d1981134d801a385e5437bdc2b6e92bb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d1981134d801a385e5437bdc2b6e92bb_JaffaCakes118
Size

84KB
MD5

d1981134d801a385e5437bdc2b6e92bb
SHA1

c65c71ae4739a499d518fec37edbd3217f23436e
SHA256

4bd2caa17888039df48e2368cf0e03accab800c9b7f5a45ccd79be2a9ef1c11f
SHA512

52510212d83454f8677e852cfd230088ac4988025da73ae4e66956a94a4429a2fa8b921e091e232b02e300ee5f9c091e27aa20b8bd4493ec91f09253cba10d11
SSDEEP

1536:qY6Trr9+GIrAdf0RBBoxE0dyTdKq/bIT+5wOpXKv0tY1cH6C8PwHStGe5ZEY:qBrErAx0jBIEFT8q/bIUjXKtOHL8IYFp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1981134d801a385e5437bdc2b6e92bb_JaffaCakes118

Files

d1981134d801a385e5437bdc2b6e92bb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f91628697c982560bc5beab4ec71ee32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
SetConsoleLocalEUDC
VirtualAlloc
DeleteTimerQueueTimer
WriteConsoleA
GetEnvironmentStringsA
CancelWaitableTimer
InterlockedIncrement
HeapCreate
GetLastError
GetSystemTimeAsFileTime
IsDBCSLeadByte
VDMConsoleOperation
GetCurrentThreadId
GetCurrentProcessId
GetSystemPowerStatus
LoadLibraryA
GetDevicePowerState
GetStartupInfoA
BaseDumpAppcompatCache
GetTickCount

expsrv

__vbaLateMemCallSt
__vbaVarIndexStore
__vbaVarCat
rtcSendKeys
__vbaLsetFixstr
rtcSwitch
rtcBstrFromByte
__vbaCySub
rtcGetMonthOfYear
__vbaVarIndexLoad
rtcOctBstrFromVar
rtcFileLen
__vbaCyAbs
rtcGetDateVar
rtcSetTimeVar
__vbaStrErrVarCopy
_CIsin
__vbaVarLikeVar
__vbaI2Sgn
__vbaR8IntI2
__vbaFreeVar
rtcMakeDir

msvcrt40

_mbscmp
??_Gbad_cast@@UAEPAXI@Z
_initterm
?get@istream@@IAEAAV1@PADHH@Z
_wenviron
??0streambuf@@QAE@ABV0@@Z
srand
??5istream@@QAEAAV0@PAE@Z
??0exception@@QAE@XZ
??1Iostream_init@@QAE@XZ
_wopen
?ignore@istream@@QAEAAV1@HH@Z
??0strstream@@QAE@ABV0@@Z
_execl
_strncoll
fmod
??0filebuf@@QAE@XZ
??0ostream@@IAE@ABV0@@Z
?underflow@strstreambuf@@UAEHXZ
_mbsnbcoll
??_8strstream@@7Bostream@@@
??4strstreambuf@@QAEAAV0@ABV0@@Z
?x_curindex@ios@@0HA
_sopen
iswascii
??_7strstream@@6B@

certcli

CAGetCertTypeFlagsEx
CASetCertTypeKeySpec
CASetCAProperty
CAGetDN
CAGetCertTypeFlags
CAAccessCheck
DllRegisterServer
CAOIDSetProperty
CAGetCertTypeExpiration
CACertTypeRegisterQuery
CAOIDAdd
CACreateCertType
CACountCertTypes
CACertTypeAccessCheck
CAEnumNextCA
CASetCAExpiration

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f91628697c982560bc5beab4ec71ee32

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

expsrv

msvcrt40

certcli

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 17KB - Virtual size: 50KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 308B

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 17KB - Virtual size: 50KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 308B