e1de4bbb20562871f90483d6386ad057_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e1de4bbb20562871f90483d6386ad057_JaffaCakes118
Size

863KB
MD5

e1de4bbb20562871f90483d6386ad057
SHA1

706a3a3596f18180d7df41f3e3d7e3c7802f4951
SHA256

bdbf9d61ec158980ccbad62d5779e692f6f9df735e51843b4b984387f1351318
SHA512

cecddc6cef79d3bdc9f52852eb49e93c0a5a23eecdd8f939fb0224048fd6bd7054448f8659729780be417c7183fff08622b5b034522de04f407911f424c38108
SSDEEP

24576:m5VQcL8Uuv3oNonmaNt2p9aXZlFpXx9HL++D02W54:6QwJkFnmaNI9svjXxVLBU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1de4bbb20562871f90483d6386ad057_JaffaCakes118

Files

e1de4bbb20562871f90483d6386ad057_JaffaCakes118
.exe windows:5 windows x86 arch:x86

34d46d3f259cadb35cead001fbda3fbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_fstati64
vprintf
_mbcjistojms
__p___mb_cur_max
_ultoa
_strdup
__p__fmode
__setusermatherr
_wspawnve
_stat64
wprintf
__getmainargs
getenv
_wutime64
_mbslwr
putwchar
wcsxfrm
_wcsncoll
__p__amblksiz
_ungetwch
__p__commode
exit
_mbsnbicmp
_filelength
_outpd
__set_app_type
_statusfp
_fputchar
fprintf
ldexp
_mbcasemap
isdigit
_mbcjmstojis
_isctype
isupper
fgetpos
___setlc_active_func
_pgmptr
wcsstr
_mbccpy
_wcserror
_winminor
getchar
_umask
wcscat
_mbsnicoll

lz32

LZCloseFile
LZCreateFileW
LZOpenFileA
LZSeek
GetExpandedNameW
LZStart
LZCopy
LZClose
LZInit
LZRead
CopyLZFile
LZOpenFileW
LZDone
GetExpandedNameA

kernel32

TlsSetValue
AddLocalAlternateComputerNameW
EnumResourceLanguagesA
GetCompressedFileSizeA
GetCompressedFileSizeW
_lclose
SetUserGeoID
IsDebuggerPresent
ReadConsoleOutputA
GetDiskFreeSpaceExA
LZSeek
HeapValidate
UnregisterConsoleIME
EscapeCommFunction
WTSGetActiveConsoleSessionId
GetLastError
GetFirmwareEnvironmentVariableW
EnumSystemCodePagesW
GetConsoleOutputCP
GetDateFormatA
SetVDMCurrentDirectories
GetStringTypeA
BeginUpdateResourceA
FindActCtxSectionStringA
VirtualAlloc
Thread32Next
SetConsoleMenuClose
GetNumaProcessorNode
lstrcmpiW
FindAtomW
CloseConsoleHandle
InitializeCriticalSectionAndSpinCount
FatalAppExitA
IsWow64Process
SetInformationJobObject
SetFileTime
IsValidLocale
RaiseException
SetConsoleTitleW
QueryMemoryResourceNotification
GetExitCodeThread
WriteConsoleW
IsBadHugeReadPtr
FindResourceExW
EnumSystemLanguageGroupsW
VerifyConsoleIoHandle
Module32NextW
BindIoCompletionCallback
FreeLibraryAndExitThread
GetTempFileNameA
SetMessageWaitingIndicator
Heap32First
FlushConsoleInputBuffer
ExpandEnvironmentStringsW
EnterCriticalSection
GetLongPathNameW
LoadResource
SetFileValidData
WriteProfileSectionA
SetCriticalSectionSpinCount
InterlockedFlushSList
LoadLibraryA
MapUserPhysicalPages
SetLocalPrimaryComputerNameA
CreateToolhelp32Snapshot
PrivMoveFileIdentityW
GlobalFree
InitializeSListHead
LeaveCriticalSection
BuildCommDCBAndTimeoutsW
AllocConsole

