dffec227862550d57702d3cb0f00de67_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dffec227862550d57702d3cb0f00de67_JaffaCakes118
Size

57KB
MD5

dffec227862550d57702d3cb0f00de67
SHA1

227b677e90da950fc8e406ed79125afac81fa554
SHA256

4e7c20e9d3c18fd1ec2c50aea974b722c4f7ebce91c374e2a9dcf76c04b90e6f
SHA512

73a1af10a497d673d3d0d386d78bdaee1b6c506c77d46f24fc81a553019c187513998bee1769a738f49942292e6a5c74c5d85eab853776cb33baa002620143d5
SSDEEP

1536:B931bY3sLg5JZh1A11FT4JAdW2tompmcWq9rC6:pclh1A11FT4JAU18

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dffec227862550d57702d3cb0f00de67_JaffaCakes118

Files

dffec227862550d57702d3cb0f00de67_JaffaCakes118
.exe windows:5 windows x86 arch:x86

dd0df296614b1a1056f5a5226239f698

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

expsrv

BASIC_CLASS_GetIDsOfNames
rtcUpperCaseBstr
rtcTrimBstr
__vbaStrTextCmp
rtcVarDateFromVar
__vbaDerefAry
rtCyFromErrVar
rtBstrFromErrVar
rtcCommandVar
EVENT_SINK_Invoke
__vbaPutFxStr3
__vbaCyFix
__vbaPowerR8
__vbaVarTextCmpGt
__vbaObjSetAddref
__vbaCyAdd
__vbaRedimVar
__vbaExceptHandler
__vbaStrI2
Zombie_QueryInterface
__vbaGetFxStr3
__vbaNextEachCollObj
rtcChoose
rtcSaveSetting
__vbaRecAnsiToUni
__vbaVarTstNe

sqlunirl

_GetClassInfoEx_@12
_CreateMDIWindow_@40
AbortSystemShutdown_
_GetUnicodeRedirectionLayer@0
_NDdeShareAdd_@20
_DlgDirList_@20
_GetDlgItemText@16
_CreateEnhMetaFile_@16
_ExtractAssociatedIcon_@12
_DialogBoxIndirectParam_@20
_GetProcAddress_@8
_DefWindowProc@16
_GetCharWidth_@16
_ChooseColor_@4
_SendDlgItemMessage@20
_GetBinaryType_@8
_DeleteFile@4
_RegEnumValue_@32
_MAKEINTRESOURCE@4
_EnumFontFamiliesEx_@20
_ShellAbout_@16
_AddFontResource_@4
_SetClassLong_@12
_GetDiskFreeSpaceEx_@16
_RegDeleteValue_@8
_EnumPropsEx_@12
_ReplaceText_@4
_OpenWaitableTimer_@12
_SetEnvironmentVariable_@8
_RegQueryValueEx_@24

kernel32

LoadModule
EnterCriticalSection
FillConsoleOutputAttribute
HeapFree
WriteFile
BaseFlushAppcompatCache
GetLargestConsoleWindowSize
FlushFileBuffers
GetNumberOfConsoleInputEvents
GetProcessHeaps
GetEnvironmentStringsA
EnumSystemCodePagesA
GetConsoleScreenBufferInfo
GetSystemWow64DirectoryW
OpenConsoleW
LoadLibraryA
GetProfileIntW
GlobalUnfix
HeapSummary
VirtualAlloc
SetTimerQueueTimer
GetThreadTimes
GetLongPathNameW
HeapCreate

wininet

GetUrlCacheEntryInfoExA
InternetAutodial
InternetSetStatusCallbackW
FindCloseUrlCache
CreateUrlCacheContainerW
InternetSetCookieExA
FtpCommandA
FtpRenameFileW
DeleteUrlCacheEntryW
GetUrlCacheEntryInfoA
FtpPutFileW
UpdateUrlCacheContentPath
FtpOpenFileW
CreateUrlCacheEntryA
FindFirstUrlCacheContainerA
InternetWriteFileExW
SetUrlCacheEntryGroupW
CreateUrlCacheContainerA
InternetAlgIdToStringA
InternetAutodialCallback
FtpSetCurrentDirectoryW
SetUrlCacheEntryGroupA
InternetUnlockRequestFile

wmvcore

WMCreateBackupRestorerPrivate
WMCreateIndexer
WMCreateWriterNetworkSink
WMValidateData
WMCreateProfileManager
WMCreateEditor
WMCreateReaderPriv
WMCreateWriterPriv
WMCheckURLExtension
DllRegisterServer
WMCreateWriterFileSink

msvcrt40

??0stdiostream@@QAE@ABV0@@Z
_nextafter
strftime
?fLockcInit@ios@@0HA
strxfrm
??2@YAPAXI@Z
__p__tzname
_statusfp
?get@istream@@QAEAAV1@PAEHD@Z
fputc
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
printf
??_Ebad_cast@@UAEPAXI@Z
?overflow@stdiobuf@@UAEHH@Z
_safe_fdivr
_telli64
_wrename
_ftime
??1streambuf@@UAE@XZ
_adj_fdiv_m16i
_ismbcspace
??_8strstream@@7Bostream@@@
_cexit
_yn

rnr20

NSPStartup

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd0df296614b1a1056f5a5226239f698

Headers

DLL Characteristics

File Characteristics

Imports

expsrv

sqlunirl

kernel32

wininet

wmvcore

msvcrt40

rnr20

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 19KB - Virtual size: 87KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 208B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 19KB - Virtual size: 87KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 208B