d28fe04ff26c04a3b838e237274b41d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d28fe04ff26c04a3b838e237274b41d1_JaffaCakes118
Size

382KB
MD5

d28fe04ff26c04a3b838e237274b41d1
SHA1

5db323afbbecaddf15523c6bd8a8542f1feeb12d
SHA256

15286cb0e073c44ef41d7ec6926b6d20505e5c4620bdda5ff783c6bebf4da9fe
SHA512

100825de35b6a804fddd5c35aac9bf7f5fc1d687463728f7b67c303b39805b29a612be583da025daf49a6bddc91db012a4aca58063cb22422020af48d52b317e
SSDEEP

6144:W40/WPGePswrWj0olYAGs8n4pdmxwtfb/KsiMjfYTGEYxMLrtzeRGLqH:w/ktk3DYLsxdmaWsjOGqGGL8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d28fe04ff26c04a3b838e237274b41d1_JaffaCakes118

Files

d28fe04ff26c04a3b838e237274b41d1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0dcf463f9c280d3570b4bbbc8b97062f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsW
GetDiskFreeSpaceW
QueryPerformanceCounter
FindNextChangeNotification
RtlCaptureStackBackTrace
WritePrivateProfileSectionA
DeviceIoControl
CreateJobSet
SetTapeParameters
LocalAlloc
GetFullPathNameW
OpenJobObjectA
lstrcpyn
GetDriveTypeA
GetNamedPipeInfo
GetComputerNameW
AddAtomW
GetPrivateProfileSectionW
FreeLibraryAndExitThread
EndUpdateResourceW
GetConsoleNlsMode
GetNumaHighestNodeNumber
CallNamedPipeW
RegisterConsoleOS2
GetCommModemStatus
HeapCreate
SetMailslotInfo
SystemTimeToTzSpecificLocalTime
GetCurrentThread
GetSystemWow64DirectoryW
LoadLibraryA
SetLocaleInfoA
SetCurrentDirectoryW
LZCopy
VirtualAlloc
DeleteTimerQueueEx
CreateJobObjectA
RegisterConsoleIME
GetPrivateProfileStructW
LoadResource
GetConsoleAliasExesLengthA
GetSystemInfo
GetExitCodeThread
FindFirstVolumeMountPointW
HeapDestroy
OpenJobObjectW
GetCommandLineA
GetComPlusPackageInstallStatus
BuildCommDCBW
GetCommTimeouts
GetCurrentProcess
LockFile
GetConsoleCharType
CreateProcessInternalA
SetComputerNameW
SetFileShortNameA
ReplaceFileA
RtlFillMemory
VirtualFree
VirtualAllocEx
BaseCheckAppcompatCache
SetConsoleTextAttribute
DeleteVolumeMountPointW
CreateDirectoryA
GetVolumePathNameW
GetSystemTime
GetComputerNameExW
VerifyVersionInfoW
IsDBCSLeadByte

msvcrt40

_execve
_ismbbpunct
wcsftime
__unDName
??1stdiobuf@@UAE@XZ
_fpreset
_heapmin
??_7fstream@@6B@
setbuf
strncpy
_mbsnbcmp
??_Gbad_cast@@UAEPAXI@Z
malloc
?setf@ios@@QAEJJ@Z
_lseek
__p__pgmptr
_pctype
_pipe
_execle
_utime
_lseeki64
?overflow@filebuf@@UAEHH@Z
?openprot@filebuf@@2HB
_CIatan2
_inp
_EH_prolog
__p__winver
_wfdopen
?str@istrstream@@QAEPADXZ
strchr
??5istream@@QAEAAV0@PAC@Z
??4ostream_withassign@@QAEAAVostream@@PAVstreambuf@@@Z
??4istream_withassign@@QAEAAV0@ABV0@@Z
_wgetdcwd
strerror

gdi32

DdEntry7
DdEntry38
GdiAddFontResourceW
DdEntry30
EngStrokeAndFillPath
GetMapMode
CreateEnhMetaFileW
EndDoc
DdEntry24
GetKerningPairsW
GdiValidateHandle
PATHOBJ_vEnumStart
GetTransform
PolyPatBlt
GetBrushOrgEx
PolyTextOutW
GetGraphicsMode
PolyTextOutA
ExtEscape
GdiIsMetaFileDC
SetColorSpace
GetGlyphOutline
Rectangle
DeleteDC
SetBitmapAttributes
EngUnlockSurface
DdEntry49
SetWindowExtEx
SelectPalette
FloodFill
GetViewportExtEx
CreateFontIndirectExA
PATHOBJ_bEnum

msvcrt

_aligned_free
?set_new_handler@@YAP6AXXZP6AXXZ@Z
malloc
__p__osver
_getwch
islower
__CxxQueryExceptionSize
_wctime
_scwprintf
fread
_fileno
__toascii
_lrotl
__p__mbcasemap
_j1
_strtime
raise
mbstowcs
_copysign
vswprintf
_wstati64
_resetstkoflw
_msize
_CItanh
_wcsicoll
mktime
fgetws
_mbsbtype
__lc_codepage
_commode
_chsize
_telli64
_adj_fdivr_m32
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_controlfp
_safe_fprem1
_strrev

crypt32

CryptCreateKeyIdentifierFromCSP
CertGetIntendedKeyUsage
CertIsValidCRLForCertificate
CertRegisterSystemStore
CertFreeCertificateContext
I_CryptReleaseLruEntry
CertEnumSystemStore
CryptSIPRemoveProvider
CryptEncryptMessage
CryptMsgVerifyCountersignatureEncodedEx
I_CryptEnumMatchingLruEntries
I_CryptFreeTls
CertFindChainInStore
CryptUnregisterDefaultOIDFunction
CertGetCertificateChain
CryptRegisterOIDFunction
CryptGetKeyIdentifierProperty
CertFreeCRLContext
CryptLoadSip
CertOpenStore
CertVerifyCRLTimeValidity
I_CryptFlushLruCache
CryptVerifySignatureU
CryptSIPCreateIndirectData
PFXExportCertStore
CryptSIPLoad
CryptMsgVerifyCountersignatureEncoded
CertAddSerializedElementToStore
CertVerifyRevocation
CryptEnumOIDInfo
CryptSignAndEncodeCertificate
CryptQueryObject
CryptFormatObject
CryptSetOIDFunctionValue
CryptGetAsyncParam

user32

CallWindowProcA
AdjustWindowRectEx
CalcMenuBar
SetWinEventHook
DlgDirSelectComboBoxExW
ValidateRgn
EnumDisplaySettingsW
SetDlgItemInt
GetKeyState
GetWindowModuleFileNameA
CallMsgFilter
GetDlgCtrlID
DlgDirSelectExW
CopyIcon
CopyAcceleratorTableA
RegisterClipboardFormatA
InternalGetWindowText
ToUnicode
GetWindowRgnBox
PostQuitMessage
DispatchMessageW
AnyPopup
GetDlgItem
GrayStringW
ScrollWindow
GetMenuItemCount
RegisterClassW
GetKeyboardType
LoadStringA
GetUpdateRgn
SetScrollInfo
DefWindowProcW
ChangeDisplaySettingsExA
GetWindowContextHelpId

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 579KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0dcf463f9c280d3570b4bbbc8b97062f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt40

gdi32

msvcrt

crypt32

user32

Sections

.text Size: 79KB - Virtual size: 79KB

.rdata Size: 123KB - Virtual size: 123KB

.data Size: 512B - Virtual size: 579KB

.rsrc Size: 177KB - Virtual size: 177KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 79KB - Virtual size: 79KB

.rdata
Size: 123KB - Virtual size: 123KB

.data
Size: 512B - Virtual size: 579KB

.rsrc
Size: 177KB - Virtual size: 177KB

.reloc
Size: 1KB - Virtual size: 1KB