6bbe49ddeca93af7108f46f794ac3238_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6bbe49ddeca93af7108f46f794ac3238_JaffaCakes118
Size

80KB
MD5

6bbe49ddeca93af7108f46f794ac3238
SHA1

e7c896a85b0dc6a8b82ba5c3c4805a53809aeeb1
SHA256

9dce8012cd70224ce0bccd7a5ce6878021522b5aeffd37c656d0a5382c3c0723
SHA512

be5fe897e94eb131095075564c2919a635341ed32a6262dcfc7e930cf53533c191aa8b32451cdbd244e5bc90c6979438d041d851c284d39c0314f25681b2bccd
SSDEEP

1536:Tp4oSLcDn7aj9HFEnVdbwJMvM4EmfxnzFRtkQUFdguGJCFn6dxqCGKMxlD:94oYjfGV5wJM04xRTI1GJCFn6dxqwc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6bbe49ddeca93af7108f46f794ac3238_JaffaCakes118

Files

6bbe49ddeca93af7108f46f794ac3238_JaffaCakes118
.exe windows:4 windows x86 arch:x86

abf1309a1c3e13b412fba28e13442441

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TermsrvAppInstallMode
LoadLibraryA
VirtualAlloc
ReadConsoleOutputA
GetNamedPipeHandleStateW
SetVolumeMountPointW
SetConsoleLocalEUDC
GetSystemWindowsDirectoryA
CopyFileExA
GetDateFormatW
EnumLanguageGroupLocalesA
CreateJobObjectA
InitializeSListHead
GetStartupInfoW
InvalidateConsoleDIBits
GetComPlusPackageInstallStatus
CopyLZFile
LockResource
WaitForMultipleObjectsEx
lstrcmp
ReadConsoleOutputW
SetTermsrvAppInstallMode
RtlCaptureStackBackTrace
ReplaceFileA
GetOverlappedResult
CreateEventW
GetThreadTimes
LoadResource
VirtualQueryEx
SetDefaultCommConfigW
DnsHostnameToComputerNameA
LocalUnlock
SetLocalTime
GetLogicalDrives
SetSystemTimeAdjustment
GetNumberOfConsoleFonts
_hread
WriteConsoleOutputCharacterA
ReleaseActCtx
GetExpandedNameA
LocalAlloc
PeekNamedPipe
VerLanguageNameW
GetConsoleAliasW
GetStringTypeA
GetThreadContext
GetConsoleCharType
GetTapePosition
GetConsoleScreenBufferInfo
WriteProfileStringW
GetCurrentConsoleFont
OpenFileMappingW
GetConsoleCommandHistoryW
BuildCommDCBW
GetSystemDefaultLCID
GetTickCount
GetModuleHandleExW
GetLocaleInfoW
GetConsoleKeyboardLayoutNameW
GetDriveTypeW
EnumResourceNamesW
FindNextFileA
SetThreadPriority
SetConsoleMenuClose
CreateTapePartition
SetProcessShutdownParameters
GlobalUnWire
DeleteFileA
OpenSemaphoreW
GetPrivateProfileSectionNamesW

wininet

SetUrlCacheEntryGroupA
InternetGoOnlineA
GopherGetLocatorTypeA
CommitUrlCacheEntryW
FindFirstUrlCacheContainerW
DetectAutoProxyUrl
CreateUrlCacheEntryA
InternetSecurityProtocolToStringA
InternetCheckConnectionW
InternetAlgIdToStringA
InternetSetDialState
CreateUrlCacheGroup
GopherOpenFileA
UnlockUrlCacheEntryFile
HttpEndRequestW
InternetTimeToSystemTimeW
FtpRenameFileW
InternetTimeToSystemTimeA
InternetSetPerSiteCookieDecisionA
InternetHangUp
InternetDialW
UpdateUrlCacheContentPath
FtpRemoveDirectoryW
InternetSetOptionW
DeleteIE3Cache
ResumeSuspendedDownload
InternetSetOptionExW
InternetTimeFromSystemTimeA
FtpGetFileA
ShowX509EncodedCertificate
DeleteUrlCacheEntryA
InternetSetFilePointer
ParseX509EncodedCertificateForListBoxEntry
InternetGetConnectedStateExW
InternetCombineUrlW
FtpCommandA
InternetSetOptionExA
SetUrlCacheConfigInfoW

