ef906bafe8e971fe0d7244e646296ba9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ef906bafe8e971fe0d7244e646296ba9_JaffaCakes118
Size

58KB
MD5

ef906bafe8e971fe0d7244e646296ba9
SHA1

60d3a6ec8a4a519094b01b2164021887a55edf06
SHA256

0cbe9fee64d4a347a1747fa7b388cf0eb4b5c60f46acb83506849f627d7c12c7
SHA512

52ee34df938b13789c10ffcbd3a26484b30f6381ef7e3f9ee5d216d67eb15e1d58f4e737ca3adb876d7f4a4fa1735454724405c2dc90d3e8ab407d03a053c1b4
SSDEEP

1536:L1AJm76YaRO5Ron8VAPj8iPxV+1o87pGeFncaQl5x:cXkRW8aCGX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef906bafe8e971fe0d7244e646296ba9_JaffaCakes118

Files

ef906bafe8e971fe0d7244e646296ba9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3ccf60bc942f14dcd480c25d71b52e74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
HeapSize
FatalExit
GetThreadContext
SetThreadLocale
CreateDirectoryW
CreateMutexW
lstrcmpiA
EnumSystemGeoID
GlobalAlloc
EscapeCommFunction
SetEndOfFile
VirtualFree
GetConsoleScreenBufferInfo
VirtualAlloc
FlushConsoleInputBuffer
RtlZeroMemory
LoadLibraryA
ReplaceFileW
HeapCreate
LocalShrink
SetLastError
SetCalendarInfoA
FreeEnvironmentStringsA

olecli32

DibGetData
OleCopyFromLink
LeClone
DefCreateFromClip
ErrClose
OleQueryBounds
ErrObjectLong
GenSaveToStream
OleQueryName
BmChangeData
ErrSetHostNames
ErrSetTargetDevice
LeChangeData
OleCreateLinkFromClip
OleQuerySize
OleDraw
OleCreateLinkFromFile
LeQueryProtocol
GenRelease
GenDraw

msvcrt20

??_Gifstream@@UAEPAXI@Z
_ismbcl2
_getdiskfree
_ismbbgraph
??6ostream@@QAEAAV0@PBE@Z
?get@istream@@QAEAAV1@PAEHD@Z
?x_statebuf@ios@@0QAJA
_strupr
_amsg_exit
_safe_fprem
??_Eios@@UAEPAXI@Z
??3@YAXPAX@Z
??4ostream@@IAEAAV0@ABV0@@Z
_wcsnicmp
_commode
??0istream_withassign@@QAE@XZ
_fgetchar
__p__environ
??_Dstdiostream@@QAEXXZ
_setmode
??1strstream@@UAE@XZ
??_8ifstream@@7B@
??_Efstream@@UAEPAXI@Z
_pclose
?_set_new_mode@@YAHH@Z
_nextafter
_tcsdec

msvcrt40

_ecvt
_adj_fprem1
__doserrno
_wrmdir
??0Iostream_init@@QAE@XZ
??5istream@@QAEAAV0@PAC@Z
?basefield@ios@@2JB
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
_HUGE
_utime
_strupr
??0bad_typeid@@QAE@PBD@Z
?rdbuf@ifstream@@QBEPAVfilebuf@@XZ
__p__iob
_adj_fdiv_m64
?get@istream@@QAEAAV1@PACHD@Z
signal
atexit
_getch
??0ofstream@@QAE@ABV0@@Z
_strnset
?raw_name@type_info@@QBEPBDXZ
_mktemp
??_Gofstream@@UAEPAXI@Z
_c_exit
??_Eexception@@UAEPAXI@Z
_wfreopen
tanh
_spawnvp

ntdll

ZwUnmapViewOfSection
ZwAccessCheckByTypeResultListAndAuditAlarm
RtlEqualLuid
RtlDetermineDosPathNameType_U
RtlActivateActivationContextUnsafeFast
_strnicmp
RtlNumberOfSetBits
ZwQueryTimer
LdrAccessResource
RtlCreateRegistryKey
NtDeleteFile
NtQueryIntervalProfile
RtlMoveMemory
RtlSetThreadIsCritical
ZwReadFile
RtlpNtCreateKey
ZwRemoveIoCompletion
_wtoi64
RtlInt64ToUnicodeString
iscntrl
RtlUpcaseUnicodeStringToAnsiString
NtQueryDefaultUILanguage
RtlInitializeCriticalSectionAndSpinCount
RtlCancelTimer
_ui64toa
ZwQueryInformationProcess

adsldpc

FreeObjectInfo
ADSICloseSearchHandle
ADSIGetObjectAttributes
AdsTypeToLdapTypeCopyGeneralizedTime
GetLDAPTypeName
LdapInitializeSearchPreferences
Component
LdapFirstAttribute
LdapIsClassNameValidOnServer
BuildADsParentPath
?GetNextToken@CLexer@@QAEJPAGPAK@Z
LdapcKeepHandleAround
LdapTypeToAdsTypeCopyConstruct
AdsTypeToLdapTypeCopyDNWithString
ADsGetNextRow
InitObjectInfo
BuildADsPathFromLDAPPath
ADSIDeleteDSObject
LdapFirstEntry
ADsGetFirstRow
LdapSearch
LdapControlFree
ADSIGetColumn
SchemaGetClassInfo
ADsDeleteDSObject

msls31

LsdnResetObjDim
LssbGetPlsrunsFromSubline
LsExpandSubline
LsSetExpansion
LsQueryLinePointPcp
LssbGetDurTrailInSubline
LsSetModWidthPairs
LsQueryFLineEmpty
LsdnFinishByOneChar
LsDestroySubline
LsFinishCurrentSubline
LsGetSpecialEffectsSubline
LsdnResolvePrevTab
LsLwMultDivR
LsFetchAppendToCurrentSublineResume
LsCreateSubline
LsSqueezeSubline
LsSetBreaking
LsdnSubmitSublines
LsdnModifyParaEnding
LsGetRubyLsimethods
LsAppendRunToCurrentSubline
LsFindPrevBreakSubline

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ccf60bc942f14dcd480c25d71b52e74

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

olecli32

msvcrt20

msvcrt40

ntdll

adsldpc

msls31

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 18KB - Virtual size: 53KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 216B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 18KB - Virtual size: 53KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 216B