c15dcbaf46f62b5bb58afae9eb3b2143_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c15dcbaf46f62b5bb58afae9eb3b2143_JaffaCakes118
Size

51KB
MD5

c15dcbaf46f62b5bb58afae9eb3b2143
SHA1

489252fbebf356714fccda7cc1bb7788a06b9f3d
SHA256

ab7854ef59be4ee12f6292bb01fe886920e33316139be24ab71e953372c4a426
SHA512

593c4bf084166c1153c38abcafdc4fece492a95c1526644fdbadf90889f235e71445cfea58a47416b6805b61a6591c9ca7b2891392dd3ece8de4f40a5dcef388
SSDEEP

1536:qx9kjeoK84s4D0a59Op8W2E0t5BePRJIfv2cpiHePx2gda:bKs4QDn2Fv2ciHep2oa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c15dcbaf46f62b5bb58afae9eb3b2143_JaffaCakes118

Files

c15dcbaf46f62b5bb58afae9eb3b2143_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4a8d1a95905e94adf6bab7cf19171377

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

RemoveFontResourceExA
DdEntry3
CreateEnhMetaFileA
GetRegionData
GetEnhMetaFileDescriptionW
GetTransform
GetKerningPairsA
RectVisible
EngFreeModule
EngDeleteClip
GetTextExtentPointA
DdEntry45
GdiGradientFill
BRUSHOBJ_pvAllocRbrush
DdEntry39
SetDIBits
GdiSetServerAttr
SetBrushAttributes
SetBoundsRect
BeginPath
FrameRgn
DdEntry47
EngLineTo
EngGetPrinterDataFileName
GetBitmapBits
CancelDC
DdEntry11

kernel32

CopyFileExA
GetCPInfoExW
GetFullPathNameA
Thread32First
ScrollConsoleScreenBufferA
EnumDateFormatsW
MoveFileWithProgressA
FindFirstFileA
HeapCreate
SetComputerNameExA
GetTickCount
VirtualAlloc
SetCriticalSectionSpinCount
SetFilePointerEx
GetEnvironmentVariableA
RtlCaptureContext
GetCurrentThread
SetThreadLocale
GetEnvironmentStringsA
InitAtomTable
GetCurrentThreadId
GetConsoleCursorInfo
GetExitCodeThread
CreateToolhelp32Snapshot
DeleteFileA
SetFileApisToANSI
PeekConsoleInputW
DeviceIoControl
MoveFileExW
GetPrivateProfileIntW
CreateJobObjectA
WriteConsoleOutputCharacterA
LoadLibraryA
FindFirstFileW
Module32FirstW
SetEnvironmentVariableW
SetConsoleWindowInfo
GlobalAlloc
FileTimeToLocalFileTime
GetAtomNameA
GetVersion
CreateHardLinkA
CreateMutexW
WritePrivateProfileStringW
RegisterConsoleOS2
WriteTapemark
DnsHostnameToComputerNameW
GetLastError
FoldStringA

olecli32

BmDraw
OleLoadFromStream
OleQueryReleaseStatus
OleCreateInvisible
OleRenameClientDoc
OleDraw
PbCreate
OleEnumObjects
LeObjectLong
MfGetData
OleGetData
OleGetLinkUpdateOptions
MfSaveToStream
OleEqual
OleSetData
DefCreateLinkFromClip
WEP
OleRegisterClientDoc
OleQueryName
OleRename
ObjQueryType
OleQueryClientVersion
LeClose
MfEnumFormat
LeClone
ObjQueryName
PbCreateFromTemplate
ErrExecute
OleCreateFromFile

