8b3f81dfa5598ab6526c4c066c1da90d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8b3f81dfa5598ab6526c4c066c1da90d_JaffaCakes118
Size

405KB
MD5

8b3f81dfa5598ab6526c4c066c1da90d
SHA1

ecba3fd720b843d399f57b090a498c457337e316
SHA256

819ae9d65e635639e94d6a9d548760a1397a547d95858677c6a34df6e8ed4261
SHA512

668bcd51a7f55d501c7e859ea084500ee6269f1124d5e22996395ae31779b2bb1f29e0b1890e135c56d555bc9df2943b546c02608da40fe899f27469aafe16b4
SSDEEP

6144:gzYH5u9oPPAbS+US2UplO6uWk0BBLHRAMmaFIAdy3J8h5kZ4LbZu:KGA5zplO67xAtaF7I3K4qu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b3f81dfa5598ab6526c4c066c1da90d_JaffaCakes118

Files

8b3f81dfa5598ab6526c4c066c1da90d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

86dd347959e58a22d547ed1a59cabf6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

setupapi

CMP_GetServerSideDeviceInstallFlags
SetupDiGetActualSectionToInstallW
pSetupRegistryDelnode
SetupRemoveInstallSectionFromDiskSpaceListA
CM_Get_Class_Name_ExA
SetupSetDirectoryIdExW
SetupTerminateFileLog
CM_Disconnect_Machine
SetupQueueRenameA
UnicodeToMultiByte
SetupRenameErrorA
SetupDiRegisterCoDeviceInstallers
CM_Enumerate_EnumeratorsA
SetupSetDirectoryIdExA
SetupLogFileA
SetupCloseFileQueue
CM_Open_Class_KeyA
SetupQueryDrivesInDiskSpaceListA
pSetupStringTableDestroy
SetupDiGetClassDescriptionExW
SetupGetInfSections
CM_Get_DevNode_Registry_Property_ExW
CM_Query_Arbitrator_Free_Data_Ex
CM_Add_Empty_Log_Conf_Ex
SetupDiSetClassInstallParamsW
SetupQueryInfFileInformationA
SetupVerifyInfFileA
CM_Set_HW_Prof_FlagsW
SetupDiGetDriverInstallParamsW

kernel32

RegisterConsoleIME
GetProcessPriorityBoost
LoadLibraryA
GetStartupInfoA
GetConsoleScreenBufferInfo
CloseHandle
VerLanguageNameA
GetSystemTimeAdjustment
OpenProcess
LCMapStringW
GetProcAddress
SetProcessShutdownParameters
SetConsoleIcon
GetNumaHighestNodeNumber
CreateSemaphoreW
RegisterWaitForInputIdle
WriteConsoleInputA
SetHandleCount
PeekNamedPipe
FindFirstVolumeMountPointW
GetProcessHeaps
SetSystemTimeAdjustment
GlobalWire
GetCommandLineA
RtlCaptureStackBackTrace
GetNumberFormatW
FlushViewOfFile
OpenJobObjectW
FindVolumeMountPointClose
GetConsoleDisplayMode
BackupSeek
GetNumaAvailableMemoryNode
GetConsoleCommandHistoryW
AddLocalAlternateComputerNameW
GetProfileStringW
CreateNamedPipeW
LoadLibraryW
IsBadStringPtrA
VirtualAlloc
GetComputerNameA
GlobalUnfix
GetHandleContext
GetModuleHandleW
ScrollConsoleScreenBufferA
GetExitCodeThread
QueryActCtxW
OpenSemaphoreA
SetCurrentDirectoryW
AddLocalAlternateComputerNameA
HeapCreate
GetDevicePowerState
Module32First
WaitForMultipleObjectsEx
BackupRead
GlobalFlags

msvcrt40

_mbslen
_heapused
isprint
??5istream@@QAEAAV0@PAVstreambuf@@@Z
_amsg_exit
_controlfp
_mbcjistojms
_mbsnbset
_pwctype
_cputs
time
_winver
??_Dostream@@QAEXXZ
??6ostream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
setvbuf
_adj_fdiv_m16i
_c_exit
atexit
_execvp
_fstat
?setmode@ofstream@@QAEHH@Z
?read@istream@@QAEAAV1@PADH@Z

rtm

RtmReleaseNextHopInfo
MgmDeInitialize
RtmDeleteNextHop
RtmDeregisterEntity
RtmGetEnumNextHops
RtmCreateEnumerationHandle
MgmInitialize
RtmDeleteRoute
RtmFindNextHop
MgmDeRegisterMProtocol
RtmBlockSetRouteEnable
RtmWriteInstanceConfig
MgmReleaseInterfaceOwnership
RtmGetNextHopPointer
RtmLookupIPDestination
MgmGetFirstMfeStats
MgmGetMfe
MgmGetProtocolOnInterface
MgmGetNextMfeStats
RtmReleaseEntities
RtmGetMostSpecificDestination
RtmReleaseEntityInfo
RtmIsBestRoute

crtdll

fclose
_mbsupr
srand
_ecvt
_sleep
strspn
strtol
_osmode_dll
_tempnam
_msize
_osmajor_dll
atoi
vsprintf
fabs
exit
isleadbyte
_mbstok
_mkdir
sqrt
_spawnlp
__fpecode
_execv
_HUGE_dll
cos
_ftol
_fgetchar
strstr

msorcl32

SQLConnect
ConfigDSN
SQLGetTypeInfo
SQLError
SQLDriverConnect
SQLBrowseConnect
SQLDescribeCol
SQLColAttributes
SQLSetStmtOption
SQLAllocConnect
SQLColumns
SQLSpecialColumns
SQLSetScrollOptions
SQLDisconnect
SQLSetPos
LoadByOrdinal
SQLDescribeParam
SQLPrimaryKeys
SQLFetch
SQLParamData
SQLProcedures
DllUnregisterServer

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86dd347959e58a22d547ed1a59cabf6d

Headers

File Characteristics

Imports

setupapi

kernel32

msvcrt40

rtm

crtdll

msorcl32

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 156KB - Virtual size: 155KB

.data Size: 139KB - Virtual size: 552KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 512B - Virtual size: 332B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 156KB - Virtual size: 155KB

.data
Size: 139KB - Virtual size: 552KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 512B - Virtual size: 332B