d4d9924ef54c2e7ba0c93b632e653989_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d4d9924ef54c2e7ba0c93b632e653989_JaffaCakes118
Size

63KB
MD5

d4d9924ef54c2e7ba0c93b632e653989
SHA1

6212660972a780397da4e09f7f0fac980ff70456
SHA256

bcb77b0b8e5b1e335eebb92bafc02311bb2f11db9f2e78b360c4d3132394c5c2
SHA512

62ecfd2f3bf425b422a1c612f227700e8b662551cca01d93ce2415a30d35ad898f44c86d746920375c0e71eff441234e1a5ad2a86b7dd8bcccc54ed3bdf01c93
SSDEEP

1536:WmAqaG5elr6tz/y2uDrBpf3WNsclQ9WAvPM589qP:Wm9Xelr6tz/y2u1p6scC93vPqP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4d9924ef54c2e7ba0c93b632e653989_JaffaCakes118

Files

d4d9924ef54c2e7ba0c93b632e653989_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9838773c8dfe91171e7d28f5dcd7b507

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PostQuitMessage
RegisterClassW
DefWindowProcW

lz32

GetExpandedNameA
LZStart
CopyLZFile
LZSeek
LZInit
LZOpenFileA
LZCloseFile
LZClose
LZCopy
LZOpenFileW
LZDone
LZRead

gdi32

GetClipRgn
DdEntry20
GetRelAbs
GetBrushAttributes
BRUSHOBJ_ulGetBrushColor
EngDeletePath
CopyEnhMetaFileW
WidenPath
EnumFontFamiliesA
SetVirtualResolution
BeginPath
DdEntry0
DdEntry1
GetRasterizerCaps
SetColorAdjustment
EngTextOut
GetTextCharset
SetViewportOrgEx
GetAspectRatioFilterEx
GdiInitSpool
DdEntry27
GetNearestPaletteIndex
DdEntry26
UnrealizeObject
DdEntry7
InvertRgn
DeleteEnhMetaFile
EnableEUDC
GdiReleaseDC
GetKerningPairsA
Chord

msdart

?GetSpinCount@CReaderWriterLock3@@QBEGXZ
?sm_wDefaultSpinCount@CReaderWriterLock@@1GA
MpHeapReAlloc
?SetDefaultSpinCount@CSpinLock@@SGXG@Z
?IsWriteLocked@CSmallSpinLock@@QBE_NXZ
??4CReaderWriterLock2@@QAEAAV0@ABV0@@Z
?sm_llGlobalList@CLKRHashTable@@0VCLockedDoubleList@@A
?_DeleteRecord@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@PBXK@Z
?Unlock@CLockedDoubleList@@QAEXXZ
?GetDefaultSpinCount@CCritSec@@SGGXZ
?IsReadLocked@CLKRHashTable@@QBE_NXZ
?_H0@CLKRLinearHashTable@@CGKKK@Z
?Unlock@CLockedSingleList@@QAEXXZ
?IsWriteUnlocked@CCritSec@@QBE_NXZ
?SetSpinCount@CReaderWriterLock3@@QAE_NG@Z
?SetSpinCount@CReaderWriterLock@@QAE_NG@Z
?_Expand@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?_TryReadLockRecursive@CReaderWriterLock3@@AAE_NXZ
?ConvertSharedToExclusive@CLKRLinearHashTable@@QBEXXZ
?ReadLock@CLKRLinearHashTable@@QBEXXZ
?ReadUnlock@CSpinLock@@QAEXXZ
?_ReadLockSpin@CReaderWriterLock2@@AAEXXZ
?TryReadLock@CSmallSpinLock@@QAE_NXZ
?SetTableLockSpinCount@CLKRHashTable@@QAEXG@Z
?SetSpinCount@CCritSec@@QAE_NG@Z
?SetSpinCount@CCritSec@@SGKPAPAVCCriticalSection@@K@Z
?CheckTable@CLKRHashTable@@QBEHXZ
?GetDefaultSpinAdjustmentFactor@CFakeLock@@SGNXZ
?WriteLock@CReaderWriterLock2@@QAEXXZ
MpHeapDestroy
?DeleteIf@CLKRHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1@Z
?TryReadLock@CReaderWriterLock@@QAE_NXZ
?SetDefaultSpinCount@CFakeLock@@SGXG@Z
??4CSpinLock@@QAEAAV0@ABV0@@Z
?_ReadOrWriteLock@CLKRLinearHashTable@@ABE_NXZ
?WriteUnlock@CSpinLock@@QAEXXZ
?IsReadUnlocked@CLKRLinearHashTable@@QBE_NXZ
?_LockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
?_ExtractKey@CLKRHashTable@@ABE?BKPBX@Z
?IsReadLocked@CLKRLinearHashTable@@QBE_NXZ
?sm_llGlobalList@CLKRLinearHashTable@@0VCLockedDoubleList@@A
?_InsertThisIntoGlobalList@CLKRHashTable@@AAEXXZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock@@1NA
?sm_dblDfltSpinAdjFctr@CFakeLock@@1NA
??4CDoubleList@@QAEAAV0@ABV0@@Z

