89cd2a36ec876142080358f92b7084cc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

89cd2a36ec876142080358f92b7084cc_JaffaCakes118
Size

371KB
MD5

89cd2a36ec876142080358f92b7084cc
SHA1

72ec19a5e9b6f78e0cae645be3c1ee952d3f2144
SHA256

8d3df7a882532b4f69c6d7b36d9b82949efd3ace6363fddcd47cb73a45106c7c
SHA512

000bbdfdaef95a3efea3f9af9d987e220b42fae52266f9ced59031672e7f46aa7118ee2e7b9395fb9cacee6f0fe89236f43ec85cf2face3a72d7b705efe91b34
SSDEEP

6144:4+W8D08bE5RAPttk0qtOfXB8SWoTNpkEqoqpVAY7kbEdWCK6VaXnVISjdH:4+WX8obAmqR8SWoRpkEkVob8oXn7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89cd2a36ec876142080358f92b7084cc_JaffaCakes118

Files

89cd2a36ec876142080358f92b7084cc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

30df46e10db1ae8b5f8aab40b7b115c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

gdi32

EngDeleteClip
DeleteDC
STROBJ_bEnumPositionsOnly
StartFormPage
GetMetaFileBitsEx
SetMapperFlags
GdiDeleteLocalDC
EnumFontsA
EngMultiByteToUnicodeN
DdEntry43
GetDCBrushColor
CreateScalableFontResourceA
DdEntry1
DdEntry12
GetEnhMetaFileW
SetAbortProc
GetClipRgn
GdiCreateLocalEnhMetaFile
PolyPolygon
GdiRealizationInfo
GdiGetSpoolFileHandle
SetStretchBltMode
GetKerningPairsW
GetCharWidthFloatA
GetTextCharset
CombineRgn
Ellipse
GetTextAlign
GdiIsPlayMetafileDC
CreatePolyPolygonRgn
CreateEnhMetaFileA
SetRelAbs

kernel32

CreateHardLinkA
GetConsoleKeyboardLayoutNameA
DeleteTimerQueueTimer
FindResourceA
InterlockedPushEntrySList
CancelDeviceWakeupRequest
_lclose
GetNumberOfConsoleInputEvents
VirtualAlloc
GetSystemTimeAsFileTime
SetHandleCount
GetACP
LocalReAlloc
GetNamedPipeHandleStateA
ExpungeConsoleCommandHistoryA
GlobalHandle
ReadFileEx
UnregisterWaitEx
GetTimeZoneInformation
NlsGetCacheUpdateCount
SetFileTime
InterlockedExchange
GetNumberOfConsoleFonts
GetConsoleNlsMode
TransmitCommChar
CreateEventA
GetEnvironmentVariableA
GetCurrentProcessId
MapViewOfFileEx
FreeResource
LoadLibraryA
SetLocalPrimaryComputerNameW
SetConsoleCursorMode
GetMailslotInfo
GetConsoleCommandHistoryW
ResumeThread
RegisterConsoleOS2
lstrcat
CreateMutexA
GetCurrentActCtx
GetConsoleDisplayMode
CreateJobObjectA
GetNumberOfConsoleMouseButtons

wininet

FtpGetCurrentDirectoryW
InternetConfirmZoneCrossing
InternetGoOnline
HttpAddRequestHeadersW
HttpQueryInfoA
FtpOpenFileW
UnlockUrlCacheEntryFileA
SetUrlCacheGroupAttributeA
UpdateUrlCacheContentPath
InternetShowSecurityInfoByURLA
InternetAutodial
InternetGetPerSiteCookieDecisionW
IsUrlCacheEntryExpiredW
SetUrlCacheConfigInfoW
FtpFindFirstFileA
HttpOpenRequestW
InternetSetStatusCallbackW
DetectAutoProxyUrl
GopherGetAttributeW
InternetGetConnectedState
RetrieveUrlCacheEntryStreamA
GopherOpenFileW
GopherFindFirstFileW
CommitUrlCacheEntryA
FindFirstUrlCacheEntryA
InternetGetConnectedStateExA
HttpOpenRequestA
FindCloseUrlCache
InternetGetConnectedStateEx
InternetTimeToSystemTime
InternetSetCookieW
ShowSecurityInfo
FindFirstUrlCacheEntryW

msvcrt40

??1strstream@@UAE@XZ
_execve
wcstol
fwrite
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
_makepath
_strcmpi
fgetpos
cos
??6ostream@@QAEAAV0@M@Z
mbtowc
??_8ifstream@@7B@
??_Gifstream@@UAEPAXI@Z
??4istream@@IAEAAV0@ABV0@@Z
_getpid
??0logic_error@@QAE@ABQBD@Z
?sputn@streambuf@@QAEHPBDH@Z
??_Diostream@@QAEXXZ
_mtunlock
__p__wpgmptr
_wmakepath
__threadid
_mbcjistojms
_adj_fdiv_r
?get@istream@@QAEAAV1@PACHD@Z
_execle
longjmp

wmi

ControlTraceW
WmiMofEnumerateResourcesA
WmiExecuteMethodA
WmiDevInstToInstanceNameW
UnregisterTraceGuids
WmiFileHandleToInstanceNameA
SetTraceCallback
WmiNotificationRegistrationW
WmiSetSingleItemW
CreateTraceInstanceId
QueryAllTracesA
WmiNotificationRegistrationA
QueryAllTracesW
GetTraceEnableFlags
RegisterTraceGuidsA
GetTraceEnableLevel
WmiCloseBlock
TraceEventInstance
OpenTraceA
WmiExecuteMethodW
RegisterTraceGuidsW
GetTraceLoggerHandle
RemoveTraceCallback
StartTraceA
ControlTraceA
StartTraceW
OpenTraceW
TraceEvent
EnableTrace
WmiQueryGuidInformation
WmiMofEnumerateResourcesW
WmiSetSingleItemA
WmiQueryAllDataA
WmiFileHandleToInstanceNameW
ProcessTrace
WmiFreeBuffer
WmiSetSingleInstanceW

crtdll

_getdiskfree
fgetpos
_tempnam
_mbsdec
_environ_dll
_spawnlpe
_cscanf
_putenv
wcstombs
_umask
wcsftime
_mbspbrk
_pclose
vswprintf
difftime
??3@YAXPAX@Z
_ismbckata
_strcmpi
_mbsncat
_mbsnbcmp
iswascii
_ismbcprint
_daylight_dll
_scalb
_heapchk
_wtoi
memset
_dup2
atoi
_ismbcl0

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 430KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30df46e10db1ae8b5f8aab40b7b115c9

Headers

File Characteristics

Imports

gdi32

kernel32

wininet

msvcrt40

wmi

crtdll

Sections

.text Size: 145KB - Virtual size: 145KB

.rdata Size: 122KB - Virtual size: 122KB

.data Size: 67KB - Virtual size: 430KB

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 145KB - Virtual size: 145KB

.rdata
Size: 122KB - Virtual size: 122KB

.data
Size: 67KB - Virtual size: 430KB

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 1024B - Virtual size: 1024B