9498b787d6cd88a8e7bfaa5435c3d795_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9498b787d6cd88a8e7bfaa5435c3d795_JaffaCakes118
Size

868KB
MD5

9498b787d6cd88a8e7bfaa5435c3d795
SHA1

c1409674960616c77fb160019a71dee0c87c6002
SHA256

c8784123aac416970517d5fdc1f003d6614e45bb2d927970ff591d9628ac5445
SHA512

4e7f15832634d453f9a9554daf9740cce5e467250013e2564fa2bc3922d63a239ef1a8ab11d469cd3150c71c1e1676c66af54e03a76678323eceb761182078b0
SSDEEP

24576:rAg7bukboJsrI/0MgP7nsJ+8J/kb9eiigV/c:T/BJrqg18JM5WkU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9498b787d6cd88a8e7bfaa5435c3d795_JaffaCakes118

Files

9498b787d6cd88a8e7bfaa5435c3d795_JaffaCakes118
.exe windows:5 windows x86 arch:x86

249c5b762a2c104a84c6c322fc9f3f5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AddConsoleAliasA
LoadLibraryA
GetStartupInfoW
WaitCommEvent
CopyLZFile
AddLocalAlternateComputerNameW
GetFileAttributesExA
WriteTapemark
InterlockedPushEntrySList
UnregisterConsoleIME
SetCriticalSectionSpinCount
EnumUILanguagesA
ReadFileEx
GetDiskFreeSpaceA
Process32FirstW
GetProcessId
GetDriveTypeW
LZCreateFileW
PrepareTape
VirtualAlloc
LZOpenFileA
DeleteTimerQueueTimer
GetSystemDefaultLCID
BuildCommDCBA
PrivCopyFileExW
DuplicateHandle
IsBadCodePtr
EnumResourceLanguagesW
LoadLibraryExA
SetConsoleIcon
GetCommTimeouts
_lopen
_hwrite
BuildCommDCBW
ChangeTimerQueueTimer
GetBinaryType
SetCommState
SetTimerQueueTimer

ntdll

_CIcos
NtDeleteKey
RtlGUIDFromString
RtlSetSecurityObject
RtlPinAtomInAtomTable
memcmp
ZwWaitForMultipleObjects
ZwAddBootEntry
RtlFindLeastSignificantBit
__toascii
ZwCreateProcess
strncpy
RtlRandom
NtLockFile
NtSecureConnectPort
DbgUiContinue
ZwSetHighEventPair
RtlDetermineDosPathNameType_U
RtlAnsiStringToUnicodeSize
NtImpersonateThread
RtlSetSecurityDescriptorRMControl
ZwResumeThread
NtWaitForKeyedEvent
RtlEqualUnicodeString
NtCreateSection
RtlSetBits
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NtSetInformationJobObject
_chkstk
NtImpersonateAnonymousToken
_ftol
RtlRegisterWait
ZwQueryBootEntryOrder
RtlSetOwnerSecurityDescriptor
NtCreatePort
ZwQueryTimerResolution
ZwPowerInformation
NtQuerySystemInformation
CsrAllocateMessagePointer
RtlUpcaseUnicodeStringToAnsiString

msi

MsiPreviewDialogW
MsiSummaryInfoPersist
MsiAdvertiseProductExA
MsiReinstallProductW
MsiPreviewBillboardA
MsiFormatRecordA
MsiRecordClearData
MsiReinstallProductA
MsiUseFeatureExA
MsiDoActionA
MsiVerifyPackageW
MsiGetUserInfoA
MsiEnumComponentQualifiersA
MsiDatabaseOpenViewW
MsiInvalidateFeatureCache
MsiSetInternalUI
MsiGetProductCodeW
MsiLocateComponentW
MsiFormatRecordW
MsiOpenProductW
MsiGetProductCodeFromPackageCodeA
MsiSetTargetPathA
MsiAdvertiseProductW
MsiPreviewDialogA
MsiGetPropertyA
MsiGetMode
MsiCloseHandle
MsiRecordSetStreamA
MsiSummaryInfoSetPropertyW
MsiSummaryInfoGetPropertyW
MsiConfigureProductExA
MsiRecordDataSize
MsiOpenPackageW
MsiGetFeatureValidStatesW
MsiConfigureFeatureFromDescriptorA
MsiEnumClientsA
MsiIsProductElevatedA
MsiGetFeatureInfoA

msvcrt40

isdigit
_mbsset
_wcsnicmp
??_Gexception@@UAEPAXI@Z
??6ostream@@QAEAAV0@PBC@Z
_stati64
?out_waiting@streambuf@@QBEHXZ
log
??4ostrstream@@QAEAAV0@ABV0@@Z
_aexit_rtn
_mbbtype
__p__environ
?seekg@istream@@QAEAAV1@J@Z
?seekoff@stdiobuf@@UAEJJW4seek_dir@ios@@H@Z
_vsnprintf
_heapmin
?good@ios@@QBEHXZ
?setp@streambuf@@IAEXPAD0@Z
?get@istream@@QAEAAV1@PACHD@Z
wcschr
?precision@ios@@QAEHH@Z
??_Gistream@@UAEPAXI@Z
_mbsncpy
_winminor
fwrite
_ismbbtrail
div
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?seekoff@filebuf@@UAEJJW4seek_dir@ios@@H@Z
system
iswalnum
_ismbclegal
_y1
_kbhit
??1istream@@UAE@XZ
__dllonexit
??1streambuf@@UAE@XZ
_strncoll
??0stdiobuf@@QAE@PAU_iobuf@@@Z
_wexecvp

crtdll

_mbctype
_wtoi
__threadhandle
_mbsnbcpy
towupper
_control87
_mktemp
_winminor_dll
wcsncpy
_CIatan
_execle
_ismbcprint
_clearfp
fgets
??3@YAXPAX@Z
_sopen
_mbslwr
_XcptFilter
_osminor_dll
sin
_get_osfhandle
calloc
_wcsupr
_finite
_ismbblead
_CIpow
_mbccpy
_mbsinc
_CIexp
_except_handler2
__toascii
__argv_dll
_chdrive
wcstod
_mbbtombc
_cputs
_heapmin
memchr
_ismbbpunct
iswascii
_cscanf
_chsize

msls31

LsdnSetAbsBaseLine
LsdnDistribute
LsdnQueryObjDimRange
LsAppendRunToCurrentSubline
LsdnModifyParaEnding
LsModifyLineHeight
LsDisplaySubline
LssbGetPlsrunsFromSubline
LsDestroySubline
LsdnGetCurTabInfo
LsQueryLineCpPpoint
LsFetchAppendToCurrentSubline
LsdnGetFormatDepth
LssbGetDurTrailWithPensInSubline
LsdnFinishDelete
LssbGetDurTrailInSubline
LsDestroyContext
LsQueryLineDup
LsEnumSubline
LsSetModWidthPairs
LsdnQueryPenNode
LssbFDonePresSubline
LsSetCompression
LsdnResetObjDim
LssbGetNumberDnodesInSubline
LssbGetObjDimSubline
LsdnResetPenNode
LsdnFinishRegularAddAdvancePen
LsGetLineDur
LsGetReverseLsimethods
LsForceBreakSubline
LsDestroyLine
LsFindPrevBreakSubline
LsQueryPointPcpSubline
LsExpandSubline
LsdnSubmitSublines
LsCompressSubline
LsGetTatenakayokoLsimethods
LssbFDoneDisplay

dbghelp

SymEnumerateSymbols64
dh
SymGetSymFromAddr64
GetTimestampForLoadedLibrary
SymGetLineFromName64
SymGetSymPrev64
omap
SymMatchFileName
SymFromName
SymEnumSymbols
EnumerateLoadedModules64
SymGetModuleInfo
FindDebugInfoFile
srcfiles
FindFileInSearchPath
SymRegisterFunctionEntryCallback64
SymSetOptions
SymGetSymNext
SymUnloadModule
StackWalk
SymRegisterCallback
ImagehlpApiVersionEx
SymGetSymFromAddr
UnmapDebugInformation
SymGetOptions
SymEnumerateSymbolsW64
ImagehlpApiVersion
StackWalk64
ImageRvaToSection
SymGetTypeInfo
SymEnumerateSymbols
SearchTreeForFile
ImageNtHeader
SymGetModuleInfoW64
SymUnDName64
SymGetModuleBase
ImageDirectoryEntryToDataEx
SymGetTypeFromName
vc7fpo
SymGetSymPrev
sym
SymEnumSourceFiles
SymGetLinePrev64
SymFunctionTableAccess64
SymUnDName

Sections

.tixt
Size: 543KB - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 314KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

249c5b762a2c104a84c6c322fc9f3f5b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

msi

msvcrt40

crtdll

msls31

dbghelp

Sections

.tixt Size: 543KB - Virtual size: 543KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 314KB - Virtual size: 1.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.tixt
Size: 543KB - Virtual size: 543KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 314KB - Virtual size: 1.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B