msvcirt

?pword@ios@@QBEAAPAXH@Z
?unlockbuf@ios@@QAAXXZ
?put@ostream@@QAEAAV1@D@Z
??0strstreambuf@@QAE@PAEH0@Z
?out_waiting@streambuf@@QBEHXZ
??4istream@@IAEAAV0@ABV0@@Z
?x_lockc@ios@@0U_CRT_CRITICAL_SECTION@@A
??0istream_withassign@@QAE@XZ
?unbuffered@streambuf@@IBEHXZ
??7ios@@QBEHXZ
?write@ostream@@QAEAAV1@PBEH@Z
?setmode@fstream@@QAEHH@Z
??_7fstream@@6B@
??4ostrstream@@QAEAAV0@ABV0@@Z
??_Efilebuf@@UAEPAXI@Z
??_Gstreambuf@@UAEPAXI@Z
??_8fstream@@7Bistream@@@
?flush@ostream@@QAEAAV1@XZ
??0ostrstream@@QAE@PADHH@Z
?overflow@filebuf@@UAEHH@Z
??_Elogic_error@@UAEPAXI@Z
?eatwhite@istream@@QAEXXZ
?sh_write@filebuf@@2HB
??1istream@@UAE@XZ
?eof@ios@@QBEHXZ
??5istream@@QAEAAV0@AAM@Z
??6ostream@@QAEAAV0@PBC@Z
?get@istream@@QAEHXZ
??6ostream@@QAEAAV0@K@Z
??_7iostream@@6B@
?dbp@streambuf@@QAEXXZ
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
?getint@istream@@AAEHPAD@Z
??_Eifstream@@UAEPAXI@Z
??_Distrstream@@QAEXXZ
?x_curindex@ios@@0HA
??_Efstream@@UAEPAXI@Z

msvcrt

ferror
_chsize
_adj_fdivr_m16i
_wcmdln
_ismbblead
fsetpos
wcstoul
qsort
strtol
_ltow
__getmainargs
_wspawnlpe
?unexpected@@YAXXZ
_chmod
_mbctype
_mbclen
modf
__set_app_type
_wgetdcwd
_adjust_fdiv
_mbsupr
_execvp
_findclose
_wstati64
_utime64
_chdir
??0bad_cast@@QAE@ABQBD@Z
_wexecl
__p__commode
exit
__p___initenv
_wspawnvpe

kernel32

SignalObjectAndWait
GetNumaNodeProcessorMask
WaitForSingleObjectEx
CallNamedPipeW
LZOpenFileW
LeaveCriticalSection
GetLogicalDriveStringsA
VirtualAlloc
GetNextVDMCommand
GetSystemDefaultLCID
AttachConsole
WriteFileGather
GetLocalTime
FormatMessageA
_lwrite
GetUserDefaultLCID
GetCommModemStatus
GetEnvironmentStringsA
WaitForMultipleObjectsEx
IsValidCodePage
lstrcatA
CreateActCtxA
QueueUserAPC
HeapSetInformation
ConvertThreadToFiber
ReadDirectoryChangesW
IsValidLocale
IsDebuggerPresent
RtlCaptureStackBackTrace
IsSystemResumeAutomatic
GetPrivateProfileStructA
GetVolumeInformationA
InterlockedIncrement
lstrcpyA
FillConsoleOutputCharacterW
AddConsoleAliasA
InitializeCriticalSectionAndSpinCount
GlobalAddAtomA
LoadLibraryA
GetPrivateProfileSectionNamesW
GetExitCodeThread
EnterCriticalSection
ShowConsoleCursor

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9838773c8dfe91171e7d28f5dcd7b507

Headers

DLL Characteristics

File Characteristics

Imports

user32

lz32

gdi32

msdart

msvcirt

msvcrt

kernel32

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 59KB - Virtual size: 223KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 59KB - Virtual size: 223KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB