d06c213c09c070af59efc4b9a791f715_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d06c213c09c070af59efc4b9a791f715_JaffaCakes118
Size

387KB
MD5

d06c213c09c070af59efc4b9a791f715
SHA1

f437152bd49864209ffc8bfe995a635943326c8f
SHA256

2d20590da99669afd7a22963749f942791156eeee64abe87598c408ecc2c2972
SHA512

2c7e1d8cd0e9bb9882f8da16d97b28323f9939a139307d8727a5ec0a0633e31ab75b67f2c62b511945722ece2247e61e0cb91e85c55120670ab4ed322e75b6fd
SSDEEP

6144:MmoCm6oTzTCGiOEX+iLnT4sG8F9A9+AOvLitYHSDcBj9RaH+01LM6c:MDFzWZfzLT4yO97giyyIBj9RaeD6c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d06c213c09c070af59efc4b9a791f715_JaffaCakes118

Files

d06c213c09c070af59efc4b9a791f715_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1108d97822a16aac690d3991a20a33e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dsound

DllGetClassObject
DirectSoundFullDuplexCreate
DirectSoundCreate8
DirectSoundCreate
DirectSoundCaptureCreate8
DirectSoundCaptureEnumerateW
GetDeviceID
DirectSoundEnumerateA
DirectSoundCaptureEnumerateA
DirectSoundEnumerateW
DirectSoundCaptureCreate

wsock32

GetTypeByNameW
connect
__WSAFDIsSet
WSASetBlockingHook
ntohl
ioctlsocket
WSAAsyncGetServByPort
WSAUnhookBlockingHook
WSAStartup
GetNameByTypeA
WSAAsyncGetProtoByNumber
getsockopt
WEP
recv
gethostname
WSACancelAsyncRequest
accept
htonl
GetServiceA
MigrateWinsockConfiguration
GetNameByTypeW
WSAIsBlocking
SetServiceW
socket
select

msvcrt40

?clog@@3Vostream_withassign@@A
putc
??_7istrstream@@6B@
?flush@@YAAAVostream@@AAV1@@Z
_wcsnicoll
__p__winminor
?sh_read@filebuf@@2HB
_seterrormode
??6ostream@@QAEAAV0@E@Z
?xsgetn@streambuf@@UAEHPADH@Z
_wspawnv
_heapwalk
_mbstrlen
?str@strstreambuf@@QAEPADXZ
??0ifstream@@QAE@HPADH@Z
??0ostream_withassign@@QAE@ABV0@@Z
_wchmod
_wcsnset
?dbp@streambuf@@QAEXXZ
?lockc@ios@@KAXXZ
fgetwc
iswcntrl
_open
frexp
_adj_fdivr_m64
strcspn
_getdrive
_fpreset
mbtowc
acos
??_Gbad_cast@@UAEPAXI@Z
??_Difstream@@QAEXXZ
_mbsnbcpy
??3@YAXPAX@Z
_tolower
?put@ostream@@QAEAAV1@E@Z

kernel32

GetAtomNameA
FindClose
PulseEvent
RegisterConsoleVDM
GetNamedPipeHandleStateW
GetBinaryTypeW
TryEnterCriticalSection
GetLocaleInfoW
WriteProfileSectionA
GetConsoleCommandHistoryW
GetSystemDirectoryW
FreeEnvironmentStringsA
SetConsoleCursor
VirtualAlloc
SetFilePointer
lstrcmpiW
FormatMessageA
FindAtomW
EnumSystemLanguageGroupsW
LoadLibraryA
OutputDebugStringA
VirtualUnlock
FindResourceA
SetLastError
GetFileAttributesW
lstrcmpiA
_lread
UpdateResourceW
SetConsoleTextAttribute
CreateNamedPipeA
AddLocalAlternateComputerNameW
GetConsoleCP
WideCharToMultiByte
GetSystemWow64DirectoryW
Module32FirstW
GetSystemDefaultLangID
GetCurrentConsoleFont
GetTapeParameters
GetVolumeNameForVolumeMountPointW
GetTickCount
GetModuleHandleExA
GetFileTime
RegisterConsoleIME
LocalAlloc
EnumSystemLanguageGroupsA
GetDriveTypeW
AddConsoleAliasW

ir41_qc

SetScalability
FreeInstanceData
CompressFramesInfo
DllMain
CompressBegin
AllocInstanceData
CompressEnd
Compress

mprapi

MprAdminUserRead
MprAdminPortClearStats
MprAdminUserReadProfFlags
MprAdminInterfaceCreate
MprInfoCreate
MprConfigTransportEnum
MprAdminIsServiceRunning
MprConfigInterfaceSetInfo
MprAdminInterfaceGetCredentials
MprConfigInterfaceTransportGetHandle
MprAdminServerGetCredentials
MprConfigInterfaceTransportEnum
MprAdminGetErrorString
MprConfigInterfaceGetHandle
MprAdminInterfaceTransportAdd
MprPortSetUsage
MprAdminUserClose
MprAdminSendUserMessage
MprGetUsrParams
MprConfigGetFriendlyName
MprAdminServerSetCredentials
MprAdminInterfaceTransportSetInfo
MprAdminMIBEntryGetNext
MprConfigServerBackup
MprAdminConnectionEnum
MprAdminPortGetInfo
MprConfigInterfaceDelete
MprAdminServerGetInfo
MprInfoBlockRemove
MprAdminIsDomainRasServer
MprAdminConnectionClearStats
MprAdminUserSetInfo
MprConfigInterfaceTransportRemove
MprAdminMIBBufferFree
MprAdminUserOpen
MprAdminUserWrite

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1108d97822a16aac690d3991a20a33e1

Headers

DLL Characteristics

File Characteristics

Imports

dsound

wsock32

msvcrt40

kernel32

ir41_qc

mprapi

Sections

.text Size: 173KB - Virtual size: 173KB

.rdata Size: 157KB - Virtual size: 157KB

.data Size: 48KB - Virtual size: 568KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 173KB - Virtual size: 173KB

.rdata
Size: 157KB - Virtual size: 157KB

.data
Size: 48KB - Virtual size: 568KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB