79151faa08bda3befa64337afeb0dd02_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

79151faa08bda3befa64337afeb0dd02_JaffaCakes118
Size

42KB
MD5

79151faa08bda3befa64337afeb0dd02
SHA1

dfa88950b0b39d82f128dd22816602c06b324e1c
SHA256

187ad9ce054c3eb4b057bd88541d132927ef0a49791aa2114fbed61423b0403b
SHA512

b680b8e5603b30dd6f0856aa01d34ac1c43a3f6461d3c443df72a7baaf6189977af9a1c798aadbe28d2f5ca0180fa417f3a11c1878c3da7829853f54ef95b90f
SSDEEP

768:fyzao9w7Y/Ue5zEdY4Qv/CZi84m9mEkGhUS0nRkjz8Hn9VOCoki2N:fiaamu5wW4Qv/vmoEkGh6Wz8dVO16N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79151faa08bda3befa64337afeb0dd02_JaffaCakes118

Files

79151faa08bda3befa64337afeb0dd02_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a4a6e7f4461fdc28f56acbe17d71eb76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt20

?str@ostrstream@@QAEPADXZ
??_Dstrstream@@QAEXXZ
_tcsncpy
_ismbcgraph
strerror
__p__pwctype
_ismbbpunct
??1stdiostream@@UAE@XZ
?eof@ios@@QBEHXZ
getenv
_findfirst
longjmp
??0ostream@@IAE@ABV0@@Z
?x_statebuf@ios@@0QAJA
_ismbbgraph
isspace
_CIfmod
fputs
??5istream@@QAEAAV0@PAVstreambuf@@@Z
??_8ostream_withassign@@7B@
??4stdiostream@@QAEAAV0@AAV0@@Z
_mbsrchr
_mbsnbcoll
mbstowcs
iswlower
__STRINGTOLD
??0ofstream@@QAE@HPADH@Z
_local_unwind2
cosh
_mbbtype
?read@istream@@QAEAAV1@PACH@Z
_jn
?ignore@istream@@QAEAAV1@HH@Z
?lockbuf@ios@@QAAXXZ
?gcount@istream@@QBEHXZ
_itoa
?pbump@streambuf@@IAEXH@Z
??_Efilebuf@@UAEPAXI@Z
_wperror
_tolower
_mbsnbicoll
toupper
_wgetcwd
?ipfx@istream@@QAEHH@Z
?lock@streambuf@@QAEXXZ
swscanf
acos
??0ostream@@IAE@XZ
freopen

kernel32

_hwrite
WriteProcessMemory
SetConsoleOS2OemFormat
GetDateFormatA
SetConsoleCursor
GetBinaryType
GetDefaultCommConfigA
CreatePipe
GetConsoleScreenBufferInfo
OpenConsoleW
WriteConsoleW
lstrlen
EnumResourceTypesW
WritePrivateProfileStringW
ReadDirectoryChangesW
ReadFileEx
GetStringTypeExW
LZCopy
VirtualAlloc
VerifyConsoleIoHandle
LoadLibraryA
GetHandleContext
SetUnhandledExceptionFilter
TlsSetValue
GetComputerNameExW
GetLocaleInfoW
HeapUnlock
GetConsoleProcessList
LoadLibraryW
ReleaseSemaphore
GetPrivateProfileSectionNamesA
GetModuleHandleA

oleaut32

VarDecFromUI8
SysFreeString
SafeArrayUnaccessData
VarDecFromI2
VARIANT_UserUnmarshal
VarBstrFromI4
VarDateFromBool
DllRegisterServer
VarI8FromDisp
VarUI8FromR4
VarBoolFromDisp
SafeArrayGetUBound
SafeArrayDestroyData
VarNumFromParseNum
VarDecCmp
VarUI8FromBool
VarDecFromI8
VarUI2FromStr
VarNeg
VarBstrFromUI2
OACreateTypeLib2
VarI2FromCy
VarUI4FromR8
SysReAllocStringLen
VarI2FromUI4

user32

UpdateWindow
CharLowerA
CharUpperW
GetMonitorInfoW
EnumChildWindows
SetClassLongW
IsCharAlphaW
ChangeDisplaySettingsExW
DefMDIChildProcW
DlgDirListA
DispatchMessageA
DeleteMenu
CharUpperBuffA
ModifyMenuA
SetUserObjectInformationW
DlgDirSelectComboBoxExA
SwitchDesktop
GetUpdateRgn
DrawFrame
SetDoubleClickTime
GetMenuState
GetMonitorInfoA
GetInternalWindowPos
HiliteMenuItem
OemToCharBuffA
BlockInput

wldap32

ldap_delete_sA
ldap_check_filterA
ldap_first_attribute
ldap_free_controls
ldap_get_dnW
ldap_compare_extA
ldap_modify_ext_s
ldap_sasl_bind_sW
ldap_searchW
ldap_compare_ext
ldap_search_st
ldap_create_vlv_controlW
ldap_bind_s
ber_flatten
ldap_sslinitW
ldap_extended_operation_sW
ldap_deleteA
ber_scanf
ldap_get_values
ldap_result2error
ldap_stop_tls_s
ldap_ufn2dnA
ldap_get_option
ldap_compare_ext_sW
ldap_rename_ext_sA
ldap_close_extended_op
ldap_dn2ufn
ldap_get_dn

cdosys

DllCanUnloadNow
DllUnregisterServer
DllGetClassObject
DllRegisterServer

msorcl32

SQLFetch
SQLSetScrollOptions
SQLError
SQLFreeConnect
SQLCancel
DllRegisterServer
SQLGetCursorName
SQLParamData
SQLGetInfo
SQLSpecialColumns
SQLSetPos
SQLNumResultCols
SQLGetConnectOption
SQLColumns
SQLNativeSql
DllMain
SQLSetCursorName
SQLNumParams
SQLSetStmtOption
SQLTransact
LoadByOrdinal
SQLExecDirect
SQLConnect

Sections

.text
Size: 1024B - Virtual size: 710B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4a6e7f4461fdc28f56acbe17d71eb76

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt20

kernel32

oleaut32

user32

wldap32

cdosys

msorcl32

Sections

.text Size: 1024B - Virtual size: 710B

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 16KB - Virtual size: 81KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 68B

.text
Size: 1024B - Virtual size: 710B

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 16KB - Virtual size: 81KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 68B