cfcf607dc781ff29735142c8da911fc8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cfcf607dc781ff29735142c8da911fc8_JaffaCakes118
Size

88KB
MD5

cfcf607dc781ff29735142c8da911fc8
SHA1

09234dfb6e50829ea90f8ad89b67d5062dbfb3cb
SHA256

288d3f756b0d58864173b099d3b20096bc72023428041be9b14f307c745bef9a
SHA512

32ee75912dace5b2b1904bd118116316e302b592a0b930353362199fbd9a4227af9f408e4115fd32dd812793dcb362ba8ceb71983eeeb77df96cc151041ed5c8
SSDEEP

1536:p9yZVkcTn867E1G6arlp7wHP4qnd2Krsd+A1uQLzBjQWQxcqeeer3zgH5q1mjpnS:p9SkcrVM+KPBnd2D/1uQxjQveb3N1MvY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfcf607dc781ff29735142c8da911fc8_JaffaCakes118

Files

cfcf607dc781ff29735142c8da911fc8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

829ab461dbffea82966ed60b559656de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsA
GetConsoleKeyboardLayoutNameW
QueryPerformanceCounter
PurgeComm
SetFilePointerEx
BuildCommDCBW
WritePrivateProfileStringA
EnumSystemGeoID
GetCurrentProcessId
SetLocalTime
RtlMoveMemory
FindActCtxSectionStringW
EnumResourceLanguagesW
HeapCreate
SetCurrentDirectoryA
FindAtomW
SetConsoleCursorMode
PrivCopyFileExW
VirtualAlloc
IsBadHugeReadPtr
CreateHardLinkA
GetNextVDMCommand
GetLastError
FindResourceA
SetConsoleHardwareState
CreateToolhelp32Snapshot
ConnectNamedPipe
LoadLibraryA
LocalCompact
MapViewOfFileEx
GetTickCount
lstrlenA
GetCurrentThreadId
GetStartupInfoA
GetSystemTimeAsFileTime

msvcirt

??4ostream@@IAEAAV0@ABV0@@Z
?snextc@streambuf@@QAEHXZ
?what@exception@@UBEPBDXZ
??_8istrstream@@7B@
??0ofstream@@QAE@HPADH@Z
?sync_with_stdio@ios@@SAXXZ
??0ios@@IAE@ABV0@@Z
?sh_read@filebuf@@2HB
??5istream@@QAEAAV0@AAJ@Z
??_Gstrstreambuf@@UAEPAXI@Z
?sync@strstreambuf@@UAEHXZ
??5istream@@QAEAAV0@PAC@Z
?hex@@YAAAVios@@AAV1@@Z
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
?sh_none@filebuf@@2HB
?close@fstream@@QAEXXZ
?write@ostream@@QAEAAV1@PBCH@Z
??_Dstrstream@@QAEXXZ
?x_curindex@ios@@0HA

expsrv

__vbaDateStr
rtcPartition
__vbaRedimPreserveVar
rtcVarType
rtcGetMonthOfYear
__vbaRedimPreserve
__vbaPrintObj
rtcCallByName
rtcGetDayOfMonth
CreateIExprSrvObj
__vbaVarSub
rtcTan
__vbaI2Sgn
__vbaI4Sgn
rtcLeftTrimVar
rtcChangeDrive
__vbaLsetFixstrFree
__vbaSetSystemError
__vbaVarLikeVar
rtcFileLen
EVENT_SINK2_AddRef
__vbaStrLike

msvcrt20

?binary@filebuf@@2HB
??0istream@@IAE@XZ
_spawnvpe
vsprintf
_ismbcspace
strlen
?doallocate@streambuf@@MAEHXZ
__p___winitenv
?unlock@ios@@QAAXXZ
wcsrchr
?overflow@strstreambuf@@UAEHH@Z
_wsopen
??0fstream@@QAE@XZ
??4ostream@@IAEAAV0@ABV0@@Z
_ismbbkana
??_Gios@@UAEPAXI@Z
mbtowc
_cputs
??0strstreambuf@@QAE@ABV0@@Z
_flushall
?unlockbuf@ios@@QAAXXZ
__p__osver
?xsgetn@streambuf@@UAEHPADH@Z
_environ
_getdiskfree
localtime

query

?Read@CRegAccess@@QAEKPBGK@Z
?PauseCI@CMachineAdmin@@QAEHXZ
?UnMarshall@CDbProperties@@QAEHAAVPDeSerStream@@@Z
?DoFailTest@@YGXJ@Z
??0CAllocStorageVariant@@QAE@W4VARENUM@@KAAVPMemoryAllocator@@@Z
?AddArg@CEventItem@@QAEXK@Z
?Add@CDbColumns@@QAEHABVCDbColId@@I@Z
?GetColumn@CCatState@@QBEPBGI@Z
?Remove@CColumns@@QAEXI@Z
?FastInit@CPropStoreManager@@QAEXPAVCiStorage@@@Z
??0CColumns@@QAE@I@Z
?AcqWord@CQueryScanner@@QAEPAGXZ
?Close@CPipeClient@@IAEXXZ

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

829ab461dbffea82966ed60b559656de

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcirt

expsrv

msvcrt20

query

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 21KB - Virtual size: 79KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 308B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 21KB - Virtual size: 79KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 308B