db5feadfa527c58ed5cd39c9da078d6e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

db5feadfa527c58ed5cd39c9da078d6e_JaffaCakes118
Size

84KB
MD5

db5feadfa527c58ed5cd39c9da078d6e
SHA1

6c3708b168c3c0493907451c3640a576369cbd53
SHA256

1d5d4a21378fbbfead81d16c240e4a4a420e484bf868fd4a9294048743f468c8
SHA512

f4760975188df235e7b3bf7eaee8cdfe0ecacbe9bafb1432a1e587fe6f603c2d7caad866169cdffa8d0760d245cf21dad84a3d8ecf558295b3bbad2cdaef0f4a
SSDEEP

1536:C6F+u3aKGoCNqK+/0EYi6Rj0xOrUHXvW0V1r8e8JJdSkDzOUjJOPGOBtfY:CqqrZqKE0EYDRj0b+0V1rTydfdmxY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db5feadfa527c58ed5cd39c9da078d6e_JaffaCakes118

Files

db5feadfa527c58ed5cd39c9da078d6e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c809abd40a189b4954695b7c5322b9e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
LoadLibraryA
RtlMoveMemory
GetLastError
FindNextVolumeA
SetFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetVolumePathNameA
GetThreadPriorityBoost
SetVolumeLabelW
GetCurrentThreadId
CreateIoCompletionPort
VirtualAlloc
SetConsoleMode
WriteTapemark
HeapCreate
GetCurrentProcessId
GetProcessAffinityMask
GetTickCount

mfcsubs

?RemoveKey@CMapStringToPtr@@QAEHPBG@Z
?SpanIncluding@CString@@QBE?AV1@PBG@Z
?FormatMessageW@CString@@QAAXIZZ
?MakeLower@CString@@QAEXXZ
?Release@CString@@KGXPAUCStringData@@@Z
?GetStartPosition@CMapStringToPtr@@QBEPAU__POSITION@@XZ
?GetBufferSetLength@CString@@QAEPAGH@Z
??ACMapStringToPtr@@QAEAAPAXPBG@Z
??4CString@@QAEABV0@PBE@Z
?SetAtGrow@CStringArray@@QAEXHPBG@Z
?AssignCopy@CString@@IAEXHPBG@Z
??BCString@@QBEPBGXZ
?ConcatInPlace@CString@@IAEXHPBG@Z
??0CString@@QAE@PBE@Z
??4CString@@QAEABV0@PBD@Z
?IsEmpty@CString@@QBEHXZ
?CopyBeforeWrite@CString@@IAEXXZ
??1CSyncObject@@UAE@XZ

rasapi32

DwEnumEntryDetails
RasGetSubEntryPropertiesW
RasGetHport
DwRasUninitialize
RasQuerySharedConnection
RasConnectionNotificationW
RasGetSubEntryHandleA
RasGetSubEntryHandleW
RasInvokeEapUI
RasGetEntryHrasconnW
RasCreatePhonebookEntryW
RasClearConnectionStatistics
RasSetCustomAuthDataA
RasSetAutodialAddressW
RasGetAutodialEnableA

msvcrt20

_mbsncmp
_mkdir
?binary@filebuf@@2HB
?sync@streambuf@@UAEHXZ
_sys_errlist
_mbsnbcat
vsprintf
cos
_ungetch
_ismbcupper
vswprintf
_spawnvp
_wspawnve
??0strstreambuf@@QAE@XZ
?good@ios@@QBEHXZ
_fstat
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
??_Gstrstreambuf@@UAEPAXI@Z
??_Eofstream@@UAEPAXI@Z

ntdll

ZwFreeUserPhysicalPages
RtlGetNativeSystemInformation
NtQueryInformationToken
RtlSetAttributesSecurityDescriptor
_wcsupr
NtQueryEvent
RtlDebugPrintTimes
NtSetSecurityObject
_CIpow
RtlDestroyAtomTable
RtlDeleteAtomFromAtomTable
RtlSetMemoryStreamSize
RtlAnsiCharToUnicodeChar

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c809abd40a189b4954695b7c5322b9e6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mfcsubs

rasapi32

msvcrt20

ntdll

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 17KB - Virtual size: 55KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 340B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 17KB - Virtual size: 55KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 340B