9556bf77354f809df56795ff60fb8517_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9556bf77354f809df56795ff60fb8517_JaffaCakes118
Size

866KB
MD5

9556bf77354f809df56795ff60fb8517
SHA1

4a0bd8b3ff6a7b28219960375b478c90dc782092
SHA256

33ef2f194ef54dd1dd8dc3769a9e9fbcbb1d987a6595c72c65a729bfead82c9c
SHA512

b679542e921b13934b6e60326c776b809ae411236023590d8fe23d79e2582c81e95485ad612d0ddb0d822280b82b6e6052075191e2ff62457ac51b87d6c8362c
SSDEEP

24576:YOstgvaWOeJi/uWrmMzv34rK7/48zOooNFq:vshWZJdiQrKD/1+g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9556bf77354f809df56795ff60fb8517_JaffaCakes118

Files

9556bf77354f809df56795ff60fb8517_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7ee90266418c9a2bfcb79ebe5547c634

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

_flushall
__p__winver
_unlink
_ismbcupper
??_Gexception@@UAEPAXI@Z
?overflow@filebuf@@UAEHH@Z
_gcvt
system
iswcntrl
?width@ios@@QAEHH@Z
_tempnam
putchar
_j0
?unbuffered@streambuf@@IBEHXZ
??_Eiostream@@UAEPAXI@Z
??0ostream@@IAE@ABV0@@Z
_getcwd
_CIatan
?sputc@streambuf@@QAEHH@Z
?rdbuf@strstream@@QBEPAVstrstreambuf@@XZ
??_8ifstream@@7B@
??0exception@@QAE@ABQBD@Z
_mkdir
_outp
wprintf
?get@istream@@QAEAAV1@AAC@Z
_futime
??_Eexception@@UAEPAXI@Z
??1exception@@UAE@XZ
_fgetwchar
?str@strstreambuf@@QAEPADXZ
_CIlog10
?seekg@istream@@QAEAAV1@J@Z
_wfullpath
_wspawnlp
??_7stdiostream@@6B@
?in_avail@streambuf@@QBEHXZ
??_Estreambuf@@UAEPAXI@Z
?tellg@istream@@QAEJXZ
?get@istream@@QAEAAV1@PAEHD@Z
_exit
?gbump@streambuf@@IAEXH@Z
?sgetc@streambuf@@QAEHXZ
??0stdiostream@@QAE@PAU_iobuf@@@Z

kernel32

RtlCaptureStackBackTrace
HeapCreate
UnlockFile
DosPathToSessionPathA
GetVolumePathNameW
GetLocalTime
MapUserPhysicalPagesScatter
GetFirmwareEnvironmentVariableW
RtlFillMemory
ExpandEnvironmentStringsW
GetCalendarInfoW
GetTapePosition
LZDone
CloseHandle
lstrcpy
EnumResourceNamesA
LoadLibraryA
GetDiskFreeSpaceW
GetVDMCurrentDirectories
GlobalWire
GetConsoleScreenBufferInfo
GetConsoleCommandHistoryLengthW
GetPrivateProfileStructW
SetTimerQueueTimer
GetTapeStatus
FindFirstFileExA
GetCurrentThread
GetEnvironmentStringsA
SetLocaleInfoA
AddLocalAlternateComputerNameA
GetStdHandle
VirtualAlloc
OpenEventA
GetBinaryTypeW
GetTempFileNameA
GetStringTypeW
LZSeek

winsta

WinStationDisconnect
WinStationQueryUpdateRequired
WinStationNameFromLogonIdA
WinStationShadow
WinStationShutdownSystem
_WinStationAnnoyancePopup
WinStationGetLanAdapterNameA
_WinStationFUSCanRemoteUserDisconnect
ServerLicensingOpenA
ServerSetInternetConnectorStatus
_WinStationNotifyLogon
WinStationIsHelpAssistantSession
WinStationRegisterConsoleNotification
WinStationSendWindowMessage
LogonIdFromWinStationNameA
WinStationGetLanAdapterNameW
WinStationConnectA
WinStationOpenServerW
ServerLicensingGetPolicyInformationA
ServerLicensingClose
WinStationEnumerateW
WinStationCloseServer
_WinStationShadowTarget
ServerLicensingFreePolicyInformation
WinStationInstallLicense
WinStationRemoveLicense
ServerLicensingGetPolicyInformationW
WinStationTerminateProcess
ServerLicensingUnloadPolicy
WinStationServerPing
_WinStationBreakPoint
WinStationQueryLogonCredentialsW
WinStationShadowStop
_WinStationUpdateClientCachedCredentials
_WinStationNotifyDisconnectPipe
WinStationSendMessageW
_WinStationShadowTargetSetup
WinStationNameFromLogonIdW
_WinStationUpdateUserConfig
WinStationEnumerateProcesses
_WinStationWaitForConnect
_WinStationCheckForApplicationName

olecli32

OleGetLinkUpdateOptions
OleIsDcMeta
LeReconnect
PbCreateLinkFromFile
PbCreateFromTemplate
LeActivate
OleQueryName
OleGetData
GenGetData
BmClone
LeQueryType
DefCreateLinkFromClip
LeSetBounds
OleLoadFromStream
LeCopyFromLink
LeUpdate
DefCreateFromClip
GenRelease
MfCopy
ErrQueryProtocol
OleCreateLinkFromClip
ErrExecute
OleRegisterClientDoc
LeQueryBounds
MfChangeData
OleCreateInvisible
ObjQueryName
ConnectDlgProc
OleRenameClientDoc
DefLoadFromStream
ErrClose

esent

JetStopBackupInstance
JetRetrieveTaggedColumnList
JetCloseFile
JetCreateDatabaseWithStreaming
JetTerm2
JetComputeStats
JetSetDatabaseSize
JetBackupInstance
JetDeleteColumn2
JetMakeKey
JetMove
JetGetTruncateLogInfoInstance
JetGetBookmark
JetDupCursor
JetEnumerateColumns
JetGetVersion
JetSetCurrentIndex
JetCommitTransaction@8
JetOpenTempTable3
JetSetLS
JetUpdate
JetGetSecondaryIndexBookmark
JetCreateTableColumnIndex
JetCreateIndex
JetGetLogInfoInstance
JetReadFile
JetInit@4
JetDupSession
JetOpenTempTable
JetDetachDatabase2
JetRestoreInstance
JetGetTableColumnInfo
JetGetAttachInfo
JetSeek@12
JetGetLogInfo
JetCloseTable@8
JetOpenFile

wshrm

WSHIoctl
WSHStringToAddress
WSHGetWSAProtocolInfo
WSHNotify
WSHGetSocketInformation
WSHGetBroadcastSockaddr
WSHJoinLeaf
WSHAddressToString
WSHEnumProtocols
WSHSetSocketInformation
WSHGetSockaddrType
WSHOpenSocket2
WSHOpenSocket
WSHGetWinsockMapping
WSHGetWildcardSockaddr
WSHGetProviderGuid

Sections

.text
Size: 197KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 203KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 463KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ee90266418c9a2bfcb79ebe5547c634

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

kernel32

winsta

olecli32

esent

wshrm

Sections

.text Size: 197KB - Virtual size: 200KB

.rdata Size: 203KB - Virtual size: 204KB

.data Size: 512B - Virtual size: 1.9MB

.rsrc Size: 463KB - Virtual size: 464KB

.reloc Size: 1KB - Virtual size: 4KB

.text
Size: 197KB - Virtual size: 200KB

.rdata
Size: 203KB - Virtual size: 204KB

.data
Size: 512B - Virtual size: 1.9MB

.rsrc
Size: 463KB - Virtual size: 464KB

.reloc
Size: 1KB - Virtual size: 4KB