96de0364443e3871441451d7b1f50572_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

96de0364443e3871441451d7b1f50572_JaffaCakes118
Size

166KB
MD5

96de0364443e3871441451d7b1f50572
SHA1

54eaafa4505466eb8e1f7d46b64f3590415af32d
SHA256

7a9f689fc1040e1e8d06e52d3bac9fab63e5e6937dfd6bfa86d14baf0ffe26eb
SHA512

5957222a01dee2719424e7c28f628a01de594e820c18c1135ffe2838cafa54add60e689d37e7855d8002fddc3d5528c6fe1fb9fd8910ad0eef74d2fddbdc8f43
SSDEEP

3072:68J7vGtVtthkE/Ce4xGzOpchYGwdtgbcufvfPHza6SQ4iAtQs9k/IZFYeUrLdk/8:tqD8e4QzYcD4ovfPTPtC9WKFYnrudpnP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96de0364443e3871441451d7b1f50572_JaffaCakes118

Files

96de0364443e3871441451d7b1f50572_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5183a32011366a2bd617ec5ab66c4e73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumSystemCodePagesA
IsDebuggerPresent
SearchPathW
InterlockedIncrement
GetSystemTime
GetTickCount
LockFileEx
SetConsoleScreenBufferSize
IsWow64Process
LCMapStringA
GetVolumeNameForVolumeMountPointA
IsBadCodePtr
GlobalUnWire
IsValidLocale
ReplaceFile
SetComPlusPackageInstallStatus
SetFileApisToOEM
MultiByteToWideChar
SetUnhandledExceptionFilter
DebugBreak
CreateFileW
GetDriveTypeW
CreateDirectoryA
CreateNamedPipeA
BuildCommDCBAndTimeoutsW
GetLongPathNameW
GetCurrentProcessId
RtlZeroMemory
AddConsoleAliasW
QueryDosDeviceW
VirtualFreeEx
SetConsoleActiveScreenBuffer
LZStart
GetWindowsDirectoryW
GetVersion
GetStringTypeExA
WriteConsoleOutputCharacterW
RegisterWaitForSingleObjectEx
GetProcessShutdownParameters
FindAtomA
GlobalFix
GetFirmwareEnvironmentVariableA
GetModuleHandleA
BackupRead
lstrcpyA
EnumDateFormatsExA
VirtualAlloc
ExpandEnvironmentStringsW
WriteProfileSectionW
SignalObjectAndWait
GetFileSize
SetFirmwareEnvironmentVariableW
GetDriveTypeA
CreateActCtxA
GetWindowsDirectoryA
IsValidCodePage
GetProcessId
lstrcmpA
FatalAppExitA
CreateEventA
LockResource
CreateFileMappingW
DeleteFileA
BaseInitAppcompatCacheSupport
PeekNamedPipe
SetCriticalSectionSpinCount
CmdBatNotification
QueryDepthSList
WaitForDebugEvent
Process32FirstW
GetConsoleCursorMode
FreeLibrary
GetSystemPowerStatus
GetShortPathNameA
LoadLibraryA
SetLastError
ActivateActCtx
DeleteTimerQueueEx
WriteFile
HeapDestroy

oleaut32

VarUI2FromUI1
ClearCustData
SafeArrayCreateEx
VarDateFromI4
VarDateFromI1
VariantCopy
LoadRegTypeLib
VarI4FromI1
RegisterActiveObject
VarI1FromUI8
VarMod
CreateStdDispatch
VarUI1FromI2
VarCyFromI8
VarI2FromUI1
VarUI8FromUI1
VarI8FromDec
VarDecFromUI1
VarDateFromUI8
VarDecFromI1
VarUI1FromDisp
VarI8FromUI4
VarR4FromUI1
VarBstrFromDec
VarI2FromI8
VarDecFromStr
VarAnd
VarUI2FromDec
VarDecCmpR8
VarCyFromDisp
VarCyFromUI1
SafeArrayCreateVectorEx

iphlpapi

EnableRouter
SetIpTTL
GetBestRoute
NotifyRouteChange
GetAdaptersInfo
_PfTestPacket@20
_PfBindInterfaceToIPAddress@12
IcmpParseReplies
SendARP
GetIfTable
GetAdapterIndex
NhGetGuidFromInterfaceName
GetIpForwardTable
IcmpCloseHandle
do_echo_rep
_PfRemoveFilterHandles@12
CreateIpForwardEntry
InternalCreateIpNetEntry
InternalSetIpStats
GetIpStatisticsEx
InternalGetIpNetTable
InternalSetTcpEntry
GetUdpStatisticsEx
InternalSetIpNetEntry
InternalDeleteIpForwardEntry
DeleteIPAddress
DeleteProxyArpEntry
_PfCreateInterface@24
_PfRemoveGlobalFilterFromInterface@8
_PfDeleteLog@0
_PfBindInterfaceToIndex@16
IpReleaseAddress
InternalGetIpForwardTable
IcmpSendEcho
_PfGetInterfaceStatistics@16
InternalGetIpAddrTable
GetAdapterOrderMap
GetPerAdapterInfo

msdart

?IsReadUnlocked@CReaderWriterLock3@@QBE_NXZ
?_ReadLockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
?GetSpinCount@CReaderWriterLock3@@QBEGXZ
?MaxSize@CLKRHashTable@@QBEKXZ
?_TryWriteLock@CReaderWriterLock3@@AAE_NJ@Z
?ReadOrWriteLock@CSpinLock@@QAE_NXZ
MpHeapFree
mpMalloc
??1CReaderWriterLock@@QAE@XZ
?GetDefaultSpinCount@CFakeLock@@SGGXZ
?MpHeapCompact@@YAKPAX@Z
??0CFakeLock@@QAE@XZ
?_WriteLockSpin@CReaderWriterLock2@@AAEXXZ
??1CDoubleList@@QAE@XZ
??1CSingleList@@QAE@XZ
?IsWin9x@CMdVersionInfo@@SAHXZ
?s_aBucketSizes@?1??BucketSizes@CLKRHashTableStats@@SGPBJXZ@4QBJB
??4CFakeLock@@QAEAAV0@ABV0@@Z
?_InsertThisIntoGlobalList@CLKRLinearHashTable@@AAEXXZ
?SetSpinCount@CReaderWriterLock2@@QAE_NG@Z
?ReadUnlock@CLKRLinearHashTable@@QBEXXZ
?RemoveTail@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?IsWriteLocked@CSmallSpinLock@@QBE_NXZ
?SetSpinCount@CCritSec@@SGKPAPAVCCriticalSection@@K@Z
?SetTableLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
MPInitializeCriticalSection
?_TryLock@CSmallSpinLock@@AAE_NXZ
?IsUsable@CLKRLinearHashTable@@QBE_NXZ
?SetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGXN@Z
?_Contract@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ

msoert2

PszScanToCharA
HrFillRasCombo
strtrimW
HrGetMsgParam
PszFromANSIStreamA
HrCopyStreamCB
IsPrint
HrCopyStreamCBEndOnCRLF
CenterDialog
HrGetStreamPos
PszAllocW
BrowseForFolderW
GetExePath
PszSkipWhiteW
FIsSpaceA
CreateDataObject
_MSG
PszMonthFromIndex
CreateTempFile
OpenFileStream
HrStreamToByte
HrCopyLockBytesToStream
RicheditStreamIn
FIsValidFileNameCharA
HrGetCertKeyUsage
CreateStreamOnHFile
HrStreamSeekCur
HrStreamSeekEnd
HrCopyStreamToByte
CryptFreeFunc
CreateSystemHandleName
ReplaceCharsW
OpenFileStreamW
FIsHTMLFileW
AppendTempFileList
PszDupA
DeleteTempFile

msvcrt40

_stat
??0iostream@@IAE@ABV0@@Z
ungetwc
??0ostrstream@@QAE@PADHH@Z
_ismbcalnum
wctomb
?setp@streambuf@@IAEXPAD0@Z
_strnicoll
?epptr@streambuf@@IBEPADXZ
??0ostream@@IAE@XZ
_cprintf
_mtunlock
_ismbclegal
_setjmp
?rdbuf@ofstream@@QBEPAVfilebuf@@XZ
?precision@ios@@QAEHH@Z
??_8stdiostream@@7Bistream@@@
ispunct
__p__commode
putwchar
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??4iostream@@IAEAAV0@AAV0@@Z
?setbuf@streambuf@@UAEPAV1@PADH@Z
?setb@streambuf@@IAEXPAD0H@Z
?text@filebuf@@2HB
_amsg_exit
vfprintf
frexp

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5183a32011366a2bd617ec5ab66c4e73

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

iphlpapi

msdart

msoert2

msvcrt40

Sections

.text Size: 106KB - Virtual size: 106KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 50KB - Virtual size: 249KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 106KB - Virtual size: 106KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 50KB - Virtual size: 249KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B