ef65c2e32142369a43f23c0f9428c5f3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ef65c2e32142369a43f23c0f9428c5f3_JaffaCakes118
Size

87KB
MD5

ef65c2e32142369a43f23c0f9428c5f3
SHA1

81567a85f3b103a3d4b551ffaaaae18784e486a5
SHA256

e20879de320fc48464853abe412d8b9656127770f86a190f2026f701de017722
SHA512

0827c204899e50f4249ff179579ab683b7ffda2e886ecb30e2684722a967747103cab05292f77b6895d4e8d60409893f14b9bafef80c723b39bbb3cfa055bd86
SSDEEP

1536:YqL4a2JBg0iJTwQNw0QdCAN34TESeU32zXE3wCAD4Dzq6k/LTkesY:R8JJBVS8eQd714YSeUg03kkD26sOY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef65c2e32142369a43f23c0f9428c5f3_JaffaCakes118

Files

ef65c2e32142369a43f23c0f9428c5f3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

36947362362a2fd75d71caf50398f131

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetNativeSystemInfo
CancelWaitableTimer
CreateTimerQueueTimer
CompareFileTime
HeapCreate
MapViewOfFile
GetTickCount
VirtualAlloc
OpenEventA
GetNumberFormatA
GetSystemTimeAsFileTime
InterlockedPushEntrySList
GetStringTypeA
GetCurrencyFormatA
OpenMutexW
CommConfigDialogW
OpenConsoleW
GetComputerNameW
GetCurrentProcessId
GetLastError
SetLocalTime
SetFilePointerEx
GetStartupInfoA
SetFilePointer
UTUnRegister
QueryPerformanceCounter
GetCurrentThreadId
RegisterWowBaseHandlers
GetSystemWindowsDirectoryA
RegisterConsoleIME

msdart

?TryReadLock@CCritSec@@QAE_NXZ
?_CmpExch@CReaderWriterLock3@@AAE_NJJ@Z
?IsUnlocked@CLockedSingleList@@QBE_NXZ
?Apply@CLKRLinearHashTable@@QAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@@Z
MpHeapDestroy
?_Expand@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?_H0@CLKRLinearHashTable@@CGKKK@Z
?First@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock2@@1NA
?IsWin98@CMdVersionInfo@@SAHXZ
?TryReadLock@CFakeLock@@QAE_NXZ
?IsReadLocked@CCritSec@@QBE_NXZ
?ReadUnlock@CSmallSpinLock@@QAEXXZ
?IsMillnm@CMdVersionInfo@@SAHXZ
?_RemoveThisFromGlobalList@CLKRHashTable@@AAEXXZ

untfs

?ReadList@NTFS_ATTRIBUTE_LIST@@QAEEXZ
??0NTFS_BAD_CLUSTER_FILE@@QAE@XZ
??1NTFS_BITMAP@@UAE@XZ
??1NTFS_EXTENT_LIST@@UAE@XZ
??0NTFS_EXTENT_LIST@@QAE@XZ
?QueryExtent@NTFS_EXTENT_LIST@@QBEEKPAVBIG_INT@@00@Z
?ReadNext@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
?SetVolumeFlag@NTFS_SA@@QAEEGPAE@Z
?Read@NTFS_MFT_FILE@@UAEEXZ
??1NTFS_BOOT_FILE@@UAE@XZ
??1NTFS_REFLECTED_MASTER_FILE_TABLE@@UAE@XZ
??1NTFS_FILE_RECORD_SEGMENT@@UAE@XZ
?NtfsUpcaseCompare@@YGJPBGK0KPBVNTFS_UPCASE_TABLE@@E@Z
?ComputeFileNameSignature@NTFS_MFT_INFO@@CGXKPAU_FILE_NAME@@QAE@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@KPAVNTFS_MASTER_FILE_TABLE@@@Z
??1NTFS_MFT_INFO@@UAE@XZ
??0NTFS_MFT_FILE@@QAE@XZ
?GetNext@NTFS_INDEX_TREE@@QAEPBU_INDEX_ENTRY@@PAKPAEE@Z
?Initialize@NTFS_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@VBIG_INT@@2@Z
?Save@NTFS_INDEX_TREE@@QAEEPAVNTFS_FILE_RECORD_SEGMENT@@@Z
??0NTFS_ATTRIBUTE@@QAE@XZ
?QueryDefaultClustersPerIndexBuffer@NTFS_SA@@SGKPBVDP_DRIVE@@K@Z
?CopyIterator@NTFS_INDEX_TREE@@QAEEPAV1@@Z
?QueryFlags@NTFS_MFT_INFO@@SGEPAXG@Z

atmlib

ATMEnumMMFonts
ATMGetBuildStr
ATMGetVersionEx
ATMGetFontBBox
ATMAddFont
ATMAddFontExA
ATMXYShowText
ATMGetVersion
ATMEnumFontsA
ATMRemoveFontA
ATMGetGlyphListW
ATMGetPostScriptName
ATMFontAvailableW
ATMEnumMMFontsA
ATMAddFontExW
ATMGetVersionExW
ATMGetNtmFields
ATMGetFontInfoW

msvcp60

??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??_7__non_rtti_object@std@@6B@
?polar@std@@YA?AV?$complex@M@1@ABM0@Z
?width@ios_base@std@@QAEHH@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?_Doraise@bad_typeid@std@@MBEXXZ
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAM@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
_Getctype
??4?$numeric_limits@H@std@@QAEAAV01@ABV01@@Z
??0underflow_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?epsilon@?$numeric_limits@M@std@@SAMXZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?is_open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBE_NXZ

winmm

mmioGetInfo
PlaySoundA
midiInGetErrorTextW
mci32Message
midiInReset
midiInOpen
NotifyCallbackData
waveOutRestart
mixerSetControlDetails
waveInStart
auxGetDevCapsW
DrvGetModuleHandle
CloseDriver
midiOutGetVolume
mmioCreateChunk
mixerGetLineControlsW
midiInGetErrorTextA
mmioFlush

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36947362362a2fd75d71caf50398f131

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msdart

untfs

atmlib

msvcp60

winmm

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 19KB - Virtual size: 30KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 316B

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 19KB - Virtual size: 30KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 316B