8ec70fc604c7a4db759f203c97ad8a6c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8ec70fc604c7a4db759f203c97ad8a6c_JaffaCakes118
Size

42KB
MD5

8ec70fc604c7a4db759f203c97ad8a6c
SHA1

d5e4971cb72066328a5f886a01f722f13d20655e
SHA256

6128f00ca8bda39a7d481c4b28e52d1b0e746873e4c8d39c3eee746623ac675d
SHA512

a504054d16d546be825222437d025a4ce5e773d8ea2c12e023f656d5e005518f1e90fd53a80810bf3174bdd6a7054853dd2c0a7439709e908336fa2004405c81
SSDEEP

768:7D1BQjC2B3eRp6cKkTjBkO4Z4Y1v5qRBSBceOdw4w2J7JmZT/e:f1yDBmJKkTjd4nBqSBcPJw2J7Js/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ec70fc604c7a4db759f203c97ad8a6c_JaffaCakes118

Files

8ec70fc604c7a4db759f203c97ad8a6c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b02f5ac93765d49a297e4e590d42fe03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwCreateNamedPipeFile
NtAllocateUuids
NtCreateNamedPipeFile
ZwPowerInformation
RtlTryEnterCriticalSection
NtMapUserPhysicalPages
NtSetSecurityObject
NtFlushInstructionCache
RtlDosSearchPath_Ustr
tan
NtCancelIoFile
RtlUpperString
NtSetInformationKey
RtlMapSecurityErrorToNtStatus
NtWriteFile
RtlSubAuthoritySid
DbgUiDebugActiveProcess
RtlDestroyQueryDebugBuffer
NtUnloadKey
RtlInsertElementGenericTable
ZwCreateThread
_atoi64
RtlGetFrame
_strupr
NtStartProfile
tolower
memchr
RtlInitializeRXact
NtAlertResumeThread
ZwTestAlert
ZwOpenSymbolicLinkObject
RtlIpv6AddressToStringW
LdrFindEntryForAddress
_CIsqrt
RtlFindSetBitsAndClear
ZwQueryTimerResolution
NtEnumerateBootEntries
RtlFirstEntrySList
RtlAddActionToRXact
NtQueryInformationAtom
RtlUnhandledExceptionFilter
NtDeleteAtom
RtlDecompressFragment
ZwRestoreKey
RtlAppendUnicodeToString
RtlEmptyAtomTable
RtlUpcaseUnicodeChar
NtLoadKey2
LdrAddRefDll
RtlInterlockedPopEntrySList
ZwOpenThreadToken
RtlEnlargedIntegerMultiply
RtlInitializeBitMap
RtlNumberOfClearBits
NtQueryTimerResolution
ZwSetTimerResolution
NtQuerySecurityObject
ZwUnloadKeyEx
isalnum
wcsrchr
ZwCompressKey
NtReadFile
RtlLockBootStatusData
ZwFlushKey
RtlConvertUlongToLargeInteger
DbgUiConnectToDbg

msvcrt

strlen
_filbuf
fgetws
_CIpow
_mbscmp
__RTCastToVoid
__p__commode
___lc_codepage_func
_mbscoll
__getmainargs
_assert
__p__dstbias
__set_app_type
exit
islower
_statusfp
wcstol
_isatty
clock
??1bad_typeid@@UAE@XZ
_adj_fdivr_m32i
__pxcptinfoptrs
__STRINGTOLD
wcstod
iswlower
_mbsncmp
_wexecvp
_spawnlpe
_wspawnl
wcslen
_mbstok
__uncaught_exception
_strtoi64
_snscanf
_nextafter
floor
_putenv
_eof
toupper

kernel32

GlobalFlags
EnumDateFormatsExA
BuildCommDCBW
GetDiskFreeSpaceA
CloseHandle
lstrcpyW
MoveFileWithProgressA
LoadLibraryExA
GetOverlappedResult
CreateActCtxA
FindNextFileA
GetProfileStringW
lstrcpyn
GetLogicalDriveStringsA
VerLanguageNameA
InvalidateConsoleDIBits
GetConsoleAliasExesW
GetLastError
GetLogicalDriveStringsW
GlobalFindAtomA
FindFirstFileExA
GetAtomNameA
GetThreadContext
AddAtomW
GetExpandedNameA
GetNamedPipeHandleStateA
CancelIo
GetConsoleAliasExesLengthA
GetSystemTimeAsFileTime
EnumSystemCodePagesA
CreateJobSet
FormatMessageW
CancelTimerQueueTimer
AddAtomA
InterlockedPushEntrySList
LoadLibraryA
GetExitCodeThread
InterlockedPopEntrySList
PulseEvent
SetConsoleCtrlHandler
GetVolumeInformationW
IsDBCSLeadByte
VirtualAlloc

