A
WNetDirectoryNotifyA
WNetGetUniversalNameA
WNetGetLastErrorA
WNetDisconnectDialog1W
WNetGetConnection3W
WNetConnectionDialog
WNetEnumResourceA
WNetClearConnections
WNetSetConnectionW
WNetCloseEnum
WNetAddConnection2W
WNetGetPropertyTextW
WNetAddConnectionW
WNetDisconnectDialog
WNetGetHomeDirectoryW
WNetPropertyDialogA
WNetSetLastErrorA
WNetCancelConnection2W
WNetAddConnection3W
WNetGetResourceInformationW
WNetGetProviderNameW
WNetGetSearchDialog
WNetAddConnection2A
WNetGetConnectionW
WNetFormatNetworkNameW
WNetDirectoryNotifyW
WNetUseConnectionA
WNetAddConnectionA
WNetUseConnectionW
WNetAddConnection3A

kernel32

FindNextVolumeW
CloseConsoleHandle
_lopen
NlsGetCacheUpdateCount
GetVolumePathNamesForVolumeNameA
EnumCalendarInfoW
GetWindowsDirectoryA
GetSystemInfo
GetNumaAvailableMemoryNode
EnumUILanguagesA
lstrcpyW
GetCurrentProcess
SetFileValidData
FreeConsole
SetThreadExecutionState
SetHandleInformation
SignalObjectAndWait
SetConsoleInputExeNameW
GetConsoleMode
QueryInformationJobObject
BeginUpdateResourceA
FileTimeToSystemTime
LocalAlloc
BuildCommDCBW
LoadLibraryA
VirtualAlloc
SetFileTime
HeapDestroy
GetEnvironmentStringsW
GetCurrentThread
QueryPerformanceCounter
CopyFileExW
WriteProfileSectionW
ReadConsoleInputExW
GetCPInfo
GetCalendarInfoA

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 485KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbb2cb04efc9f65d61f681f81f1325bc

Headers

File Characteristics

Imports

msvcrt

d3d8thk

rasapi32

ntdll

crtdll

mpr

kernel32

Sections

.text Size: 82KB - Virtual size: 82KB

.rdata Size: 123KB - Virtual size: 123KB

.data Size: 1KB - Virtual size: 485KB

.rsrc Size: 162KB - Virtual size: 162KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 82KB - Virtual size: 82KB

.rdata
Size: 123KB - Virtual size: 123KB

.data
Size: 1KB - Virtual size: 485KB

.rsrc
Size: 162KB - Virtual size: 162KB

.reloc
Size: 1024B - Virtual size: 1024B