e1ffe4a00cfbe9edfceb9ceb707b5918_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e1ffe4a00cfbe9edfceb9ceb707b5918_JaffaCakes118
Size

867KB
MD5

e1ffe4a00cfbe9edfceb9ceb707b5918
SHA1

848b138abf5b43e7edda38dbee549ab156e2e64a
SHA256

4f6d6b9640cfad24733fdd045f39789d3f9e63bb56a4d6e2b3a1c4197015b1d2
SHA512

3c83688f206cb865b0205c6cf9b1ed0a7cd75ce1a480bb418f497116d817682037132b836cb64023cadf048165d3c88585173ba63ed640240a3f3f5d8972ac3e
SSDEEP

24576:F4IaN+DL+tPVxpwHIlv696+iNSKzEW6enacr:+5G6ZVHwH2v69t4EUvr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1ffe4a00cfbe9edfceb9ceb707b5918_JaffaCakes118

Files

e1ffe4a00cfbe9edfceb9ceb707b5918_JaffaCakes118
.exe windows:5 windows x86 arch:x86

729923eb194ff5ef58e3f8738caa8f70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__wenviron
longjmp
_creat
strxfrm
_winmajor
_heapchk
strrchr
ctime
_spawnv
__toascii
_cputs
__initenv
_global_unwind2
_outp
_mbsinc
wcsncpy
iswdigit
??0bad_cast@@AAE@PBQBD@Z
_wcsnset
??_Fbad_typeid@@QAEXXZ
fabs
_cgets
wcsspn
_strerror
_abnormal_termination
_callnewh
??3@YAXPAX@Z
_wcsnicmp
_beginthread
_memicmp
_set_SSE2_enable
_CIsin
_controlfp
___setlc_active_func
_findnext64
_wexecve
_mkdir
_mbsncat
_wcstoi64
sin
_timezone
_ultow
_aligned_malloc
asctime
_ismbbprint
?name@type_info@@QBEPBDXZ
_ltoa
strchr
toupper
__p__pctype
_mbsspnp
_ecvt
_wcserror
atoi
fclose
_wcreat
_fgetchar
__p__amblksiz
bsearch
_wexecle

ntdll

ZwSetLowWaitHighEventPair
RtlAreAllAccessesGranted
ZwWriteFile
NtEnumerateValueKey
NtOpenProcess
NtLockRegistryKey
RtlAddAuditAccessAce
NtListenPort
ZwAccessCheck
NtSetEaFile
NtReplaceKey
NtShutdownSystem
ZwCloseObjectAuditAlarm
ZwUnloadKey
CsrCaptureMessageMultiUnicodeStringsInPlace
NtSetEvent
NtUnloadKeyEx
NtQueryInstallUILanguage
NtQueryQuotaInformationFile
ZwStopProfile
NtVdmControl
ZwCreateEventPair
NtOpenDirectoryObject
NtCreateNamedPipeFile
RtlRunDecodeUnicodeString
NtRemoveProcessDebug
RtlCreateProcessParameters
RtlInitializeAtomPackage
RtlSetAllBits
RtlpNtEnumerateSubKey
ZwOpenSemaphore
ZwQueryDirectoryObject
ZwCreateDebugObject
RtlNtStatusToDosErrorNoTeb
NtQueryDirectoryFile
RtlFindClearRuns
RtlComputeImportTableHash
RtlVerifyVersionInfo
RtlUpcaseUnicodeToCustomCPN
RtlDeleteTimerQueue
NtCreateProcess
ZwOpenFile
NtQueryIntervalProfile
RtlDeleteElementGenericTableAvl

kernel32

InitializeCriticalSectionAndSpinCount
HeapCreate
SwitchToFiber
Module32NextW
ContinueDebugEvent
WritePrivateProfileStructW
CreateTimerQueueTimer
GetTimeFormatW
CreateToolhelp32Snapshot
SetVolumeMountPointW
SetProcessPriorityBoost
SetMailslotInfo
GetFirmwareEnvironmentVariableW
GetConsoleProcessList
SetCurrentDirectoryA
WritePrivateProfileSectionA
FatalAppExitW
VirtualAlloc
WriteConsoleOutputCharacterW
AreFileApisANSI
GetWindowsDirectoryA
CreateSemaphoreA
GetComputerNameExW
GetExpandedNameA
VirtualFree
CreateMemoryResourceNotification
CreateHardLinkW
GetLocaleInfoW
GetWriteWatch
LoadLibraryA
GetSystemDefaultUILanguage
SetCriticalSectionSpinCount
GetCommandLineA
FlushConsoleInputBuffer
SetFilePointerEx
lstrcpyn
DeactivateActCtx
SetConsoleNumberOfCommandsA
SetTapeParameters
PurgeComm
GetCurrentThread
ConvertDefaultLocale
SetConsoleMode
SetFileShortNameA
GetEnvironmentStringsA
GetConsoleAliasExesLengthA
EnumSystemLocalesA
QueryMemoryResourceNotification
MoveFileExA
SetThreadExecutionState
GetMailslotInfo
ReleaseSemaphore
SuspendThread
ZombifyActCtx
GetCurrentDirectoryA
SetCommConfig
WriteConsoleOutputA
SetCurrentDirectoryW
GetUserGeoID
SetCalendarInfoA
DeleteFileA
LZSeek
SearchPathW
SetConsoleCursorPosition
FlushInstructionCache
AddLocalAlternateComputerNameW
EnumSystemLanguageGroupsA
GetProfileSectionA
GetProcessTimes
LZDone
SetThreadPriorityBoost
GetConsoleTitleW
GetConsoleTitleA
OpenSemaphoreW
Heap32ListFirst
GlobalMemoryStatus
TlsAlloc

winipsec

AddTunnelFilter
EnumMMFilters
OpenTransportFilterHandle
EnumQMSAs
SetTunnelFilter
AddMMAuthMethods
DeleteMMAuthMethods
OpenTunnelFilterHandle
SetQMPolicy
SetTransportFilter
SPDApiBufferAllocate
GetTransportFilter
DeleteTunnelFilter
EnumIPSecInterfaces
CloseMMFilterHandle
EnumMMAuthMethods
GetMMPolicyByID
SetMMFilter
QueryIPSecStatistics
MatchTunnelFilter
SetMMPolicy
DeleteTransportFilter
DeleteMMFilter
GetQMPolicyByID
GetQMPolicy
AddQMPolicy
DeleteMMPolicy
EnumTunnelFilters
AddTransportFilter

ws2_32

WSARecvDisconnect
WSAGetServiceClassNameByClassIdA
WSASend
gethostbyaddr
getservbyport
WPUCompleteOverlappedRequest
WSCDeinstallProvider
WSAProviderConfigChange
WSAAsyncGetServByPort
WSAConnect
WSAAsyncGetServByName
ntohs
WSASetServiceW
WSASocketW
inet_ntoa
WSCUpdateProvider
WSASetBlockingHook
getpeername
recv
WSAIsBlocking
WSAGetServiceClassInfoA
WSACancelBlockingCall
WSCWriteNameSpaceOrder
bind
WSAInstallServiceClassW
listen
WSCEnableNSProvider
WSACloseEvent
WSAStringToAddressA
WSAAccept
getprotobynumber
WSAAsyncGetProtoByName
WSAEnumNameSpaceProvidersA
WSARecvFrom
WSALookupServiceNextW

Sections

.text
Size: 223KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 462KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

729923eb194ff5ef58e3f8738caa8f70

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

winipsec

ws2_32

Sections

.text Size: 223KB - Virtual size: 224KB

.rdata Size: 179KB - Virtual size: 180KB

.data Size: 512B - Virtual size: 1.9MB

.rsrc Size: 462KB - Virtual size: 464KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 223KB - Virtual size: 224KB

.rdata
Size: 179KB - Virtual size: 180KB

.data
Size: 512B - Virtual size: 1.9MB

.rsrc
Size: 462KB - Virtual size: 464KB

.reloc
Size: 1024B - Virtual size: 4KB