msvcrt40

_controlfp
??_Giostream@@UAEPAXI@Z
??0filebuf@@QAE@XZ
_mbctolower
??0__non_rtti_object@@QAE@ABV0@@Z
tolower
?isfx@istream@@QAEXXZ
??1Iostream_init@@QAE@XZ
_mbsbtype
__p__mbctype
_flsbuf
_fpreset
_fstati64
mbtowc
mbstowcs
_control87
fwrite
?setf@ios@@QAEJJ@Z
??0ios@@QAE@PAVstreambuf@@@Z
_fstat
??0exception@@QAE@XZ
_amsg_exit
iswcntrl
?fill@ios@@QAEDD@Z
_mbsnbcoll
?iword@ios@@QBEAAJH@Z
?clrlock@streambuf@@QAEXXZ
_mbscoll
_winminor
getchar
_wexecl
??1ostream@@UAE@XZ
?open@ofstream@@QAEXPBDHH@Z
_ismbbkprint
_findnext
malloc
vfprintf
??6ostream@@QAEAAV0@G@Z
??_8istream@@7B@
iswpunct
_wexecve
_mbscspn
fseek

polstore

IPSecSetNFAData
IPSecCreateFilterData
IPSecCopyPolicyData
IPSecDeleteNegPolData
IPSecGetISAKMPData
IPSecGetFilterData
IPSecEnumNegPolData
IPSecCreateNFAData
IPSecEnumFilterData
IPSecFreeFilterSpecs
IPSecFreeNFAData
IPSecFreeMulNegPolData
IPSecFreeISAKMPData
IPSecFreeNegPolData
IPSecIsDomainPolicyAssigned
IPSecDeleteISAKMPData
IPSecFreeMulPolicyData
IPSecEnumNFAData
IPSecGetAssignedPolicyData
IPSecImportPolicies
IPSecCreateISAKMPData
IPSecFreePolicyData
IPSecCopyFilterData
IPSecEnumISAKMPData
IPSecAssignPolicy
IPSecUnassignPolicy
IPSecCopyFilterSpec
IPSecGetNegPolData
IPSecFreeMulISAKMPData
IPSecCopyNFAData
IPSecAllocPolStr
IPSecFreePolStr
IPSecCopyISAKMPData
IPSecDeleteFilterData
IPSecFreeFilterData

msls31

LssbGetDupSubline
LsFindNextBreakSubline
LsResetRMInCurrentSubline
LsQueryLinePointPcp
LsdnGetDup
LsCompressSubline
LsCreateLine
LsdnSkipCurTab
LsSqueezeSubline
LsFetchAppendToCurrentSublineResume
LsdnGetCurTabInfo
LsQueryLineCpPpoint
LsdnGetFormatDepth
LsModifyLineHeight
LssbGetNumberDnodesInSubline
LsGetWarichuLsimethods
LsMatchPresSubline
LsEnumLine
LssbFIsSublineEmpty
LssbFDoneDisplay
LsSetCompression
LsAppendRunToCurrentSubline
LsSetBreakSubline
LsdnFinishDeleteAll
LsdnDistribute
LsFetchAppendToCurrentSubline
LsFinishCurrentSubline
LsdnQueryObjDimRange
LsdnFinishByOneChar
LsForceBreakSubline
LsdnSetRigidDup
LsdnFinishRegular
LsLwMultDivR
LsdnResolvePrevTab
LsTruncateSubline
LsdnSetAbsBaseLine
LsSetBreaking
LssbFDonePresSubline
LsGetSpecialEffectsSubline
LsdnFinishBySubline
LsSetDoc

user32

EndDialog

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 609KB - Virtual size: 609KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 90KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34d46d3f259cadb35cead001fbda3fbf

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

lz32

kernel32

msvcrt40

polstore

msls31

user32

Sections

.text Size: 161KB - Virtual size: 161KB

.rdata Size: 609KB - Virtual size: 609KB

.data Size: 90KB - Virtual size: 1.5MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 161KB - Virtual size: 161KB

.rdata
Size: 609KB - Virtual size: 609KB

.data
Size: 90KB - Virtual size: 1.5MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B