oleaut32

VarBstrFromI4
VarBstrFromBool
VarI1FromI2
VarDateFromUI1
VariantInit
VariantChangeType
VarCat
VarR4FromDec
OaBuildVersion
VarCyRound
SafeArraySetRecordInfo
SysAllocString
VarUI4FromDate
VarR4FromI2
VarUI1FromCy
VarBoolFromCy
VarUI2FromUI4
CreateErrorInfo
SafeArrayAllocDescriptorEx
VariantClear
VectorFromBstr
VarBoolFromI4
VarNot
VarBstrCmp
SafeArrayPutElement
VarR8FromUI8
VarI2FromUI4
OleSavePictureFile
VarUI4FromStr
VarMonthName
VarR4FromUI4
VarCyAdd

msvcirt

??0ifstream@@QAE@ABV0@@Z
??6ostream@@QAEAAV0@G@Z
?setmode@filebuf@@QAEHH@Z
??_Glogic_error@@UAEPAXI@Z
??4istrstream@@QAEAAV0@ABV0@@Z
??6ostream@@QAEAAV0@N@Z
??_Distream_withassign@@QAEXXZ
??_8ostrstream@@7B@
??1ios@@UAE@XZ
??0strstreambuf@@QAE@PAEH0@Z
??_Gostream@@UAEPAXI@Z
?precision@ios@@QBEHXZ
??0ios@@IAE@ABV0@@Z
?osfx@ostream@@QAEXXZ
??_Gfilebuf@@UAEPAXI@Z
?allocate@streambuf@@IAEHXZ
?rdbuf@strstream@@QBEPAVstrstreambuf@@XZ
?sync@filebuf@@UAEHXZ
??_Gfstream@@UAEPAXI@Z
??_7ostream_withassign@@6B@
??_8ostream_withassign@@7B@
??_Giostream@@UAEPAXI@Z
??0stdiobuf@@QAE@ABV0@@Z
??5istream@@QAEAAV0@PAE@Z
?stdiofile@stdiobuf@@QAEPAU_iobuf@@XZ
??6ostream@@QAEAAV0@PBD@Z

msvcrt

??_7bad_cast@@6B@
__initenv
_wfreopen
_wtol
_execl
_wexeclp
__p___wargv
_strnset
_scwprintf
_getmaxstdio
isprint
_ismbcalpha
vsprintf
_initterm
_strdate
_execvp
_ultoa
_rotr
vprintf
strncpy
_gmtime64
_itow
strncat
__p__winminor
_adj_fdiv_m32i
fsetpos
_outpd
_mbsspn
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
iswcntrl
_environ
??_Ebad_cast@@UAEPAXI@Z
__STRINGTOLD
_iob
_ismbcpunct

msvcrt40

??6ostream@@QAEAAV0@K@Z
??_8fstream@@7Bistream@@@
_lfind
_hypot
atan
??0__non_rtti_object@@QAE@ABV0@@Z
??5istream@@QAEAAV0@AAN@Z
??_7strstreambuf@@6B@
strncpy
?setlock@ios@@QAAXXZ
asin
??5istream@@QAEAAV0@AAD@Z
_mbsnbcpy
_unloaddll
remove
_mbctolower
iswascii
_ismbcsymbol
_getdrives
?seekpos@streambuf@@UAEJJH@Z
_ismbbpunct
??1stdiobuf@@UAE@XZ
??5istream@@QAEAAV0@PAC@Z
?getdouble@istream@@AAEHPADH@Z
??_Dostream_withassign@@QAEXXZ
??1ostream_withassign@@UAE@XZ
?unbuffered@streambuf@@IBEHXZ
_jn
fwrite
putchar
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
ctime
?bad@ios@@QBEHXZ

user32

EndDialog

Sections

.text
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a8d1a95905e94adf6bab7cf19171377

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

olecli32

oleaut32

msvcirt

msvcrt

msvcrt40

user32

Sections

.text Size: 38KB - Virtual size: 40KB

.rdata Size: 6KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 60KB

.rsrc Size: 3KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 38KB - Virtual size: 40KB

.rdata
Size: 6KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 60KB

.rsrc
Size: 3KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB