8740261222b5e42d70f7c486eb65f7d8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8740261222b5e42d70f7c486eb65f7d8_JaffaCakes118
Size

867KB
MD5

8740261222b5e42d70f7c486eb65f7d8
SHA1

5c78c945136aef2681b0769df65821943fda7d5f
SHA256

666f793016dea4fbd8565e770291369fd537369ce96b022be6ac3736558f8a17
SHA512

9189aa78a33d95613e323496a847a0d157236bd3979408dbe262b1d379cc2ddf413e973355394057a9f440ced6ccc18fa3b5309ca0b8ef1a996663397cae2518
SSDEEP

24576:wKUs8wrTgb9h0urxEivYeK9DquZG6SlUU:wKn8T53gXTZG6SeU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8740261222b5e42d70f7c486eb65f7d8_JaffaCakes118

Files

8740261222b5e42d70f7c486eb65f7d8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

97d79de164979ab70fc1d9facc0f0db3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

strcat
?bad@ios@@QBEHXZ
_ismbstrail
_spawnv
??_8iostream@@7Bistream@@@
_CIatan
??_Eostream@@UAEPAXI@Z
??_E__non_rtti_object@@UAEPAXI@Z
??0ios@@QAE@PAVstreambuf@@@Z
strftime
_cwait
?fLockcInit@ios@@0HA
_inpd
??_Diostream@@QAEXXZ
_wfindfirsti64
strcoll
_wmkdir
strlen
_CIcos
??9type_info@@QBEHABV0@@Z
__unDName
?sgetn@streambuf@@QAEHPADH@Z
wcsncat
?cout@@3Vostream_withassign@@A
_heapchk
__p__pgmptr
atol
?setrwbuf@stdiobuf@@QAEHHH@Z
_mbclen
localtime
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
_ismbbpunct
__p__osver
??_Gexception@@UAEPAXI@Z
_mkdir
?str@istrstream@@QAEPADXZ
_execvpe
_copysign
_spawnve
_amsg_exit
isalpha

inetcomm

MimeOleSetCompatMode
MimeEditIsSafeToRun
EssReceiptEncodeEx
MimeOleGetPropW
MimeOleSetBodyPropW
MimeOleInetDateToFileTime
EssReceiptRequestEncodeEx
MimeOleEncodeHeader
MimeOleSMimeCapAddCert
MimeOleGetFileInfoW
MimeOleGetCodePageInfo
MimeOleSMimeCapRelease
EssSignCertificateDecodeEx
MimeOleClearDirtyTree
EssReceiptDecodeEx
EssMLHistoryEncodeEx
MimeOleGenerateFileName
EssKeyExchPreferenceEncodeEx
CreateNNTPTransport
MimeOleObjectFromMoniker
MimeOleConvertEnrichedToHTML
MimeOleSetBodyPropA
MimeEditGetBackgroundImageUrl
HrGetAttachIcon
MimeOleGetCertsFromThumbprints
CreatePOP3Transport
MimeOleSMimeCapsToDlg
EssSecurityLabelEncodeEx
EssReceiptRequestDecodeEx
MimeOleCreatePropertySet
MimeOleCreateByteStream
MimeOleCreateBody
HrFreeAttachData
MimeOleGetFileExtension
MimeGetAddressFormatW

