b6b9d892afb3fb13900849e395960b07_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b6b9d892afb3fb13900849e395960b07_JaffaCakes118
Size

351KB
MD5

b6b9d892afb3fb13900849e395960b07
SHA1

d92cf54b3cacc016d2e7422fded79acf55bddf09
SHA256

d2c3b801dadf03454f1f5d47dcceb479221accf95c54f65a8b949c58bee9df50
SHA512

84fa0e8edef9e2bd99ce1f5ee35696d78c97d1b7ecd3de9f7ecd20bbf5aebcf3efd7cfa4f0117329851371eb0321baa61d00a117c1adf9f491bacb3387e67e26
SSDEEP

6144:7/LAcT89Q1Aap2zvy/lkk5i7JJ7txe1GyfqVDSRCTmefK3wg1BM6l2Tcek:7/jTH1AaojyqJ9txxJlSRyQv1B6zk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6b9d892afb3fb13900849e395960b07_JaffaCakes118

Files

b6b9d892afb3fb13900849e395960b07_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3eacd8080a932ba7a0618bfd0deaff1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_CxxThrowException
free
_purecall
__CxxFrameHandler
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
wcsrchr
_wcsupr
_wtol
wcsncmp
wcstol
_ltow
_callnewh
_initterm
_except_handler3
_onexit
_wcsicmp
_ultow
wcsncpy
wcscmp
wcscpy
wcslen
??0exception@@QAE@ABV0@@Z

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?nothrow@std@@3Unothrow_t@1@B
??0bad_alloc@std@@QAE@ABV01@@Z
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@PBD@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z

atl

ord15
ord30
ord58
ord32
ord20
ord16
ord21
ord23
ord17

iassvcs

IASVariantChangeType

rtutils

TraceVprintfExW
TraceRegisterExW
TraceDeregisterA

oleaut32

VariantClear
SysFreeString
SysAllocString
LoadRegTypeLi
SysStringLen
SafeArrayCreate
VariantInit
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
GetErrorInfo
VariantCopy

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CLSIDFromProgID
CoRevertToSelf
CoImpersonateClient
CoUninitialize
CoInitializeSecurity

advapi32

CloseServiceHandle
RegisterServiceCtrlHandlerA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
DeleteService
OpenServiceA
OpenSCManagerA
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
SetServiceStatus

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

user32

wsprintfW

kernel32

lstrlenA
EnterCriticalSection
LeaveCriticalSection
VirtualQuery
InterlockedExchange
Sleep
FormatMessageW
lstrcpynA
lstrcatA
lstrcpyA
lstrcmpiA
SetLastError
CreateEventW
WaitForSingleObject
CloseHandle
CreateDirectoryA
GetEnvironmentVariableA
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
SetEvent
GetModuleFileNameA
GetLastError
lstrcmpA
SwitchToThread
TryEnterCriticalSection
LocalFree
DeleteFileA
CopyFileA
GetWindowsDirectoryA
GetSystemWow64DirectoryA
RemoveDirectoryA

Exports

Exports

?adasdasdasd@@YGHPAEH@Z
?oiuqwoeuopqwe@@YGXPADID@Z

Sections

.text
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uuup
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kuup
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ouup
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.duup
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.auuu
Size: 322KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qiii
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gooo
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.faaa
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3eacd8080a932ba7a0618bfd0deaff1c

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

msvcp60

atl

iassvcs

rtutils

oleaut32

ole32

advapi32

rpcrt4

user32

kernel32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 8KB

.rdata Size: 5KB - Virtual size: 8KB

.data Size: 1KB - Virtual size: 4KB

.uuup Size: 512B - Virtual size: 4KB

.kuup Size: 512B - Virtual size: 4KB

.ouup Size: 512B - Virtual size: 4KB

.duup Size: 512B - Virtual size: 4KB

.auuu Size: 322KB - Virtual size: 324KB

.qiii Size: 512B - Virtual size: 4KB

.gooo Size: 512B - Virtual size: 4KB

.faaa Size: 512B - Virtual size: 4KB

.rsrc Size: 11KB - Virtual size: 428KB

.text
Size: 7KB - Virtual size: 8KB

.rdata
Size: 5KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 4KB

.uuup
Size: 512B - Virtual size: 4KB

.kuup
Size: 512B - Virtual size: 4KB

.ouup
Size: 512B - Virtual size: 4KB

.duup
Size: 512B - Virtual size: 4KB

.auuu
Size: 322KB - Virtual size: 324KB

.qiii
Size: 512B - Virtual size: 4KB

.gooo
Size: 512B - Virtual size: 4KB

.faaa
Size: 512B - Virtual size: 4KB

.rsrc
Size: 11KB - Virtual size: 428KB