ef32cbb10a4ddb2b106dca26c59a3767_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ef32cbb10a4ddb2b106dca26c59a3767_JaffaCakes118
Size

62KB
MD5

ef32cbb10a4ddb2b106dca26c59a3767
SHA1

72ea3e0b1eb5b263f88eee01d0b8eebd25386d18
SHA256

dc4271a8e6cb1b5051c5a6547e852acb6a77824e9d7345276dd78611ebc43686
SHA512

9a06f5d92c0d63e8a9cb9825b9054d3e4076c6deafba6a417b7bbb117b20b81ff007c7183af3d4adaf25a695a9e2b85deb962fb2b5ba13c963243f4f955e38ed
SSDEEP

1536:3ve9inQ0HPCBIKUYt8YYkL+iP0bUSLWol7:3veqABIK/SK+CoP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef32cbb10a4ddb2b106dca26c59a3767_JaffaCakes118

Files

ef32cbb10a4ddb2b106dca26c59a3767_JaffaCakes118
.exe windows:5 windows x86 arch:x86

db1a4588ebe45583220feaa9b6e4c58e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetEnvironmentVariableA
GetTickCount
VirtualAlloc
WriteConsoleOutputCharacterW
GetCurrentThreadId
FindResourceExW
lstrcat
QueryPerformanceCounter
WriteTapemark
GetCurrentDirectoryA
GetStartupInfoW
SetConsoleCursorInfo
GetLogicalDriveStringsW
AddAtomW
VirtualUnlock
LocalFree
HeapQueryInformation
GetModuleHandleW
RtlFillMemory
GetProcAddress
DeleteFileW
EnumSystemGeoID
CancelWaitableTimer
UTRegister
LoadLibraryA
SetTimeZoneInformation
LockResource
QueueUserWorkItem
GetLastError
LoadLibraryW
GetExitCodeThread
GetVolumePathNameA

sqlunirl

_BackupEventLog_@8
_CharToOemBuff_@12
_NDdeShareGetInfo_@28
_DrawTextEx_@24
_PostThreadMessage_@16
_GetOpenFileName@4
_DefFrameProc_@20
_AddAtom_@4
_DefMDIChildProc_@16
_strerror_@4
_GetFileSecurity_@20
_ExtractAssociatedIcon_@12
_DlgDirListComboBox_@20
newMultiByteFromWideChar
_RemoveFontResource_@4
_ReadConsoleInput_@16
_CreateWindowStation_@16
_GetFileTitle@12
_GetKerningPairs_@12
_RegUnLoadKey_@8
_NDdeGetTrustedShare_@20
_PostMessage@16
_EnumDependentServices_@24
_GetServiceDisplayName_@16
_GetDiskFreeSpace_@20
_lstrcpy_@8
_GetBinaryType_@8
_LookupPrivilegeName_@16

setupapi

CM_Add_ID_ExA
SetupDiGetClassInstallParamsA
SetupSetDirectoryIdExA
SetupScanFileQueue
SetupSetSourceListA
SetupGetFileQueueCount
CM_Locate_DevNodeA
CM_Get_Class_Name_ExW
SetupDefaultQueueCallback
CM_Get_Class_Registry_PropertyA
SetupCreateDiskSpaceListW
SetupDiGetClassRegistryPropertyA
VerifyCatalogFile
CM_Get_Device_ID_List_ExW
CM_Request_Eject_PC_Ex
pSetupModifyGlobalFlags
pSetupStringTableInitialize
SetupDiGetClassInstallParamsW
CM_Get_Class_Key_NameW
pSetupVerifyQueuedCatalogs
SetupSetDirectoryIdExW
CM_Set_HW_Prof_Flags_ExW
CM_Request_Device_Eject_ExW
CM_Move_DevNode_Ex
SetupGetSourceFileSizeW
SetupDiClassGuidsFromNameExA

ntdll

ZwSetDefaultLocale
RtlPinAtomInAtomTable
RtlFindActivationContextSectionGuid
ZwMapUserPhysicalPages
RtlRunEncodeUnicodeString
RtlCloneMemoryStream
RtlRunDecodeUnicodeString
RtlQueryAtomInAtomTable
_allrem
RtlLookupAtomInAtomTable
NtAssignProcessToJobObject
RtlInitializeContext
memcmp
wcsncmp
_ultow
qsort
RtlFreeHeap
RtlGetLastNtStatus
RtlUpcaseUnicodeToCustomCPN
RtlQueryProcessLockInformation

msvcrt

__p___wargv
_write
_wspawnvp
_cputs
strtok
__CxxDetectRethrow
wcstombs
_wgetcwd
mbtowc
wcspbrk
_spawnl
_ctype
_CIlog
_amsg_exit
vswprintf
_strnicoll
_wcserror
strcat
isprint
remove
strlen
abort
wcscmp
_putch
_wtof

winmm

mmsystemGetVersion
midiOutSetVolume
mmTaskSignal
auxGetDevCapsA
waveOutGetErrorTextA
mixerOpen
midiOutGetErrorTextA
mciSendStringA
waveInGetPosition
mixerClose
waveOutGetPosition
mmDrvInstall
SendDriverMessage
mciGetErrorStringA
midiOutShortMsg
midiStreamOut
DrvGetModuleHandle
waveOutGetErrorTextW
waveInPrepareHeader
joyReleaseCapture
mciDriverYield
mmGetCurrentTask
waveOutGetDevCapsA
joyGetThreshold
midiOutReset
mixerSetControlDetails
mmioOpenW

msvcp60

?log10@std@@YA?AV?$complex@N@1@ABV21@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??Kstd@@YA?AV?$complex@N@0@ABV10@ABN@Z
?signaling_NaN@?$numeric_limits@O@std@@SAOXZ
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIABV12@@Z
??0locale@std@@QAE@ABV01@PBDH@Z
_FSnan
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IPBGI@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?_Init@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
?do_toupper@?$ctype@D@std@@MBEDD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
?lt@?$char_traits@D@std@@SA_NABD0@Z
??4?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@F@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIID@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
?open@?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXPBDH@Z
??8std@@YA_NABV?$complex@N@0@ABN@Z
??1?$messages@G@std@@UAE@XZ
??Kstd@@YA?AV?$complex@M@0@ABV10@ABM@Z
??X?$_Complex_base@O@std@@QAEAAV01@ABO@Z
??0?$numpunct@G@std@@QAE@I@Z

user32

EndDialog

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db1a4588ebe45583220feaa9b6e4c58e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

sqlunirl

setupapi

ntdll

msvcrt

winmm

msvcp60

user32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 14KB - Virtual size: 75KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 352B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 14KB - Virtual size: 75KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 352B