bfa574e9ef46d7aaf8e98e2591846bf0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bfa574e9ef46d7aaf8e98e2591846bf0_JaffaCakes118
Size

68KB
MD5

bfa574e9ef46d7aaf8e98e2591846bf0
SHA1

104b21973de91f2841e453617f8fc87c52c792bf
SHA256

4588553da2c3016fd517dfadd2498c3026a51cadd3e6e86d7112863a02b2e02e
SHA512

9a26b7e15f96ddf089a203b7382d77291da52714765d84657d3b747d0cf2f21403717203d9f3d32078e0ead44763690708f58f15ae0a46423b6b17170d4999d8
SSDEEP

768:owX4DpbDL5C+EA7BUAXOpChGBSsWx+afN+OE8GFGM2x3AuveDP:7WQ+57BLXOIhGQdsafN+O3GUL5mDP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfa574e9ef46d7aaf8e98e2591846bf0_JaffaCakes118

Files

bfa574e9ef46d7aaf8e98e2591846bf0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0fb2429861c60ac69e0139ec7e6d5173

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

acqpkg

write_signal

apxpkg

get_signal
get_module_object_name
apxpkg_GetImageHeader
apx_AddEnsembleDef

ovmpkg

ovm_ThrDisconnectCompletely
ovm_Exception
ovm_CreateProcessWithStack
ovm_DefaultStackSize
ovm_ThrReconnect
ovm_ThrNativeConnect
ovm_ProcessWait
ovm_ThrDisconnect

csutilpkg

utl_Free_
msf_Send
utl_Save_
__utl_Handler
utl_Combine
utl_Alloc_

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA

mfc42

ord825
ord823

kernel32

lstrcmpiA
GetLastError
FindResourceA
LoadResource
SizeofResource
GetModuleHandleA
lstrcpynA
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
IsDBCSLeadByte
InterlockedDecrement
GetCurrentThreadId
DeleteCriticalSection
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
GetShortPathNameA
LoadLibraryExA
lstrcatA
lstrlenA
lstrcpyA
InitializeCriticalSection
lstrlenW

user32

CharNextA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoInitializeEx
CoUninitialize
CoCreateInstance
CoRegisterClassObject

oleaut32

VariantClear
LoadRegTypeLi
SysStringLen
RegisterTypeLi
VarUI4FromStr
SysAllocString
LoadTypeLi
SysFreeString

msvcrt

_ftol
__dllonexit
_adjust_fdiv
_initterm
__CxxFrameHandler
free
malloc
realloc
printf
_purecall
wcstombs
?terminate@@YAXXZ
_except_handler3
wcscmp
_onexit

mdtsup_acq

mdtsup_acq_GetImageHeader
mdt_ResetKB

mrtt_acq

mrtt_external_error_msg
mdt_FreeTaskId
mdt_EFTBToolstring
mrtt_TelemetryCommand

Exports

Exports

chiponboard_acq_GetImageHeader

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ZZZ
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fb2429861c60ac69e0139ec7e6d5173

Headers

File Characteristics

Imports

acqpkg

apxpkg

ovmpkg

csutilpkg

advapi32

mfc42

kernel32

user32

ole32

oleaut32

msvcrt

mdtsup_acq

mrtt_acq

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 1KB

ZZZ Size: 4KB - Virtual size: 4B

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 1KB

ZZZ
Size: 4KB - Virtual size: 4B

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 2KB