query

??0CPropertyRestriction@@QAE@XZ
?GetLCIDFromString@@YGKPAG@Z
?CiNtOpen@@YGPAXPBGKKK@Z
DoneCIISAPIPerformanceData
?Init@CSdidLookupTable@@QAEHPAVCiStorage@@@Z
?OpenFileFromPath@@YGPAU_iobuf@@PBG@Z
?DetermineDriveType@CiStorage@@SGIPBG@Z
?IsWriteProtected@CDriveInfo@@QAEHXZ
?Marshall@CPropertyRestriction@@QBEXAAVPSerStream@@@Z
?ciNew@@YGPAXI@Z
?GetGlobalStaticPropertyList@@YGPAVCStaticPropertyList@@XZ
?SetProperty@CFullPropSpec@@QAEHPBG@Z
?Commit@CRcovStrmWriteTrans@@QAEXXZ
?AccessCheck@CSdidLookupTable@@QAEHKPAXKAAH@Z
??1CPropStoreManager@@QAE@XZ
??0CAllocStorageVariant@@QAE@PBDAAVPMemoryAllocator@@@Z
??0CFilterDaemon@@QAE@AAVCiProxy@@AAVCCiFrameworkParams@@AAVCLangList@@PAEKPAUICiCFilterClient@@@Z
?SetBSTR@CStorageVariant@@QAEXPAGI@Z
?ContainsDrive@CDriveInfo@@SGHPBG@Z
??1CSynRestriction@@QAE@XZ
??0CDbNatLangRestriction@@QAE@PBGABUtagDBID@@K@Z
?AddRef@CEmptyPropertyList@@UAGKXZ
?GetProperties@CDbProperties@@UAGJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPSET@@@Z
?SetAlias@CScopeAdmin@@QAEXPBG@Z
?SkipULong@CMemDeSerStream@@UAEXXZ
?SetUI4@CStorageVariant@@QAEXKI@Z
?QueryInterface@CDbProperties@@UAGJABU_GUID@@PAPAX@Z
?StopCI@CMachineAdmin@@QAEHXZ
??1CImpersonateClient@@QAE@XZ
?FindPropid@CPidLookupTable@@QAEHABVCFullPropSpec@@AAKH@Z
?AddRef@CDbProperties@@UAGKXZ
?Start@CCatalogAdmin@@QAEHXZ
CollectFILTERPerformanceData
??0CMachineAdmin@@QAE@PBGH@Z

msvcirt

?attach@filebuf@@QAEPAV1@H@Z
?binary@filebuf@@2HB
??0ofstream@@QAE@XZ
??_Eistrstream@@UAEPAXI@Z
?setf@ios@@QAEJJJ@Z
?pbump@streambuf@@IAEXH@Z
??_Estdiostream@@UAEPAXI@Z
?pbackfail@streambuf@@UAEHH@Z
??4iostream@@IAEAAV0@AAV0@@Z
??6ostream@@QAEAAV0@F@Z
?seekoff@strstreambuf@@UAEJJW4seek_dir@ios@@H@Z
??_7istream_withassign@@6B@
??_8strstream@@7Bostream@@@
?flush@@YAAAVostream@@AAV1@@Z
?read@istream@@QAEAAV1@PADH@Z
?unlockbuf@ios@@QAAXXZ
??_Gifstream@@UAEPAXI@Z
??_7strstream@@6B@
?put@ostream@@QAEAAV1@D@Z
?getint@istream@@AAEHPAD@Z
??_8istream@@7B@
?doallocate@strstreambuf@@MAEHXZ
?rdbuf@stdiostream@@QBEPAVstdiobuf@@XZ
??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z
??0iostream@@QAE@PAVstreambuf@@@Z
?tie@ios@@QAEPAVostream@@PAV2@@Z
??4ostream_withassign@@QAEAAV0@ABV0@@Z
??_Eifstream@@UAEPAXI@Z
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
??6ostream@@QAEAAV0@C@Z
?setlock@ios@@QAAXXZ
?setmode@filebuf@@QAEHH@Z
??6ostream@@QAEAAV0@M@Z
?x_maxbit@ios@@0JA
?str@strstreambuf@@QAEPADXZ
??6ostream@@QAEAAV0@K@Z
?tellg@istream@@QAEJXZ
?get@istream@@QAEHXZ
??0strstream@@QAE@ABV0@@Z
??0ostream@@QAE@PAVstreambuf@@@Z
??_Estrstreambuf@@UAEPAXI@Z

user32

EndDialog

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b02f5ac93765d49a297e4e590d42fe03

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

msvcrt

kernel32

query

msvcirt

user32

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 31KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 31KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B