895e9bd39dde6fdd44825af01e1082e8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

895e9bd39dde6fdd44825af01e1082e8_JaffaCakes118
Size

868KB
MD5

895e9bd39dde6fdd44825af01e1082e8
SHA1

204e65beb67942c71dba3a3f7b4f6dca84c7af56
SHA256

0b1395ffae9b17adf7ca38ccaedbd1a59d1e620dcb045995828f1c773e3f48c2
SHA512

48f14d0e053e3f4789d0874ad710acb140071ce797b928efdd9acbe2509af6098d61436f12a6542b356233206029a44a7fcccb26815f0620dd10cabeceb670d8
SSDEEP

12288:aGmWtA1YlA2QEbJw3zXp6hORvUDg5zJZ3/qydsPoJBzRzuW2Ui9Z6ZNg3XBb:anWhQqw3zX0hWvUcnZtx0Wxiz4N8V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
895e9bd39dde6fdd44825af01e1082e8_JaffaCakes118

Files

895e9bd39dde6fdd44825af01e1082e8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

aca9b99938d5801b6605ea6823effc93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

??_Gfilebuf@@UAEPAXI@Z
??0fstream@@QAE@H@Z
??0ostrstream@@QAE@ABV0@@Z
iswgraph
__p__wcmdln
??4filebuf@@QAEAAV0@ABV0@@Z
_utime
?is_open@filebuf@@QBEHXZ
toupper
??5istream@@QAEAAV0@AAM@Z
_ltoa
_heapused
_chsize
?name@type_info@@QBEPBDXZ
_atoldbl
?lockptr@ios@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
isxdigit
__p___argv
?oct@@YAAAVios@@AAV1@@Z
?read@istream@@QAEAAV1@PACH@Z
??_Gistrstream@@UAEPAXI@Z
_putws
printf
?pcount@strstream@@QBEHXZ
_mbstok
_ctype
wscanf
vswprintf
__p__acmdln
?seekoff@strstreambuf@@UAEJJW4seek_dir@ios@@H@Z

ntdll

NtNotifyChangeDirectoryFile
wcscpy
__toascii
RtlRealSuccessor
RtlCreateProcessParameters
ZwRegisterThreadTerminatePort
RtlQueueApcWow64Thread
RtlSetIoCompletionCallback
RtlSizeHeap
NtUnloadKeyEx
ZwTerminateThread
NtDuplicateObject
RtlEmptyAtomTable
ZwReleaseSemaphore
NtRemoveIoCompletion
sscanf
strncpy
RtlQueryHeapInformation
DbgUiGetThreadDebugObject
ZwLockFile
RtlValidSid
NtReleaseSemaphore
RtlUnlockHeap
RtlAbortRXact
RtlGetFrame
NtSetSystemTime
RtlNewSecurityObjectWithMultipleInheritance
NtReplaceKey
ZwEnumerateKey
RtlUlonglongByteSwap

gdi32

DdEntry20
GetWinMetaFileBits
RemoveFontResourceExA
DdEntry4
FONTOBJ_pifi
RectVisible
GetClipBox
HT_Get8BPPMaskPalette
DeleteObject
EnumICMProfilesA
CreateScalableFontResourceA
CancelDC
LineDDA
GdiGetBatchLimit
BRUSHOBJ_hGetColorTransform
FixBrushOrgEx
GetDIBits
CreateRectRgn
EnumFontFamiliesA
GetTextFaceAliasW
GdiIsMetaPrintDC
STROBJ_vEnumStart
DdEntry8
DdEntry22
GetEnhMetaFilePaletteEntries
GdiStartDocEMF
CreateColorSpaceW
GetDeviceCaps
SetBitmapBits
GdiPlayPrivatePageEMF
GetCharacterPlacementA
CreateDIBPatternBrush
GdiEntry14
GetEnhMetaFilePixelFormat
CreatePalette
CreateMetaFileW
GdiGetSpoolFileHandle
gdiPlaySpoolStream
GetTextColor
CreateDCW
PtInRegion
SetBkColor

msvcrt

_set_error_mode
_wsearchenv
?raw_name@type_info@@QBEPBDXZ
__p__dstbias
_cwscanf
putwc
__badioinfo
_adj_fdivr_m16i
_CIlog
wcstol
_atodbl
wcsspn
_mbscat
__p___wargv
_ismbcl2
___setlc_active_func
_ismbcupper
_j1
??4bad_cast@@QAEAAV0@ABV0@@Z
_EH_prolog
_putws
__CxxUnregisterExceptionObject
_setmaxstdio
__wargv
strncmp
_wchmod
__unguarded_readlc_active
vsprintf
_mbsicoll
_lseek
_ismbckata
_mbsnextc
_mbsnbicmp
_sopen
_ismbcl0
isxdigit
freopen
_fcvt
??1__non_rtti_object@@UAE@XZ
_rmtmp

advapi32

BuildImpersonateExplicitAccessWithNameW
CreateWellKnownSid
SaferSetLevelInformation
FlushTraceW
GetNamedSecurityInfoExW
ConvertStringSecurityDescriptorToSecurityDescriptorA
CreatePrivateObjectSecurityEx
InitiateSystemShutdownW
GetUserNameW
RegisterServiceCtrlHandlerExA
ObjectDeleteAuditAlarmA
GetServiceKeyNameA
ObjectOpenAuditAlarmA
AccessCheckByTypeResultListAndAuditAlarmA
WmiReceiveNotificationsA
LsaOpenSecret
ElfClearEventLogFileW
ChangeServiceConfig2A
ElfRegisterEventSourceA
CryptSignHashW
FreeInheritedFromArray
EnumDependentServicesA
A_SHAInit
AbortSystemShutdownW
SaferIdentifyLevel
WmiQueryAllDataW
RegQueryValueW
ReadEncryptedFileRaw
CreatePrivateObjectSecurity
SystemFunction020

kernel32

CreateJobObjectW
HeapCreate
SetProcessShutdownParameters
EnumDateFormatsW
GetTempFileNameA
GetLocaleInfoW
VirtualAlloc
BaseDumpAppcompatCache
RestoreLastError
SetComPlusPackageInstallStatus
ReadFileEx
GetFileSizeEx
GetConsoleCommandHistoryW
AddConsoleAliasA
GetUserDefaultLangID
ContinueDebugEvent
GlobalAddAtomW
ConnectNamedPipe
TerminateJobObject
LoadLibraryA
LZSeek
WriteProfileStringA
FindFirstChangeNotificationW
GetAtomNameA
SetFilePointer
WriteConsoleInputVDMA
LocalAlloc
GetConsoleFontInfo
GetSystemTimeAsFileTime
BaseInitAppcompatCacheSupport
GlobalHandle
VirtualFreeEx
OpenMutexA

Sections

.text
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aca9b99938d5801b6605ea6823effc93

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

ntdll

gdi32

msvcrt

advapi32

kernel32

Sections

.text Size: 298KB - Virtual size: 298KB

.rdata Size: 310KB - Virtual size: 310KB

.data Size: 1KB - Virtual size: 1.7MB

.rsrc Size: 257KB - Virtual size: 257KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 298KB - Virtual size: 298KB

.rdata
Size: 310KB - Virtual size: 310KB

.data
Size: 1KB - Virtual size: 1.7MB

.rsrc
Size: 257KB - Virtual size: 257KB

.reloc
Size: 1024B - Virtual size: 1024B