ntdll

NtWaitHighEventPair
RtlIpv6AddressToStringA
RtlDeleteCriticalSection
RtlEqualLuid
ZwAccessCheckByTypeResultListAndAuditAlarm
LdrFindEntryForAddress
NtSetTimerResolution
iswlower
NtQueryMutant
RtlAddAccessAllowedObjectAce
ZwCreateToken
tolower
RtlOemStringToUnicodeString
ZwFlushBuffersFile
RtlUnicodeStringToCountedOemString
RtlRealPredecessor
NtRemoveIoCompletion
NtCreateKeyedEvent
ZwWaitForKeyedEvent
NtQueryInformationJobObject
RtlDeNormalizeProcessParams
ZwMapUserPhysicalPages
RtlQueryHeapInformation
ZwAccessCheckByType
wcstoul
ZwSetLowEventPair
RtlDefaultNpAcl
_ultoa
DbgUserBreakPoint
_chkstk
ZwSuspendThread
ZwQueryDefaultUILanguage
RtlAnsiCharToUnicodeChar
NtCallbackReturn
_aulldvrm
RtlIpv4StringToAddressA
ZwSystemDebugControl
RtlGetUserInfoHeap
ZwWriteFile
RtlDeleteElementGenericTableAvl
RtlFillMemory
ZwQueryPerformanceCounter
ZwSetEaFile
NtCreateJobObject
CsrClientConnectToServer
ZwAccessCheckByTypeResultList
NtCreateSymbolicLinkObject
ZwCreateMutant
NtAlertThread
NtCreateDebugObject
RtlQueueApcWow64Thread
RtlLookupElementGenericTable
RtlInterlockedPopEntrySList
ZwNotifyChangeKey
RtlGetCurrentPeb
isxdigit
RtlHashUnicodeString
ZwSetBootEntryOrder
RtlLogStackBackTrace
RtlSetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlCreateUnicodeStringFromAsciiz
ZwQueryInformationPort
NtQueryTimerResolution
NtSetQuotaInformationFile

gdi32

EngReleaseSemaphore
FixBrushOrgEx
SetMetaFileBitsEx
GetCharacterPlacementW
GdiCreateLocalMetaFilePict
PolyPolygon
EngUnicodeToMultiByteN
EnumFontFamiliesExW
GetBrushOrgEx
GdiGetDC
EnumFontFamiliesW
CloseEnhMetaFile
CreateDCW
GdiGetDevmodeForPage
EngAssociateSurface
DdEntry14
EnumFontFamiliesA
BRUSHOBJ_hGetColorTransform
GdiGetLocalDC
GetEnhMetaFileHeader
SetBkColor
CopyEnhMetaFileW
GdiSetPixelFormat
GdiEntry16
StretchDIBits
GdiSwapBuffers
RemoveFontResourceW
GdiCreateLocalEnhMetaFile
GetKerningPairsA
GetDIBColorTable
GetRegionData
CopyMetaFileW
GetPaletteEntries
SetRectRgn
EngAcquireSemaphore
XFORMOBJ_iGetXform

kernel32

RestoreLastError
TryEnterCriticalSection
GetDefaultCommConfigW
GetConsoleCursorMode
GetHandleContext
ReadFileScatter
FormatMessageA
lstrlenW
GetCurrencyFormatA
FindCloseChangeNotification
GetModuleHandleExW
EnumSystemLanguageGroupsW
WriteFileEx
SetLastError
GlobalAlloc
LoadLibraryA
VirtualLock
BaseFlushAppcompatCache
VirtualAlloc
CreateTimerQueue
GetPrivateProfileSectionA
InterlockedPushEntrySList
GetCurrentThread
GetTempPathW
ReplaceFile
CreateHardLinkW
GetEnvironmentStringsA
GetVolumePathNameA
SetupComm
lstrcpyA

Sections

.text
Size: 198KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 401KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 265KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97d79de164979ab70fc1d9facc0f0db3

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

inetcomm

ntdll

gdi32

kernel32

Sections

.text Size: 198KB - Virtual size: 200KB

.rdata Size: 401KB - Virtual size: 404KB

.data Size: 512B - Virtual size: 1.7MB

.rsrc Size: 265KB - Virtual size: 268KB

.reloc Size: 1KB - Virtual size: 4KB

.text
Size: 198KB - Virtual size: 200KB

.rdata
Size: 401KB - Virtual size: 404KB

.data
Size: 512B - Virtual size: 1.7MB

.rsrc
Size: 265KB - Virtual size: 268KB

.reloc
Size: 1KB - Virtual size: 4KB