crtdll

atan2
_eof
atol
strcspn
putchar
fflush
_execvp
_heapwalk
memcmp
_fputwchar
is_wctype
isspace
_mbslwr
_fpreset
_fstat
_scalb
_mbscat
_basemajor_dll
ispunct
_commode_dll
iswalnum
strcat
fwprintf
log10
_mbsinc
_beep
abort
_ismbcl2
iswprint
_execlp
_fileinfo_dll
_swab
_memccpy
_gcvt
_itoa
_mbsnbcat
_putenv
_wtoi
_filelength
_ultow
_rotr

mscat32

CryptCATStoreFromHandle
CatalogCompactHashDatabase
CryptCATAdminEnumCatalogFromHash
CryptCATVerifyMember
IsCatalogFile
CryptCATCDFEnumMembers
MsCatFreeHashTag
CryptCATCDFEnumAttributes
CryptCATEnumerateMember
CryptCATCatalogInfoFromContext
CryptCATCDFOpen
CryptCATPersistStore
CryptCATCDFEnumCatAttributes
CryptCATAdminCalcHashFromFileHandle
MsCatConstructHashTag
CryptCATPutAttrInfo
CryptCATOpen
CryptCATClose
CryptCATGetMemberInfo
CryptCATCDFEnumMembersByCDFTag
CryptCATCDFEnumAttributesWithCDFTag
CryptCATPutCatAttrInfo
CryptCATPutMemberInfo
CryptCATCDFEnumMembersByCDFTagEx
CryptCATHandleFromStore
CryptCATAdminReleaseContext
CryptCATGetAttrInfo
CryptCATEnumerateCatAttr
CryptCATAdminAcquireContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminAddCatalog
CryptCATGetCatAttrInfo
CryptCATCDFClose
CryptCATEnumerateAttr

ntmarta

EventGuidToName
AccProvGetAllRights
AccRewriteSetNamedRights
AccLookupAccountTrustee
AccGetExplicitEntries
AccSetEntriesInAList
AccProvRevokeAccessRights
AccRewriteGetHandleRights
AccProvHandleRevokeAuditRights
AccConvertAccessToSD
AccProvSetAccessRights
AccProvGetOperationResults
AccProvRevokeAuditRights
AccGetAccessForTrustee
AccLookupAccountName
EventNameFree
AccProvGetCapabilities
AccProvHandleRevokeAccessRights
AccGetInheritanceSource
AccProvGrantAccessRights
AccRewriteGetNamedRights
AccConvertAccessToSecurityDescriptor
AccProvHandleIsAccessAudited
AccProvGetAccessInfoPerObjectType
AccProvGetTrusteesAccess
AccProvHandleGetTrusteesAccess
AccProvHandleIsObjectAccessible
AccRewriteSetHandleRights
AccProvIsAccessAudited

gdi32

DdEntry21
FONTOBJ_pfdg
DdEntry9
GdiProcessSetup
FONTOBJ_pifi
MoveToEx
GetMetaFileW
FlattenPath
GdiEndPageEMF
SetBitmapBits
GetGlyphOutline
GdiInitSpool
GetTextFaceA
ArcTo
GdiTransparentBlt
DdEntry32
PolyTextOutA
EngEraseSurface
GetBitmapAttributes
BRUSHOBJ_pvAllocRbrush
SetICMProfileW
GetCharWidthW
GetNearestColor
GetTextExtentPointI
RemoveFontResourceExA
GetStringBitmapW
GdiPlayPageEMF
GdiEntry13
CombineTransform
Pie
BeginPath
SetDCBrushColor
GetTextMetricsA
LPtoDP
PtInRegion
GetOutlineTextMetricsA
BRUSHOBJ_pvGetRbrush
GetPolyFillMode
DeleteDC
STROBJ_bGetAdvanceWidths
EngBitBlt

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abf1309a1c3e13b412fba28e13442441

Headers

File Characteristics

Imports

kernel32

wininet

crtdll

mscat32

ntmarta

gdi32

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 141KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 141KB

.rsrc
Size: 4KB - Virtual size: 4KB