b62fea3d72beef78199bad1353517fb3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b62fea3d72beef78199bad1353517fb3_JaffaCakes118
Size

85KB
MD5

b62fea3d72beef78199bad1353517fb3
SHA1

6f0c3ab2bb77f9a18322ba36b7dadb2ab7eb6db0
SHA256

0d8e0e86358c2fdd269cc9b0f8d05cf6a5af0f29c6acc6b75a82f04c1444c8ce
SHA512

3c77326b87dba4d0cd2ca1b0a763ecf0689627ca287de653d3af7fd3494d8ea5831daf1091bd63da63df96d012d9251f241c7d19fb3c9041890f51e5ab7e7d0d
SSDEEP

1536:uKdXB1jMKM3pv+55s4bPK20BK55HfoveFCRxQVOfdFfeL+M:5MKMB+5i4GPBKnHfovsCRxOifc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b62fea3d72beef78199bad1353517fb3_JaffaCakes118

Files

b62fea3d72beef78199bad1353517fb3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

816689566c8865ec1d70b4cbdc78be23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointerEx
GetTimeZoneInformation
GetCurrentDirectoryA
SetMailslotInfo
GetStartupInfoA
AddAtomW
GetTickCount
lstrcpynA
QueryPerformanceCounter
GetCurrentProcessId
GetFirmwareEnvironmentVariableA
FindAtomW
VirtualAlloc
GetPrivateProfileStringW
SetFirmwareEnvironmentVariableW
FindNextFileA
GetVersion
MapViewOfFileEx
BaseInitAppcompatCacheSupport
LoadLibraryA
GetModuleHandleW
WritePrivateProfileStringA
GetCurrentThreadId
GetSystemTimeAsFileTime
VirtualQuery

msvcrt20

_tcscmp
_mbccpy
?seekpos@streambuf@@UAEJJH@Z
iswcntrl
??1ios@@UAE@XZ
??5istream@@QAEAAV0@AAG@Z
_spawnlp
_wopen
exp
_tcsncicmp
_ismbcprint
??4strstreambuf@@QAEAAV0@ABV0@@Z
??5istream@@QAEAAV0@PAC@Z
_findclose
?ignore@istream@@QAEAAV1@HH@Z
iswdigit
__wargv
??4istream@@IAEAAV0@ABV0@@Z
?close@filebuf@@QAEPAV1@XZ
_wstrdate
_locking
??_7fstream@@6B@
_tcsstr
?is_open@ofstream@@QBEHXZ
??1strstream@@UAE@XZ

dnsapi

DnsFree
DnsFlushResolverCacheEntry_W
DnsCreateStringCopy
DnsExtractRecordsFromMessage_UTF8
DnsValidateName_W
DnsRecordSetCompare
Dns_BuildPacket
DnsApiSetDebugGlobals
CombineRecordsInBlob
NetInfo_Free
DnsNameCompareEx_UTF8
DnsQueryExA
Dns_ParsePacketRecord
Dns_UpdateLibEx

wintrust

MsCatConstructHashTag
OpenPersonalTrustDBDialog
WintrustCertificateTrust
CryptSIPGetSignedDataMsg
DriverCleanupPolicy
AddPersonalTrustDBPages
DriverInitializePolicy
WVTAsn1SpcSpAgencyInfoEncode
TrustFindIssuerCertificate
DllUnregisterServer
CryptSIPGetRegWorkingFlags

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

816689566c8865ec1d70b4cbdc78be23

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt20

dnsapi

wintrust

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 19KB - Virtual size: 72KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 288B

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 19KB - Virtual size: 72KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 288B