bbd60ae2db1e6b0e8697a4c09812124f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bbd60ae2db1e6b0e8697a4c09812124f_JaffaCakes118
Size

113KB
MD5

bbd60ae2db1e6b0e8697a4c09812124f
SHA1

67c940021a98c8ec022d9ebed15988eddd8fcd6c
SHA256

7b1b8475cd0313a7fc3ac82f8fb33242ea3c267f228e8c46bc98a6027bca7922
SHA512

4979c29d9e9d1a4a0b889177271483edca98e25606df59fb841f5ed0be4104d87567aeac10aa120274a447c7c8afee844bbc21aeb93a392c9a5e8f8232caee86
SSDEEP

1536:vr3DZzCf41JP1QnnMdPTaACaQdCyvPBv3IpJjgsYr:vr1zx1B1QnMx2JaQjlIngsYr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bbd60ae2db1e6b0e8697a4c09812124f_JaffaCakes118

Files

bbd60ae2db1e6b0e8697a4c09812124f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

711e2b69b569731cf2840961eca764fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\builds\moz2_slave\m-in-w32-d-0000000000000000000\build\src\obj-firefox\storage\test\test_transaction_helper.pdb

Imports

nss3

PR_GetEnv
sqlite3_config
sqlite3_get_autocommit
PR_IntervalNow
PR_sscanf
PR_SetCurrentThreadName
PR_Assert
PR_dtoa
PR_Free
PR_Now
PR_Seek64
PR_NewThreadPrivateIndex
PR_SetThreadPrivate
PR_CallOnce
PR_NewLock
PR_DestroyLock
PR_Lock
PR_Unlock
PR_AssertCurrentThreadOwnsLock
PR_WaitCondVar
PR_EnterMonitor
PR_ExitMonitor
PR_Wait
PR_AssertCurrentThreadInMonitor
sqlite3_shutdown
sqlite3_initialize
PR_Notify
PR_DestroyMonitor
PR_NewMonitor
PR_Sleep
PR_GetCurrentThread
PR_smprintf_free
PR_smprintf
PR_FileDesc2NativeHandle
PR_GetThreadPrivate

xul

NS_InitXPCOM2
NS_ShutdownXPCOM
NS_NewLocalFile
NS_DebugBreak
NS_LogCtor
NS_LogDtor
NS_LogAddRef
NS_LogRelease
NS_LogCOMPtrAddRef
NS_LogCOMPtrRelease
NS_StringContainerInit
NS_StringContainerInit2
NS_StringContainerFinish
NS_CStringContainerInit
NS_CStringContainerInit2
NS_CStringContainerFinish
NS_CStringGetData
NS_CStringSetData
?_external_GetObserverService@services@mozilla@@YG?AU?$already_AddRefed@VnsIObserverService@@@@XZ
NS_GetComponentManager
NS_GetServiceManager
NS_UTF16ToCString
NS_CStringCopy
NS_CStringCloneData
NS_CStringGetMutableData
NS_StringCopy
NS_StringSetDataRange
NS_StringGetMutableData
NS_StringGetData
NS_GetMemoryManager
NS_CStringToUTF16
NS_CStringSetDataRange

mozglue

moz_xmalloc
?moz_Xout_of_range@std@@YAXPBD@Z
free
?moz_Xlength_error@std@@YAXPBD@Z
?gChaosFeatures@detail@mozilla@@3W4ChaosFeature@2@A
realloc
?gChaosModeCounter@detail@mozilla@@3V?$Atomic@I$01X@2@A
malloc
moz_xrealloc
strdup
wcsdup

kernel32

GetModuleHandleW
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
VerSetConditionMask
GetCurrentThread
SetThreadPriority
VerifyVersionInfoA
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
ReadFile
SetEndOfFile
SetFilePointerEx
IsDebuggerPresent
OutputDebugStringA
CloseHandle
TerminateProcess

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?_Xbad_alloc@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

vcruntime140

wcschr
_purecall
memmove
memcpy
strchr
memcmp
memset
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__std_type_info_destroy_list
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_seh_filter_exe
_invalid_parameter_noinfo_noreturn
_initterm_e
terminate
_controlfp_s
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_seh_filter_dll
_exit
exit
_initterm
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc

api-ms-win-crt-stdio-l1-1-0

_set_fmode
_dup
fputs
__p__commode
__acrt_iob_func
fflush
__stdio_common_vsprintf
ftell
fseek
fread
fclose
_wfopen
putchar
__stdio_common_vfprintf

api-ms-win-crt-convert-l1-1-0

wcstol
strtol

api-ms-win-crt-string-l1-1-0

wcsncmp
strncpy
strpbrk
wcspbrk

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-math-l1-1-0

_fdopen
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

711e2b69b569731cf2840961eca764fa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

nss3

xul

mozglue

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 83KB - Virtual size: 83KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 512B - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 36B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 83KB - Virtual size: 83KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 512B - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 36B

.reloc
Size: 6KB - Virtual size: 5KB