b181edd6cc7af6bddb30de41db4ad2db_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b181edd6cc7af6bddb30de41db4ad2db_JaffaCakes118
Size

872KB
MD5

b181edd6cc7af6bddb30de41db4ad2db
SHA1

3c1bc9c84b8e3e4616f75fbb4dd09ee486d7a496
SHA256

64aeba6a7b9a3029eacefd3e08d436f566f631670298e58b8459890850ea85ab
SHA512

45ca84e5ffa823357a69ea54e4fab90dab97fb74ab86de142dbc0b9cc3bf8b903fcbe1813f4513260bed7ceebb189071e33d52eb5c492eb26d1f1e19c16eff11
SSDEEP

24576:9yZ3V+FTurVQKHbVFPZxbzB5OsuuvRv8bUic:8Z3V+FeVvV1PB5V/pvHic

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b181edd6cc7af6bddb30de41db4ad2db_JaffaCakes118

Files

b181edd6cc7af6bddb30de41db4ad2db_JaffaCakes118
.exe windows:5 windows x86 arch:x86

36a78b3ef5513433265f060a1328e376

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleInputExA
ReplaceFileA
GetDateFormatA
lstrlen
SetConsoleInputExeNameA
IsBadHugeReadPtr
DosDateTimeToFileTime
GetEnvironmentStrings
LZOpenFileA
OpenFile
GetCurrentThread
LZOpenFileW
DeleteTimerQueueTimer
OpenProfileUserMapping
GetNumberOfConsoleInputEvents
GetConsoleScreenBufferInfo
GetFullPathNameW
CreateHardLinkW
CreateNamedPipeW
_hread
ReadConsoleOutputW
CreateDirectoryExA
SetConsoleScreenBufferSize
TlsSetValue
GetEnvironmentStringsA
IsWow64Process
EnumerateLocalComputerNamesW
SetLastError
SetHandleCount
_hwrite
CancelDeviceWakeupRequest
ResetWriteWatch
SetThreadPriorityBoost
IsValidLocale
AddAtomA
InterlockedExchangeAdd
CreateToolhelp32Snapshot
RemoveVectoredExceptionHandler
InterlockedDecrement
PulseEvent
SetConsoleNumberOfCommandsW
VirtualAlloc
DebugBreak
CompareFileTime
FindResourceExA
GetAtomNameW
GetFileAttributesExA
FlushInstructionCache
WriteFile
LocalCompact
LZSeek
GetNumaAvailableMemoryNode
UTUnRegister
GetComputerNameA
GlobalFix
FormatMessageW
ReadConsoleInputA
LoadLibraryA
DeleteTimerQueueEx
SetComputerNameExA
IsBadStringPtrW
WriteConsoleInputVDMW
SetThreadPriority
GlobalAlloc
Process32NextW
GetConsoleAliasExesA
lstrcpynW
CompareStringA
GetDriveTypeW
GetSystemInfo
SetClientTimeZoneInformation
GetEnvironmentVariableA
InitAtomTable
GetPrivateProfileSectionNamesA
CopyFileExW
FindNextFileW
GetPrivateProfileSectionW
CommConfigDialogW
Module32NextW
ReadConsoleA

ntmarta

AccGetAccessForTrustee
AccTreeResetNamedSecurityInfo
AccConvertSDToAccess
AccProvSetAccessRights
AccProvHandleSetAccessRights
AccConvertAccessMaskToActrlAccess
AccLookupAccountName
AccProvIsAccessAudited
AccConvertAclToAccess
AccFreeIndexArray
EventNameFree
AccProvHandleGetAllRights
AccRewriteSetEntriesInAcl
AccLookupAccountSid
AccConvertAccessToSD
AccProvRevokeAccessRights
EventGuidToName
AccProvRevokeAuditRights
AccProvGrantAccessRights
AccProvHandleRevokeAccessRights
AccRewriteSetNamedRights
AccProvHandleIsAccessAudited
AccGetExplicitEntries
AccRewriteGetExplicitEntriesFromAcl
AccProvGetAccessInfoPerObjectType
AccRewriteGetNamedRights
AccProvHandleRevokeAuditRights
AccProvGetTrusteesAccess
AccProvGetAllRights
AccConvertAccessToSecurityDescriptor
AccProvHandleGrantAccessRights
AccProvHandleIsObjectAccessible
AccProvCancelOperation
AccLookupAccountTrustee
AccProvHandleGetAccessInfoPerObjectType
AccProvGetOperationResults
AccRewriteGetHandleRights
AccProvHandleGetTrusteesAccess
AccSetEntriesInAList
AccProvGetCapabilities
AccProvIsObjectAccessible
AccGetInheritanceSource
AccRewriteSetHandleRights

oleaut32

VarUI4FromDisp
VarImp
VarUI2FromUI1
VarI2FromBool
VarBstrCat
OleLoadPicture
VarI1FromDec
VarCyFromUI1
VarR8FromBool
LHashValOfNameSys
VarR4FromI1
SetOaNoCache
VarParseNumFromStr
VarUI2FromI2
VarUI2FromBool
VarUI1FromBool
VarUI1FromI4
VarDateFromI8
VarUI1FromI2
SafeArrayCreateEx
VarUI1FromI1
VarBstrFromI4
VarBstrFromR8
SafeArrayGetElement
VarR8Pow
VarDateFromI1
VarI4FromUI1
VarBoolFromDisp
VarUI2FromDate
VarDateFromCy
BstrFromVector
VarR4FromUI8
VarI4FromUI4
VarBoolFromUI4
RevokeActiveObject
VariantTimeToDosDateTime
VarUI8FromDisp
VarDateFromI2
VarUI1FromStr
VarR8FromR4
VarR4FromBool
VarR4FromUI2
BSTR_UserMarshal
VarI8FromR4

msvcrt

_ctype
_atodbl
feof
_isatty
_ismbbpunct
_timezone
_mbsset
_pgmptr
iswgraph
_ismbslead
_write
_lrotr
__p__acmdln
__STRINGTOLD
_mbctombb
_expand
_strset
_fcvt
_adj_fprem1
_mbsicmp
_spawnv
isalnum
_wctime
_vscprintf
_wremove
_wfindfirst
_wfreopen
_findnext64
_ecvt
_mbctolower
_fcloseall
qsort
_spawnlpe
_umask
strxfrm
abs

user32

PostQuitMessage
RegisterClassA
DefWindowProcA

Sections

.text
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 418KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36a78b3ef5513433265f060a1328e376

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntmarta

oleaut32

msvcrt

user32

Sections

.text Size: 220KB - Virtual size: 220KB

.rdata Size: 418KB - Virtual size: 420KB

.data Size: 512B - Virtual size: 1.6MB

.rsrc Size: 232KB - Virtual size: 232KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 220KB - Virtual size: 220KB

.rdata
Size: 418KB - Virtual size: 420KB

.data
Size: 512B - Virtual size: 1.6MB

.rsrc
Size: 232KB - Virtual size: 232KB

.reloc
Size: 1024B - Virtual size: 4KB