78c745dbb4b74891163cf0638151c98b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

78c745dbb4b74891163cf0638151c98b_JaffaCakes118
Size

117KB
MD5

78c745dbb4b74891163cf0638151c98b
SHA1

7dff5d7751e2af3c35327711559098af12bf3d62
SHA256

1c1dbef3ed9c67acdee01215109b1eba3d18f0d6ca715beba8e2409bc374fdcc
SHA512

8e82af97102d6967bdf51c1d1602b936ff47fc0e916231540be01796a657a9102d959bb30b3fafdf1360f4bb6f500cdb55be1e13c1946d7cb27f51c1d556f061
SSDEEP

3072:Ku8pFqotePlvdTRYVdaZNRwUHMbCspNBNKTyXA1Nk3iKyf5SedtE:rfo8V6aNCpTWTyXVyKME

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78c745dbb4b74891163cf0638151c98b_JaffaCakes118

Files

78c745dbb4b74891163cf0638151c98b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1d877f409800be016e78efd5c902fce1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

BeginUpdateResourceW
EnumSystemLocalesA
lstrcmpA
GetThreadContext
EnumTimeFormatsW
CreateJobSet
LocalHandle
CreateNamedPipeW
SetThreadExecutionState
GetPrivateProfileSectionNamesA
OpenJobObjectA
GetOEMCP
FindNextVolumeMountPointA
VirtualAlloc
HeapValidate
AddLocalAlternateComputerNameW
OpenSemaphoreW
InterlockedExchange
Process32Next
RegisterWowExec
SizeofResource
CreateSocketHandle
SetFileApisToOEM
FindFirstFileA
CreateDirectoryW
GetStringTypeW
lstrcmp
GetCommMask
ScrollConsoleScreenBufferW
GetProcessVersion
GetExitCodeThread
CreateFileMappingW
EraseTape
WritePrivateProfileStringA
GetConsoleAliasExesW
GetDateFormatW
_lclose
GetModuleHandleExW
FormatMessageW
SetLastConsoleEventActive
_hread
GetQueuedCompletionStatus
ReadFileScatter
WriteConsoleOutputCharacterW
DebugActiveProcessStop
GetNamedPipeInfo
IsBadCodePtr
GlobalMemoryStatus
LoadLibraryA
GlobalFlags
FindActCtxSectionGuid
InterlockedFlushSList
SetConsolePalette
ReleaseActCtx
UnregisterWait
GetConsoleCursorInfo
GetNumberOfConsoleInputEvents
Module32FirstW
GetCurrentConsoleFont
QueryPerformanceCounter
GetVolumeInformationA
UpdateResourceW
IsDBCSLeadByteEx
ReadConsoleInputW
GetSystemWow64DirectoryW
GetTapeStatus
GetWindowsDirectoryW
GetComputerNameW
GetCommConfig
EnumUILanguagesW
Beep
ReadConsoleOutputAttribute

msdart

?SetSpinCount@CCritSec@@SGKPAPAVCCriticalSection@@K@Z
?GetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGNXZ
??0CSingleList@@QAE@XZ
?sm_dblDfltSpinAdjFctr@CFakeLock@@1NA
?IsLocked@CLockedSingleList@@QBE_NXZ
??4CDoubleList@@QAEAAV0@ABV0@@Z
?IsReadUnlocked@CReaderWriterLock2@@QBE_NXZ
?_H0@CLKRLinearHashTable@@CGKKK@Z
?GetSpinCount@CSmallSpinLock@@QBEGXZ
?sm_pfnTryEnterCriticalSection@CCriticalSection@@0P6GHPAU_RTL_CRITICAL_SECTION@@@ZA
?ReadUnlock@CLKRHashTable@@QBEXXZ
?IsEmpty@CLockedDoubleList@@QBE_NXZ
?_H0@CLKRLinearHashTable@@ABEKK@Z
?DeleteIf@CLKRHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1@Z
?ConvertSharedToExclusive@CSpinLock@@QAEXXZ
?IsReadUnlocked@CReaderWriterLock@@QBE_NXZ
?IsWriteUnlocked@CReaderWriterLock2@@QBE_NXZ
?_RemoveThisFromGlobalList@CLKRHashTable@@AAEXXZ
?GetDefaultSpinCount@CReaderWriterLock2@@SGGXZ
IrtlTrace
?IsEmpty@CSingleList@@QBE_NXZ
?WriteLock@CReaderWriterLock3@@QAEXXZ
?SetTableLockSpinCount@CLKRHashTable@@QAEXG@Z
?IsUsable@CLKRHashTable@@QBE_NXZ
?SetSpinCount@CSpinLock@@QAE_NG@Z
MpHeapFree
?SetBucketLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock3@@SGNXZ
?FindRecord@CLKRLinearHashTable@@QBE?AW4LK_RETCODE@@PBX@Z
?IsReadLocked@CFakeLock@@QBE_NXZ
?_H1@CLKRLinearHashTable@@CGKKK@Z
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGXN@Z
?Pop@CSingleList@@QAEQAVCSingleListEntry@@XZ
?IsWriteLocked@CSpinLock@@QBE_NXZ
?Apply@CLKRLinearHashTable@@QAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@@Z

inetcomm

MimeOleGetPropW
MimeOleSMimeCapAddCert
HrDoAttachmentVerb
MimeOleEncodeHeader
MimeOleUnEscapeStringInPlace
MimeOleDecodeHeader
MimeOleCreateByteStream
HrAttachDataFromBodyPart
MimeOleGetBodyPropW
MimeOleFindCharset
EssSignCertificateEncodeEx
MimeOleSetPropA
MimeOleGetFileInfo
EssContentHintEncodeEx
CreatePOP3Transport
CreateRASTransport
HrGetLastOpenFileDirectory
EssSecurityLabelDecodeEx
MimeOleCreateHashTable
MimeOleGetBodyPropA
MimeOleAlgStrengthFromSMimeCap
MimeOleSetDefaultCharset
MimeOleGetPropertySchema
MimeGetAddressFormatW
EssMLHistoryDecodeEx
HrAthGetFileNameW
EssMLHistoryEncodeEx
MimeOleGetRelatedSection
MimeOleSetBodyPropW
MimeOleCreateVirtualStream
MimeEditGetBackgroundImageUrl
MimeOleGetContentTypeExt
MimeOleGenerateFileName
HrAttachDataFromFile
MimeEditDocumentFromStream
CreateIMAPTransport
MimeOleSMimeCapInit
MimeOleCreateBody
MimeOleGetCertsFromThumbprints
MimeOleSetBodyPropA
MimeOleParseRfc822AddressW
EssContentHintDecodeEx

msvcrt

wcstombs
_strcmpi
__p__commode
__p__pgmptr
__p__fmode
_getmbcp
_waccess
wcsftime
??_Fbad_cast@@QAEXXZ
exit
_commode
_mbstok
tmpnam
_toupper
_hypot
_mbschr
_global_unwind2
??8type_info@@QBEHABV0@@Z
_adj_fpatan
__p__winver
_outpw
wprintf
__p__winminor
_wcsdup
_fstati64
raise
_CIsqrt
_local_unwind2
_flushall
_daylight
_mbspbrk
__set_app_type
__getmainargs
wctomb
_wenviron
_iob
rewind
_stricoll
fgets

crtdll

_wcsupr
_c_exit
_mbsncpy
bsearch
_itow
_ctype
_CIfmod
wcsstr
_chgsign
_timezone_dll
fflush
_heapchk
wcstod
_wcslwr
_execle
_strrev
wcsftime
_scalb
_strnextc
fwscanf
_CIsqrt
_y0
difftime
cosh
_chdrive

user32

RegisterClassW
DefWindowProcW
PostQuitMessage

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d877f409800be016e78efd5c902fce1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msdart

inetcomm

msvcrt

crtdll

user32

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 16KB - Virtual size: 41KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 16KB - Virtual size: 41KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B