ea0bd0f121365a477bc645b0ff51d53e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ea0bd0f121365a477bc645b0ff51d53e_JaffaCakes118
Size

341KB
MD5

ea0bd0f121365a477bc645b0ff51d53e
SHA1

a66b3520e32baa6f59b18c625b15709622ab002b
SHA256

fce4350c1a3ceb8898c7aa48e72f802dc2e53bbb3379e5fd9141eb6aaec07939
SHA512

3d1ce0ace1250558355a67ffb4d37e16813fce6d0db44f401dd4e5d85917098eb05e68131eb6c0864d7a7d566612ca0d18c6b5d18e2925fa7042a30a2f4e93b8
SSDEEP

6144:sUfdZQgbcxCIHLIN4a8EppZLTRSjQdCNZD0O5LFTh8xpWgypmpAKgqSD0YR0K:JfXcxTIya8I/LtSjQd0ZDTl8msAnqfYb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea0bd0f121365a477bc645b0ff51d53e_JaffaCakes118

Files

ea0bd0f121365a477bc645b0ff51d53e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b18af6561b2266848b105dc89f534002

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt20

wcsstr
??4ostream_withassign@@QAEAAVostream@@ABV1@@Z
_snwprintf
_fullpath
??_8fstream@@7Bistream@@@
?close@filebuf@@QAEPAV1@XZ
_mbslwr
_heapchk
_tcsrev
??0ostrstream@@QAE@XZ
?unexpected@@YAXXZ
??_7streambuf@@6B@
_mbsicmp
?blen@streambuf@@IBEHXZ
_mbsnbicmp
getwc
?sync@stdiobuf@@UAEHXZ
?dec@@YAAAVios@@AAV1@@Z
??0iostream@@QAE@PAVstreambuf@@@Z
qsort

wmasf

ASFGetStreamPropertiesObject
ASFCreateIndexMaker
ASFFindRootObject
ASFCreateIndexMakerFileSink
ASFReadHeaderFromFile
ASFCreateStreamSelector
ASFGetHeaderObject
ASFGUIDFromCodecID
ASFFindHeaderObject
ASFCreateIOMonitor
ASFGUIDToCodecID
ASFWriteHeaderToFile
ASFFindStreamPropertiesObject
ASFGetRootObject
ASFCreateLibrary

msvcrt

longjmp
_ismbcl1
_mbsdup
_getdcwd
_stat
_spawnvp
__crtCompareStringW
_wmktemp
_mbctype
_except_handler3
sinh
strtod
getwc
_wfullpath
_lock
fsetpos
rewind
wcscmp
_execvpe
puts
_putw
_mbsrev
_strtoi64
_wmkdir
signal
_fputchar
_clearfp
ldexp
__unDName
??1type_info@@UAE@XZ
perror
_wpgmptr
toupper
fgetpos
_fstati64
_scalb
abs
iswupper
atan2
_wspawnvpe
wcscpy
_adj_fdivr_m32
_putwch
_getwche
_controlfp
strtoul
_wctime64
cosh
_write
_ctime64
_ungetwch
fopen
_assert
_wctime

msvcrt40

?fill@ios@@QBEDXZ
_mbcjistojms
?unexpected@@YAXXZ
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_wcsdup
_CIsqrt
?rdbuf@ofstream@@QBEPAVfilebuf@@XZ
wcsstr
ftell
_fputchar
wcstol
?getline@istream@@QAEAAV1@PADHD@Z
?unsetf@ios@@QAEJJ@Z
__pxcptinfoptrs
?get@istream@@QAEAAV1@PAEHD@Z
log
?underflow@filebuf@@UAEHXZ
_putch
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?get@istream@@QAEAAV1@AAC@Z
wcscspn
_j0
_tell
_spawnve
??1ostream@@UAE@XZ
sqrt
_adj_fdiv_m32i
_pctype

kernel32

CreateActCtxW
GetEnvironmentVariableW
GetLogicalDriveStringsW
ConnectNamedPipe
RaiseException
LoadLibraryA
DeleteFileW
CopyLZFile
GetComputerNameW
GetShortPathNameA
SetTimeZoneInformation
ReadFileEx
AddAtomW
DuplicateHandle
CreateFileMappingW
WriteConsoleInputA
RemoveLocalAlternateComputerNameW
GetLocaleInfoW
WriteConsoleInputVDMA
GetModuleHandleA
VirtualAlloc
GetFileTime
WinExec

rpcrt4

RpcMgmtSetServerStackSize
I_RpcServerInqTransportType
enum_from_ndr
I_RpcServerRegisterForwardFunction
RpcBindingSetOption
RpcSsEnableAllocate
RpcFreeAuthorizationContext
I_RpcAsyncSetHandle
RpcBindingFromStringBindingA
NdrServerContextUnmarshall
RpcRevertToSelf
NdrRpcSsDefaultFree
NdrContextHandleSize
UuidCreate
pfnFreeRoutines
I_RpcPauseExecution
NdrConformantStringMemorySize
RpcMgmtInqIfIds
NdrStubCall
RpcMgmtInqStats

iphlpapi

Icmp6ParseReplies
do_echo_req
NhGetInterfaceNameFromGuid
FlushIpNetTable
_PfRebindFilters@8
_PfUnBindInterface@4
GetIfTable
GetAdapterOrderMap
InternalDeleteIpForwardEntry
NhGetInterfaceNameFromDeviceGuid
NotifyAddrChange
GetUdpTable
GetNetworkParams
_PfAddFiltersToInterface@24
GetIcmpStatistics
AddIPAddress
GetNumberOfInterfaces
CreateIpForwardEntry
InternalGetIpForwardTable
SetIpStatistics
_PfCreateInterface@24
_PfBindInterfaceToIPAddress@12

user32

EndDialog
MessageBoxA

shell32

SHGetMalloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 254KB - Virtual size: 744KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b18af6561b2266848b105dc89f534002

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt20

wmasf

msvcrt

msvcrt40

kernel32

rpcrt4

iphlpapi

user32

shell32

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 254KB - Virtual size: 744KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 320B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 254KB - Virtual size: 744KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 320B