a0fdf0909cd7385009db90be7e773a08_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a0fdf0909cd7385009db90be7e773a08_JaffaCakes118
Size

805KB
MD5

a0fdf0909cd7385009db90be7e773a08
SHA1

d7821ba831de61c71ff0e01f28aed149fc1a193e
SHA256

30b09c838c488d4cc1efc8c03f1e18c357fc238eaf25572b6827a853f9043c14
SHA512

f0d3b89575702e112a22513e6f60c02bac691efedd7c4788a986bad9334c95f95f709a8a1b16938654dbb2aa4eedbf89dd145f96425b73309b45fb9f1266db94
SSDEEP

24576:QJu4q63V1XnifG6O4qlDqRuhRivpHmorPL:M4o1y+38RuhRiZmorD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0fdf0909cd7385009db90be7e773a08_JaffaCakes118

Files

a0fdf0909cd7385009db90be7e773a08_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c1f03b6dd8ff204680789600a22fdaf8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

expsrv

rtcByteValueBstr
rtcBeep
__vbaChkstk
__vbaVargObjAddref
rtcMidVar
__vbaVarTextLikeVar
__vbaR8IntI2
__vbaStrCompVar
__vbaStrCopy
__vbaForEachVar
rtcGetMinuteOfHour
__vbaNextEachCollAd
__vbaVarLikeVar
__vbaUI1Str
PutMem2
__vbaCheckType
__vbaVargVar
rtcRightVar
rtcRemoveDir
__vbaCyI2
__vbaStrI2

kernel32

GetWriteWatch
VerifyConsoleIoHandle
GetTickCount
SetHandleInformation
WaitForMultipleObjectsEx
ReadConsoleOutputA
OpenMutexW
WriteFileEx
RegisterWaitForInputIdle
ZombifyActCtx
TlsFree
GetBinaryTypeW
GetEnvironmentVariableA
IsBadStringPtrA
CreateMutexA
TlsSetValue
GetSystemDirectoryA
GetCommModemStatus
GetFileAttributesExW
CommConfigDialogA
FindNextFileA
VirtualAlloc
GetCommMask
LoadLibraryA
HeapReAlloc
BeginUpdateResourceA
lstrcmpiW

msvcrt40

_ismbbkalnum
??6ostream@@QAEAAV0@J@Z
_wspawnve
?setrwbuf@stdiobuf@@QAEHHH@Z
??_Eifstream@@UAEPAXI@Z
??4ifstream@@QAEAAV0@ABV0@@Z
??_Elogic_error@@UAEPAXI@Z
??5istream@@QAEAAV0@AAN@Z
__CxxLongjmpUnwind
??0filebuf@@QAE@ABV0@@Z
_wexeclpe
iswdigit
?ebuf@streambuf@@IBEPADXZ
??1istream_withassign@@UAE@XZ
??6ostream@@QAEAAV0@H@Z
??_Eexception@@UAEPAXI@Z
??0iostream@@QAE@PAVstreambuf@@@Z
?base@streambuf@@IBEPADXZ
?floatfield@ios@@2JB
_mbsncat
?allocate@streambuf@@IAEHXZ
__p__wpgmptr
??1istream@@UAE@XZ
_findnext
_iob
_spawnl
memset
fgetpos

msvcrt20

_ismbcgraph
??5istream@@QAEAAV0@AAI@Z
??0ostrstream@@QAE@PADHH@Z
bsearch
vfwprintf
_fpclass
_ismbbpunct
_tcstok
_get_osfhandle
??_7ostrstream@@6B@
_pipe
fsetpos
??_Gistream@@UAEPAXI@Z
?bitalloc@ios@@SAJXZ
?close@fstream@@QAEXXZ
wcscpy
_mbbtombc
?unsetf@ios@@QAEJJ@Z
_utime
_onexit
_CIlog
??_Distrstream@@QAEXXZ

ntdll

RtlCreateAndSetSD
NtUnmapViewOfSection
RtlUlonglongByteSwap
RtlAddAuditAccessObjectAce
RtlSetThreadIsCritical
ZwAccessCheckByType
RtlInsertElementGenericTable
NtQueryIoCompletion
RtlCheckRegistryKey
RtlIsValidHandle
_wtoi64
NtOpenThreadToken
_wcslwr
iswxdigit
ZwCancelTimer
RtlConvertSharedToExclusive
wcsstr
ZwSetInformationFile
NtSetDefaultHardErrorPort
RtlGetElementGenericTable
ZwCreateDebugObject
LdrAccessResource
RtlPrefixUnicodeString
ZwOpenSymbolicLinkObject
RtlUpcaseUnicodeToCustomCPN
ZwReadFile

rpcrt4

I_RpcAllocate
NdrInterfacePointerMarshall
pfnUnmarshallRoutines
RpcBindingInqObject
UuidEqual
RpcIfInqId
I_RpcBindingCopy
NdrpMemoryIncrement
NdrMesProcEncodeDecode2
RpcServerUnregisterIfEx
NdrConformantVaryingArrayMarshall
NdrByteCountPointerBufferSize
double_array_from_ndr
I_RpcServerRegisterForwardFunction
NdrSendReceive
RpcMgmtEpEltInqBegin
RpcServerInqDefaultPrincNameW
NdrMesTypeDecode2
NdrUserMarshalMemorySize
RpcAsyncInitializeHandle

acledit

FMExtensionProcW
SedSystemAclEditor
EditOwnerInfo
SedDiscretionaryAclEditor
DllMain
SedTakeOwnership
EditAuditInfo
EditPermissionInfo

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 588KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1f03b6dd8ff204680789600a22fdaf8

Headers

DLL Characteristics

File Characteristics

Imports

expsrv

kernel32

msvcrt40

msvcrt20

ntdll

rpcrt4

acledit

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 200KB - Virtual size: 200KB

.data Size: 588KB - Virtual size: 1.9MB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 264B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 200KB - Virtual size: 200KB

.data
Size: 588KB - Virtual size: 1.9MB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 264B