b4b0480465c9630a86fde0c01c2650f3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b4b0480465c9630a86fde0c01c2650f3_JaffaCakes118
Size

279KB
MD5

b4b0480465c9630a86fde0c01c2650f3
SHA1

bc09e188fb03f0296bad1cd13844aed0631de0d1
SHA256

99bd37896ea83eab35959502f1b5359a65bcad5d940305437ffce531c4385546
SHA512

d766060ccb561a4d19165706024e0d59b5da4a5755f5886036c5d0a8a0eb2da0ac4384933ee2843035542b222243de0b1f212b10977daee1c802546fc422fd5b
SSDEEP

6144:P4IQCxbquXd+KARUOd/E9xrcLqBHazI+abBRYgdtHSPT0:Q9sXgKjOdM9tcAcIHD7JSb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4b0480465c9630a86fde0c01c2650f3_JaffaCakes118

Files

b4b0480465c9630a86fde0c01c2650f3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

09f81a091ff8577dd4e47e3dd68fd06e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetICMMode
MoveToEx
DeleteColorSpace
FixBrushOrgEx
EngLoadModule
GetMetaRgn
RectInRegion
EngCreateSemaphore
Rectangle
GdiSetServerAttr
GetStringBitmapA
EngEraseSurface
GdiDrawStream
SetTextAlign
CreatePolyPolygonRgn
GdiRealizationInfo
SetPixel
DdEntry21
GetEUDCTimeStamp
ChoosePixelFormat
ScaleWindowExtEx
PolyTextOutW
SetDIBitsToDevice
GetTextExtentExPointWPri
GetTextFaceW
EngAlphaBlend
SetBitmapAttributes
GdiConvertBrush
DdEntry8
UpdateICMRegKeyW
DeleteEnhMetaFile
GetTextExtentPoint32W
DdEntry10
GdiPlayScript
CreatePen
EngAssociateSurface
GdiGetSpoolFileHandle
EngLineTo
GdiPlayPageEMF
GetPixel
ExtTextOutW
GetClipRgn
SelectClipRgn
GetGlyphOutlineA
GetPolyFillMode

kernel32

GetModuleHandleExW
TlsAlloc
SetConsoleActiveScreenBuffer
GetExitCodeProcess
CompareStringA
GetPrivateProfileStringW
DeleteFileA
FreeLibraryAndExitThread
GlobalUnWire
WriteFileEx
ReadDirectoryChangesW
SetTapePosition
IsBadReadPtr
InitializeSListHead
OpenEventW
ReplaceFile
SetConsoleKeyShortcuts
Toolhelp32ReadProcessMemory
GetCommModemStatus
ResumeThread
EnumLanguageGroupLocalesW
OpenMutexW
VirtualAlloc
CreateDirectoryA
GetACP
GetConsoleCommandHistoryW
DnsHostnameToComputerNameW
GetConsoleCommandHistoryLengthW
EnumUILanguagesA
RegisterWaitForSingleObject
SetFileAttributesW
_lopen
BeginUpdateResourceA
LoadLibraryA
GetQueuedCompletionStatus
GetCPInfoExW
LocalAlloc
UpdateResourceW
CommConfigDialogW
VerLanguageNameW
RemoveDirectoryA
SwitchToFiber
MulDiv
HeapCreate
ReleaseSemaphore
MoveFileExA
_lread
GetWindowsDirectoryW
GlobalAlloc
IsBadStringPtrA
PostQueuedCompletionStatus
WriteConsoleW
SetConsoleCursorPosition
RemoveLocalAlternateComputerNameW
CreateDirectoryExA
GetProfileIntW
GetSystemDefaultUILanguage
RestoreLastError
UnregisterConsoleIME
_llseek
GetLocaleInfoW
GetOEMCP
SetConsoleCtrlHandler
BaseDumpAppcompatCache
lstrcmpi
BaseCheckAppcompatCache
FreeEnvironmentStringsW
SearchPathW
SetProcessWorkingSetSize
GetThreadTimes
FlushFileBuffers
_lcreat
SetClientTimeZoneInformation
GetConsoleCP
GlobalGetAtomNameA
EnumDateFormatsExW

ntdll

_ultow
ZwAccessCheckByType
NtDeviceIoControlFile
NtReleaseKeyedEvent
ZwQuerySystemTime
ZwQueryInformationFile
ZwDebugContinue
RtlCreateUserProcess
RtlAnsiStringToUnicodeSize
tolower
RtlDosSearchPath_U
LdrGetDllHandleEx
RtlExtendedMagicDivide
ZwSignalAndWaitForSingleObject
ZwCreateMutant
RtlxOemStringToUnicodeSize
ZwLockVirtualMemory
RtlLookupAtomInAtomTable
iswxdigit
wcscspn
RtlNumberGenericTableElements
NtPowerInformation
RtlComputePrivatizedDllName_U
LdrAddRefDll
_i64tow
wcsrchr
ZwReleaseMutant
RtlDosPathNameToNtPathName_U
RtlCreateActivationContext
RtlGetNtProductType
RtlAllocateHeap
ZwNotifyChangeMultipleKeys

mfcsubs

??ACMapStringToPtr@@QAEAAPAXPBG@Z
??M@YG_NPBGABVCString@@@Z
?GetAssocAt@CMapStringToPtr@@IBEPAUCAssoc@1@PBGAAI@Z
?ReverseFind@CString@@QBEHG@Z
?UnlockBuffer@CString@@QAEXXZ
?Copy@CStringArray@@QAEXABV1@@Z
?Lock@CCriticalSection@@UAEHK@Z
?Append@CStringArray@@QAEHABV1@@Z
??8@YG_NABVCString@@0@Z
?FreeAssoc@CMapStringToPtr@@IAEXPAUCAssoc@1@@Z
?Format@CString@@QAAXIZZ
?ElementAt@CStringArray@@QAEAAVCString@@H@Z
??1CMapStringToPtr@@UAE@XZ
?Lock@CCriticalSection@@QAEHXZ
??4CString@@QAEABV0@PBE@Z
??_7CObject@@6B@
?SetAt@CStringArray@@QAEXHPBG@Z
?SetAt@CString@@QAEXHG@Z
??0CStringArray@@QAE@XZ
?LockBuffer@CString@@QAEPAGXZ
?data@CPlex@@QAEPAXXZ
??4CString@@QAEABV0@G@Z
??O@YG_NPBGABVCString@@@Z
??4CString@@QAEABV0@ABV0@@Z
??N@YG_NABVCString@@0@Z
??0CCriticalSection@@QAE@XZ

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09f81a091ff8577dd4e47e3dd68fd06e

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

ntdll

mfcsubs

Sections

.text Size: 122KB - Virtual size: 122KB

.rdata Size: 98KB - Virtual size: 98KB

.data Size: 55KB - Virtual size: 409KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 122KB - Virtual size: 122KB

.rdata
Size: 98KB - Virtual size: 98KB

.data
Size: 55KB - Virtual size: 409KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B