dd799321b865a98f47370d0c6f662050_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dd799321b865a98f47370d0c6f662050_JaffaCakes118
Size

860KB
MD5

dd799321b865a98f47370d0c6f662050
SHA1

ee3529599d00d907ea108daf3a3ec2c87d299942
SHA256

c20ccfe4f6ce6df032618228b044426a9a8ab414324dd8ef218a33b05603b795
SHA512

cdc83caa78bd41f7ad562309da5955d496f6ecfcc13a6a3f774fccc687cef0c9325703a8dd9a404793b9db3a8b04fd346578ad9f6cb01fbd5f4c65e44c973ebb
SSDEEP

24576:PtAMpYFqnIWYm8XCWiTVwK6DNoyAb4VsumE:1kFqnTYm8yjVdz3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd799321b865a98f47370d0c6f662050_JaffaCakes118

Files

dd799321b865a98f47370d0c6f662050_JaffaCakes118
.exe windows:5 windows x86 arch:x86

104b072fbdbbd38a17ad5f2013d3c9d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
EnumLanguageGroupLocalesA
FreeUserPhysicalPages
GetPrivateProfileStringA
LockFile
GetUserDefaultLCID
CreateJobObjectA
VirtualAlloc
EnterCriticalSection
GenerateConsoleCtrlEvent
IsDebuggerPresent
GetVDMCurrentDirectories
InterlockedFlushSList
_lwrite
AttachConsole
GetProfileSectionW
WriteProfileStringW
QueryMemoryResourceNotification
FindFirstVolumeA
FindNextFileW
IsValidLocale
GetEnvironmentStringsW
CreateMemoryResourceNotification
LeaveCriticalSection
GetWindowsDirectoryA
EnumDateFormatsA
EnumCalendarInfoW
GlobalReAlloc
GetExitCodeProcess
SetThreadExecutionState
LoadLibraryA
GetSystemDefaultLCID
CloseHandle
GetConsoleHardwareState
IsValidCodePage
SetFileValidData

urlmon

UrlMkBuildVersion
CoInternetGetSession
AsyncInstallDistributionUnit
CreateAsyncBindCtx
IsLoggingEnabledA
FindMediaType
Extract
CoInternetCreateSecurityManager
FaultInIEFeature
CoInternetCompareUrl
CopyBindInfo
URLOpenStreamA
CoInternetGetSecurityUrl
RegisterFormatEnumerator
URLDownloadA
HlinkSimpleNavigateToMoniker
HlinkSimpleNavigateToString
AsyncGetClassBits
URLDownloadToCacheFileA
PrivateCoInstall
FindMediaTypeClass
GetClassURL
HlinkGoBack
DllGetClassObject
CoInstall
CoInternetCombineUrl
URLOpenBlockingStreamW

user32

DefWindowProcA
PostQuitMessage
RegisterClassA

msvcrt

_outpw
exit
memcmp
_lock
_wperror
__lc_codepage
_mbsset
_ismbcdigit
_setmaxstdio
_CIpow
__set_app_type
_mbccpy
_except_handler2
__p___wargv
__getmainargs
wcschr
_cscanf
wcsstr
_wexecvpe
_adj_fdiv_r
__p__mbctype
_wchmod
_spawnve
_mbctohira
_control87
_osplatform
_snscanf
_get_osfhandle
??0bad_cast@@QAE@ABQBD@Z
_getws
_mbbtype
__p__commode
_wutime
_j0
_wexecv
_wfsopen
__uncaught_exception
??0bad_cast@@QAE@ABV0@@Z

lz32

LZStart
CopyLZFile
GetExpandedNameW
LZSeek
LZCreateFileW
LZCloseFile
LZRead
LZOpenFileW
LZDone
LZInit
LZOpenFileA
GetExpandedNameA
LZCopy
LZClose

msscp

DllGetClassObject

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 519KB - Virtual size: 519KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 198KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

104b072fbdbbd38a17ad5f2013d3c9d8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

urlmon

user32

msvcrt

lz32

msscp

Sections

.text Size: 140KB - Virtual size: 140KB

.rdata Size: 519KB - Virtual size: 519KB

.data Size: 198KB - Virtual size: 1.7MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 140KB - Virtual size: 140KB

.rdata
Size: 519KB - Virtual size: 519KB

.data
Size: 198KB - Virtual size: 1.7MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B