d510346073b68bf33128dfea6870fc42_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d510346073b68bf33128dfea6870fc42_JaffaCakes118
Size

861KB
MD5

d510346073b68bf33128dfea6870fc42
SHA1

cf24acd84323456bfe91e448fd1ddfa735a4d7d9
SHA256

f1c906f930672454c5c65c6207004dbfcc159665468be83220279d49ceb0399f
SHA512

f68c72eb322b18bfa070a2674e114f46ce04e06a122f1812570f313ce9f2d26565e8011e1e025a679dfe69e226fe7bbf8dc3be5eb0c4b46ecd87d244a8e76755
SSDEEP

12288:DQeiH+TTEJGgitwEV1LlIaZ7WSrsWiPime/rEZI+ySn+3R0lJymKylBguDuvAiia:GwQ6ZlBiSpiPHe/rS+301W0u4TPUD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d510346073b68bf33128dfea6870fc42_JaffaCakes118

Files

d510346073b68bf33128dfea6870fc42_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9e3ce9d6f969bfaf30908d7ed4b1aba7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AddAtomA
SetFileTime
GetTickCount
WritePrivateProfileStringW
SetConsoleMaximumWindowSize
GetModuleHandleA
SetFileApisToOEM
InterlockedIncrement
SetFileAttributesA
VirtualAlloc
GlobalHandle
WriteConsoleW
ReadDirectoryChangesW
GetDiskFreeSpaceExW
CreateSemaphoreW
SetSystemPowerState
DeleteFileA
GetLocaleInfoW
LocalCompact
UTRegister
PostQueuedCompletionStatus
GetCommModemStatus
RequestWakeupLatency
LoadLibraryA
EnumResourceTypesA
SetLastError
RegisterConsoleOS2
FindNextVolumeMountPointA
GetLargestConsoleWindowSize
SetConsoleScreenBufferSize
TransactNamedPipe
SetDefaultCommConfigW
GetShortPathNameW
UnregisterWait
GetFullPathNameA
QueryDosDeviceW
GetSystemDefaultLangID
GetGeoInfoW
OutputDebugStringA
EnumDateFormatsW
LocalAlloc
WaitForMultipleObjects
HeapSize
FatalAppExitW
SetCalendarInfoA

dhcpsapi

DhcpEnumSubnetClientsV4
DhcpSetOptionValueV5
DhcpGetClientInfoV4
DhcpScanMDatabase
DhcpRemoveOptionValue
DhcpServerSetDnsRegCredentials
DhcpSetServerBindingInfo
DhcpServerSetConfig
DhcpRemoveOption
DhcpGetMibInfo
DhcpGetOptionValue
DhcpSetSuperScopeV4
DhcpSetSubnetInfo
DhcpEnumSubnets
DhcpGetOptionValueV5
DhcpServerBackupDatabase
DhcpGetAllOptionValues
DhcpRemoveOptionV5
DhcpServerRestoreDatabase
DhcpSetOptionInfo
DhcpGetSubnetInfo
DhcpSetClientInfo
DhcpGetSuperScopeInfoV4
DhcpRemoveSubnetElementV4
DhcpServerGetConfigV4
DhcpAuditLogGetParams
DhcpEnumSubnetClientsV5
DhcpSetOptionInfoV5
DhcpDeleteSubnet
DhcpCreateClass
DhcpCreateOptionV5
DhcpDeleteServer
DhcpDeleteMScope
DhcpGetClassInfo
DhcpEnumSubnetElementsV5
DhcpSetOptionValue
DhcpServerSetConfigV4
DhcpAddMScopeElement
DhcpEnumClasses
DhcpEnumSubnetClients
DhcpServerQueryDnsRegCredentials

msvcrt40

_strcmpi
_CIexp
__unDName
ldexp
_wfindfirst
putchar
??4istream@@IAEAAV0@PAVstreambuf@@@Z
??0ofstream@@QAE@PBDHH@Z
islower
_adj_fpatan
??_Dostrstream@@QAEXXZ
??_Eistream@@UAEPAXI@Z
_outp
??_G__non_rtti_object@@UAEPAXI@Z
fseek
acos
_adj_fdivr_m64
?sync@filebuf@@UAEHXZ
isxdigit
??Bios@@QBEPAXXZ
??_Dstdiostream@@QAEXXZ
__p__pctype
??_Eexception@@UAEPAXI@Z
?get@istream@@QAEAAV1@PACHD@Z
_except_handler3
??_Eifstream@@UAEPAXI@Z
_EH_prolog

ntdll

cos
NtQueryInformationJobObject
NtUnloadDriver
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeN
RtlEnlargedUnsignedMultiply
wcsncpy
NtCreateJobSet
RtlQueryTagHeap
NtSetDefaultLocale
ZwOpenObjectAuditAlarm
ZwContinue
RtlCreateTimerQueue
RtlLockBootStatusData
RtlInitUnicodeStringEx
RtlpNtEnumerateSubKey
NtSetSystemEnvironmentValue
RtlIpv6StringToAddressW
RtlInitializeSid
ZwSetSystemInformation
NtAlertResumeThread
RtlCompareString
strspn
NtClose
RtlCreateActivationContext
NtSetTimer

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e3ce9d6f969bfaf30908d7ed4b1aba7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

dhcpsapi

msvcrt40

ntdll

Sections

.text Size: 342KB - Virtual size: 342KB

.rdata Size: 349KB - Virtual size: 349KB

.data Size: 165KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 342KB - Virtual size: 342KB

.rdata
Size: 349KB - Virtual size: 349KB

.data
Size: 165KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB