b6d7382372e7728b519ca8babecc4797_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b6d7382372e7728b519ca8babecc4797_JaffaCakes118
Size

43KB
MD5

b6d7382372e7728b519ca8babecc4797
SHA1

4d32dc413939d73cb69f4c86cf7548433fdfb027
SHA256

6ccb1b6b4312b3a22dee6844b7568fedcc5443f55b535d795a0f05cbe4a6a1d9
SHA512

d6bbdd87a166af911653b2c586cd93a5f92b61dff3fb014e40ea1eebed1e69179f4b4f46bc5d579a75304919e01eec8cc88252143aabd879998c495eb912b8d8
SSDEEP

768:UprUZkGX8jG+K5VYdBQjoT7mzJDjk2Y10/EjKrkgvl0JrFmDVsDBBIQdCrBnZ:Up8V+qeDeN01qiAtCIs9pdaB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6d7382372e7728b519ca8babecc4797_JaffaCakes118

Files

b6d7382372e7728b519ca8babecc4797_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0b9fccaac08ccd32ebc37981a2b4caf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowRgn
IsWindowVisible
GetDesktopWindow
GetProcessDefaultLayout
SendNotifyMessageW
ResolveDesktopForWOW
PrintWindow
GetParent
CloseWindowStation
SetInternalWindowPos
DdeClientTransaction
DdeInitializeA
GetUserObjectInformationA
DdeQueryStringW
DefMDIChildProcA
DefWindowProcA
GetThreadDesktop
GetWindow
DdeGetQualityOfService
GetAltTabInfo
GetMessageTime
LoadKeyboardLayoutW
BroadcastSystemMessageExW
SetMenuDefaultItem
DestroyCursor
PostThreadMessageW
AppendMenuA
DefFrameProcA
SetClassLongA
EnumDesktopWindows
ToUnicodeEx
MonitorFromPoint
IsHungAppWindow
IsWinEventHookInstalled

msi

MsiRecordIsNull
MsiRecordGetStringA
MsiLoadStringA
MsiDatabaseGetPrimaryKeysW
MsiEnumFeaturesW
MsiGetPatchInfoA
MsiConfigureFeatureW
MsiGetFeatureValidStatesA
MsiEnumPatchesW
MsiGetFileHashW
MsiGetPatchInfoW
MsiProvideQualifiedComponentW
MsiQueryFeatureStateA
MsiDatabaseGenerateTransformW
MsiInstallMissingFileA
MsiLoadStringW
MsiSetPropertyA
MsiDatabaseOpenViewW
MsiSourceListAddSourceA
MsiQueryProductStateA
MsiVerifyPackageW
MsiGetMode
MsiProvideAssemblyA
MsiRecordReadStream
MsiUseFeatureExW
MsiSetFeatureStateA
MsiDatabaseExportW
MsiDatabaseOpenViewA
MsiGetFeatureUsageW
MsiConfigureFeatureFromDescriptorA
MsiEnumPatchesA
MsiDeleteUserDataW
MsiSetFeatureStateW
MsiSequenceW
MsiGetLastErrorRecord
MsiAdvertiseProductExA

msvcirt

?width@ios@@QAEHH@Z
??1iostream@@UAE@XZ
?seekg@istream@@QAEAAV1@J@Z
??1logic_error@@UAE@XZ
??_8istream_withassign@@7B@
??1stdiostream@@UAE@XZ
??6ostream@@QAEAAV0@PBD@Z
?pbackfail@streambuf@@UAEHH@Z
??_8ostream@@7B@
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
??_7exception@@6B@
?rdbuf@ostrstream@@QBEPAVstrstreambuf@@XZ
?str@strstream@@QAEPADXZ
??1istrstream@@UAE@XZ
?unbuffered@streambuf@@IBEHXZ
??0streambuf@@IAE@XZ
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
?precision@ios@@QBEHXZ
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
??4strstream@@QAEAAV0@AAV0@@Z
??6ostream@@QAEAAV0@E@Z
?unbuffered@streambuf@@IAEXH@Z
?eback@streambuf@@IBEPADXZ
?sgetn@streambuf@@QAEHPADH@Z
??0istrstream@@QAE@PADH@Z
?is_open@fstream@@QBEHXZ
?pcount@strstream@@QBEHXZ
??_7streambuf@@6B@
??1stdiobuf@@UAE@XZ
??_7stdiostream@@6B@
??_7istream_withassign@@6B@
??6ostream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
??0ostream_withassign@@QAE@ABV0@@Z
?gbump@streambuf@@IAEXH@Z
??4fstream@@QAEAAV0@AAV0@@Z
?sync@istream@@QAEHXZ
??_Eostream_withassign@@UAEPAXI@Z
??_Dstdiostream@@QAEXXZ

softpub

SoftpubInitialize
OfficeInitializePolicy
SoftpubLoadDefUsageCallData
SoftpubDumpStructure
HTTPSCertificateTrust
SoftpubAuthenticode
OpenPersonalTrustDBDialog
SoftpubLoadMessage
GenericChainFinalProv
DriverCleanupPolicy
DriverFinalPolicy
SoftpubCheckCert
FindCertsByIssuer
SoftpubDefCertInit
OfficeCleanupPolicy
SoftpubCleanup
HTTPSFinalProv
SoftpubFreeDefUsageCallData
SoftpubLoadSignature
AddPersonalTrustDBPages
GenericChainCertificateTrust
DriverInitializePolicy

kernel32

GetWindowsDirectoryW
RemoveDirectoryW
BuildCommDCBAndTimeoutsW
CreateNamedPipeA
EnumSystemCodePagesW
TlsSetValue
GetTickCount
GetConsoleCommandHistoryLengthA
GetLocaleInfoW
DeleteVolumeMountPointA
LoadLibraryExW
LZOpenFileW
WritePrivateProfileSectionA
LoadLibraryA
VirtualProtectEx
VirtualAlloc
Heap32ListFirst
lstrcmpi
GetSystemTimeAdjustment
SetConsoleLocalEUDC
GetConsoleWindow
OutputDebugStringA
VirtualQuery
LocalAlloc
DebugBreak
FindNextFileA
CreateFileW
CreateJobObjectW
GetCalendarInfoW
GetVolumeInformationA
WriteConsoleOutputAttribute
VerifyVersionInfoA
GetSystemTimeAsFileTime
CopyFileExW
GetStringTypeW
lstrcmp
_lclose
GetSystemDefaultLangID

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b9fccaac08ccd32ebc37981a2b4caf0

Headers

DLL Characteristics

File Characteristics

Imports

user32

msi

msvcirt

softpub

kernel32

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 2KB - Virtual size: 46KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 2KB - Virtual size: 46KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB