a79cce06a9fc24449941db7b0537e332_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a79cce06a9fc24449941db7b0537e332_JaffaCakes118
Size

851KB
MD5

a79cce06a9fc24449941db7b0537e332
SHA1

c99f4b57b9280214e6368fd3d258d23ae6732582
SHA256

ccf9ef8d6e3757d0e6200a13528b31542a268c489e46467d9bde887f92ad724a
SHA512

74f4247dc7981180cdc65dcf034b8df36f8ced00856d270978041ddf4a1da77224f62a9d8f1d74fff710e36c19b3a259b451aec56db4658c208e25ff5f864c25
SSDEEP

24576:mAE2aM5Pjg+o2VrXmn3d3oAJhaBLMYbh08U:m32aM5Pj/Tm3toALaBLMH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a79cce06a9fc24449941db7b0537e332_JaffaCakes118

Files

a79cce06a9fc24449941db7b0537e332_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5325ba2e3411413422f39c5292f6e84b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

AddFontResourceW
GdiConvertBrush
ExtSelectClipRgn
SetPaletteEntries
EngUnicodeToMultiByteN
DdEntry34
EngDeleteSurface
DdEntry2
GetCharWidthFloatW
CopyMetaFileA
XLATEOBJ_iXlate
DdEntry11
SelectClipRgn
DdEntry55
CreateFontIndirectExA
PlayMetaFileRecord
SelectObject
CreateDCW
GdiSetPixelFormat
GetAspectRatioFilterEx
GetEnhMetaFileDescriptionW
CloseMetaFile
DdEntry32

cmutil

CmStrchrW
CmIsSpaceW
?Log@CmLogFile@@QAAXW4_CMLOG_ITEM@@ZZ
?FormatWrite@CmLogFile@@AAEXW4_CMLOG_ITEM@@PAG@Z
?SetSection@CIniW@@QAEXPBG@Z
CmStrCpyAllocW
?GetFile@CIniA@@QBEPBDXZ
CmLoadSmallIconW
?GetPrimaryFile@CIniW@@QBEPBGXZ
?GetFile@CIniW@@QBEPBGXZ
??0CRandom@@QAE@XZ
?SetReadICSData@CIniA@@QAEXH@Z
?LoadSection@CIniA@@QBEPADPBD@Z
?OpenFile@CmLogFile@@AAEJXZ
?SetRegPath@CIniW@@QAEXPBG@Z
CmEndOfStrW
?IsEnabled@CmLogFile@@QAEHXZ

clusapi

GetClusterResourceNetworkName
OpenClusterNetInterface
OpenCluster
ClusterRegDeleteValue
ClusterRegQueryValue
CloseClusterNode
ClusterCloseEnum
GetClusterKey
GetClusterFromNetInterface
SetClusterResourceName
ClusterNetworkGetEnumCount
ClusterResourceControl
GetClusterNodeState
ClusterNetworkEnum
RestoreClusterDatabase
ClusterNetworkControl
CreateClusterResource
ClusterGroupGetEnumCount
ClusterNetInterfaceControl
EvictClusterNode
ClusterRegCreateKey
GetClusterResourceKey
ClusterNodeOpenEnum
AddClusterResourceDependency

kernel32

RemoveLocalAlternateComputerNameW
SizeofResource
ContinueDebugEvent
DeleteFileW
DelayLoadFailureHook
GetBinaryTypeA
GlobalLock
GetTickCount
IsValidCodePage
CreateDirectoryExW
BaseFlushAppcompatCache
GetConsoleAliasExesA
GetCompressedFileSizeW
EnumerateLocalComputerNamesW
VirtualQueryEx
ReadConsoleW
AddAtomA
LoadLibraryA
WritePrivateProfileSectionA
ReadConsoleInputExA
PeekNamedPipe
GetConsoleCommandHistoryA
VirtualAlloc
MoveFileWithProgressA
LZSeek
SetComPlusPackageInstallStatus

msdart

?MaxSize@CLKRHashTable@@QBEKXZ
?GetDefaultSpinAdjustmentFactor@CCritSec@@SGNXZ
?_Initialize@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@P6G?BKPBX@ZP6GKK@ZP6G_NKK@ZP6GX0H@ZPBDNK@Z
?IsWriteLocked@CFakeLock@@QBE_NXZ
?CheckTable@CLKRHashTable@@QBEHXZ
??4CDoubleList@@QAEAAV0@ABV0@@Z
?sm_wDefaultSpinCount@CSmallSpinLock@@1GA
?IsReadLocked@CLKRHashTable@@QBE_NXZ
?_ExtractKey@CLKRLinearHashTable@@ABE?BKPBX@Z
?RemoveTail@CDoubleList@@QAEQAVCListEntry@@XZ
?WriteLock@CFakeLock@@QAEXXZ
?TryWriteLock@CReaderWriterLock2@@QAE_NXZ
?ReadUnlock@CLKRLinearHashTable@@QBEXXZ
?SetSpinCount@CSpinLock@@QAE_NG@Z
?ReadOrWriteUnlock@CReaderWriterLock3@@QAEX_N@Z
?GetDefaultSpinCount@CFakeLock@@SGGXZ
?sm_wDefaultSpinCount@CReaderWriterLock@@1GA
?ConvertExclusiveToShared@CReaderWriterLock3@@QAEXXZ

Sections

.text
Size: 735KB - Virtual size: 734KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5325ba2e3411413422f39c5292f6e84b

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

cmutil

clusapi

kernel32

msdart

Sections

.text Size: 735KB - Virtual size: 734KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 5KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 735KB - Virtual size: 734KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 5KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB