d30a5e18190c5bb89652b359711519d0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d30a5e18190c5bb89652b359711519d0_JaffaCakes118
Size

385KB
MD5

d30a5e18190c5bb89652b359711519d0
SHA1

3ace9108bcd74b598cc8cc3d674d61742384262a
SHA256

1b5ca4e604dc37a36e79a1422609f7f272cfaa4ea6cf45e1a98ee36c3401c064
SHA512

b7e2806db5e2233f4e6f6207e4a7148155d2ab0e643177467d11df140f1030995456a4adb01a1fcfaaa5afc15e806cec216a974c940c640b23a5e0b0dc3e01bf
SSDEEP

12288:IrZox4/3XwvDuqdwdusxg6U+jjv7ZZ8orEbFu6:IrZox4/HwvDZwdvxgr4T7z8ot

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d30a5e18190c5bb89652b359711519d0_JaffaCakes118

Files

d30a5e18190c5bb89652b359711519d0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

38f2e1ac2de4d1ab7ae051af909e0061

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

_outpw
calloc
_dup2
??1bad_cast@@UAE@XZ
?xsgetn@streambuf@@UAEHPADH@Z
wcsrchr
ungetc
?dec@@YAAAVios@@AAV1@@Z
?get@istream@@QAEHXZ
??0ios@@IAE@XZ
??0bad_typeid@@QAE@ABV0@@Z
_wtmpnam
??0exception@@QAE@ABQBD@Z
?tellg@istream@@QAEJXZ
?gcount@istream@@QBEHXZ
strrchr
strcspn
free
sprintf
_fgetchar

imm32

ImmGetImeMenuItemsW
ImmEscapeA
ImmInstallIMEA
ImmGetContext
ImmCallImeConsoleIME
ImmGenerateMessage
ImmSendIMEMessageExA
ImmSetCompositionStringA
ImmGetConversionListA
ImmCreateContext
ImmGetDefaultIMEWnd
ImmTranslateMessage
ImmGetGuideLineA
ImmEnumInputContext
ImmActivateLayout
ImmIsIME
ImmWINNLSGetEnableStatus
ImmSetOpenStatus
ImmGetIMCCSize
ImmUnregisterWordA
ImmGetCompositionFontW
ImmGetCompositionStringW
ImmSimulateHotKey
ImmIMPSetIMEA

kernel32

FindFirstVolumeMountPointA
SetLastError
GetCurrentProcessId
GetExpandedNameW
LocalReAlloc
ReleaseSemaphore
SetLocaleInfoW
QueryPerformanceCounter
HeapCompact
LoadLibraryA
HeapSize
GetTickCount
CreateActCtxW
ClearCommBreak
SetComputerNameExW
IsDBCSLeadByte
GetCurrentThreadId
GetStartupInfoW
GetModuleHandleW
VirtualFreeEx
CreateSemaphoreW
CloseHandle
VirtualAlloc
DeleteVolumeMountPointA
MoveFileWithProgressW
SetConsoleNumberOfCommandsA
CreateProcessInternalA
GetConsoleCursorInfo
SetCurrentDirectoryA
GetTimeFormatA
GetConsoleAliasesW
Heap32Next
GetVDMCurrentDirectories
OpenSemaphoreA

ole32

CreateErrorInfo
OleUninitialize
IsValidPtrOut
HDC_UserSize
CoGetPSClsid
OleGetClipboard
StgOpenStorageOnHandle
CLIPFORMAT_UserUnmarshal
CoGetMalloc
CreateDataAdviseHolder
ReadOleStg
UtGetDvtd16Info
CoFreeAllLibraries
CoLockObjectExternal
CoUnmarshalHresult
CoGetInterceptorFromTypeInfo
CreateILockBytesOnHGlobal
CoGetInstanceFromFile
OleDestroyMenuDescriptor
CoTaskMemRealloc
HACCEL_UserMarshal
DoDragDrop
SNB_UserFree
CreateStreamOnHGlobal
CoGetDefaultContext
SetDocumentBitStg
CreateAntiMoniker
CoGetInstanceFromIStorage
PropStgNameToFmtId
OleRegEnumFormatEtc

cryptdlg

DllRegisterServer
DecodeAttrSequence
GetFriendlyNameOfCertW
GetFriendlyNameOfCertA
CertTrustCleanup
FormatPKIXEmailProtection
DllUnregisterServer
CertTrustCertPolicy
CertTrustFinalPolicy
CertSelectCertificateA
EncodeRecipientID
CertViewPropertiesA
CertConfigureTrustW
CertViewPropertiesW
EncodeAttrSequence
FormatVerisignExtension
DecodeRecipientID
CertConfigureTrustA
CertTrustInit
CertModifyCertificatesToTrust
CertSelectCertificateW

msvcp60

??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?nothrow@std@@3Unothrow_t@1@B
?quiet_NaN@?$numeric_limits@H@std@@SAHXZ
?imag@?$_Complex_base@M@std@@QBEMXZ
??1?$ctype@D@std@@UAE@XZ
?narrow@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEDGD@Z
??0range_error@std@@QAE@ABV01@@Z
??1?$collate@G@std@@UAE@XZ
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??1?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
_Cosh
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
?quiet_NaN@?$numeric_limits@_N@std@@SA_NXZ
??0_Timevec@std@@QAE@ABV01@@Z
??9std@@YA_NABV?$complex@M@0@0@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?setstate@ios_base@std@@QAEXH_N@Z
??1?$basic_ofstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??8std@@YA_NABV?$complex@M@0@0@Z
??Zstd@@YAAAV?$complex@O@0@AAV10@ABV10@@Z
??Kstd@@YA?AV?$complex@N@0@ABNABV10@@Z

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 296KB - Virtual size: 789KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38f2e1ac2de4d1ab7ae051af909e0061

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

imm32

kernel32

ole32

cryptdlg

msvcp60

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 296KB - Virtual size: 789KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 36KB - Virtual size: 36KB

.reloc Size: 512B - Virtual size: 232B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 296KB - Virtual size: 789KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 36KB - Virtual size: 36KB

.reloc
Size: 512B - Virtual size: 232B