abac78c49f7cf6b2c1c983a999c23594_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

abac78c49f7cf6b2c1c983a999c23594_JaffaCakes118
Size

176KB
MD5

abac78c49f7cf6b2c1c983a999c23594
SHA1

c08d538c6aafec4959ca3b037121783720f6651a
SHA256

598e481ef90ca749aa2e722c6758ada47d6e36bafc3c4d6226ec4e411e4b5122
SHA512

e1734c510853545394539dd8009aef09aa08c01d04525ec6d38c80dba79fcfc85abddd167f10438811a011acd6dbe73a9713fb128c1b7b7c79f92007ce014f1d
SSDEEP

3072:HxfspKk7vbGzvQ9U4sZB1zTnOKqFV4Wbd5tqpZ5oONC2laG/cQNj:JaSzY9r4BlJqFVhbdfq351C2lF/cQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abac78c49f7cf6b2c1c983a999c23594_JaffaCakes118

Files

abac78c49f7cf6b2c1c983a999c23594_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7d573b870d6b159eb9c14d06c9ee9a40

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

aspnet_wp.pdb

Imports

msvcr71

_controlfp
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
printf
__security_error_handler
wcstoul
_vsnwprintf
_wtoi
_beginthread
_c_exit
_exit
_XcptFilter
_cexit
exit
__p___winitenv
_amsg_exit
__wgetmainargs
_itow
_initterm
__setusermatherr

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetThreadToken

kernel32

FreeLibrary
LocalFree
LocalAlloc
SwitchToThread
GetCurrentThreadId
GetProcessAffinityMask
GetSystemInfo
HeapSize
HeapReAlloc
InterlockedExchange
HeapAlloc
GetModuleHandleA
ResetEvent
WaitForSingleObject
ExitProcess
SetEvent
OpenEventW
GetCurrentProcess
SetProcessAffinityMask
LoadLibraryA
RaiseException
QueryPerformanceCounter
HeapFree
GetProcAddress
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
CloseHandle
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
Sleep
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileW
SetNamedPipeHandleState
ReadFile
GetLastError
GetOverlappedResult
DebugBreak
WriteFile
GetModuleHandleW
GetTickCount
lstrlenA
lstrlenW

aspnet_isapi

?XspLogEvent@@YAJKPAGZZ
IsManagedDebuggerConnectedIndirect
DrainThreadPool
DisposeAppDomainsIndirect
GetConfigurationFromNativeCode
IsConfigFileName
MonitorGlobalConfigFile
UnInitializeManagedCode
InitializeManagedCode
PerfCounterInitialize
SetClrThreadPoolLimits
InitializeLibrary
GetAppDomainIndirect
ClrQueueUserWorkItem
PerfIncrementGlobalCounter
PerfDecrementGlobalCounter
GetXSPHeap
AttachHandleToThreadPool
GetProcessMemoryInformation
GetGlobalConfigFullPathW

Exports

Exports

PMAppendLogParameter
PMCallISAPI
PMCloseConnection
PMDoneWithSession
PMEmptyResponse
PMFlushCore
PMGetAdditionalPostedContent
PMGetAllServerVariables
PMGetBasics
PMGetClientCertificate
PMGetCurrentProcessInfo
PMGetHistoryTable
PMGetImpersonationToken
PMGetMemoryLimitInMB
PMGetPreloadedPostedContent
PMGetQueryString
PMGetQueryStringRawBytes
PMGetServerVariable
PMGetStartTimeStamp
PMGetVirtualPathToken
PMIsClientConnected
PMMapUrlToPath
PMWriteBytes
PMWriteHeaders

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PACK
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7d573b870d6b159eb9c14d06c9ee9a40

Headers

File Characteristics

PDB Paths

Imports

msvcr71

advapi32

kernel32

aspnet_isapi

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 248B

.rsrc Size: 4KB - Virtual size: 1KB

PACK Size: 144KB - Virtual size: 380KB

.text
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 248B

.rsrc
Size: 4KB - Virtual size: 1KB

PACK
Size: 144KB - Virtual size: 380KB