f05150d71cdd4b833cd0cad4bb7d6fb0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f05150d71cdd4b833cd0cad4bb7d6fb0_JaffaCakes118
Size

65KB
MD5

f05150d71cdd4b833cd0cad4bb7d6fb0
SHA1

816daf451ee916c7c34d5521f7b389dc5f589cc1
SHA256

0c119cc03d876b860a4814f4c908d7b55b4597ba27a888c7221e99aec12ee8e0
SHA512

4920f1e78b8ec6268541abf3f734ea2f3b38065cf834d0688059290a80dcc9639b672efa1584f9a8108402e198312a59f4a31ea839deabbf4c3557e507d1eb22
SSDEEP

1536:NqmnRQRiaFC/trfrb3FRTVejrBr/uQZrxG5VTlFVG5bGnG4l:NqmnRyiaFC/tbPVGRGxFD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f05150d71cdd4b833cd0cad4bb7d6fb0_JaffaCakes118

Files

f05150d71cdd4b833cd0cad4bb7d6fb0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

363c7ab0d25b8e9c2a361375cb1629e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp60

?is_open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??_8?$basic_fstream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
?_Init@?$codecvt@DDH@std@@IAEXABV_Locinfo@2@@Z
??_7?$messages@G@std@@6B@
?id@?$collate@D@std@@2V0locale@2@A
??4?$_Ctr@N@std@@QAEAAV01@ABV01@@Z
?epsilon@?$numeric_limits@N@std@@SANXZ
_Dtest
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?neg_format@?$_Mpunct@G@std@@QBE?AUpattern@money_base@2@XZ
?register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z
?denorm_min@?$numeric_limits@C@std@@SACXZ
?pubimbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?thousands_sep@?$_Mpunct@G@std@@QBEGXZ
?sin@std@@YA?AV?$complex@N@1@ABV21@@Z
??1?$basic_ifstream@GU?$char_traits@G@std@@@std@@UAE@XZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?pow@std@@YA?AV?$complex@O@1@ABV21@0@Z
??_7?$ctype@G@std@@6B@
?getline@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@PAGH@Z
?open@?$basic_fstream@GU?$char_traits@G@std@@@std@@QAEXPBDF@Z
??0domain_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
??1?$moneypunct@D$0A@@std@@UAE@XZ
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIXZ
??4?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?compare@?$char_traits@G@std@@SAHPBG0I@Z

dbghelp

SymEnumTypes
SymGetSymFromName
SymUnloadModule64
DbgHelpCreateUserDump
FindFileInPath
SymMatchFileName
StackWalk64
SymLoadModuleEx
SymEnumerateSymbolsW
SymGetSymNext64
SymGetModuleInfoW
ImageDirectoryEntryToDataEx
SymGetSymFromAddr
SymEnumerateSymbols
MiniDumpReadDumpStream
dbghelp
ExtensionApiVersion
SymGetTypeFromName
SymEnumSymbols
SymMatchString
SymLoadModule
SymGetLineFromName64
SymGetLineNext
SymGetSymPrev64
SymEnumSym
SymRegisterFunctionEntryCallback
StackWalk
SymGetLinePrev
MapDebugInformation
SymFunctionTableAccess64

gdi32

ExtTextOutW
FontIsLinked
GetDIBColorTable
StretchDIBits
EngFreeModule
EngComputeGlyphSet
DeleteColorSpace
EudcUnloadLinkW
EngMultiByteToWideChar
GetCharABCWidthsFloatA
GdiGetCodePage
CLIPOBJ_bEnum
AddFontMemResourceEx
EngCheckAbort
ColorCorrectPalette
DdEntry47
EnumFontsA
GdiInitializeLanguagePack
GdiInitSpool
PolyTextOutW
EngDeleteClip
SelectFontLocal
GetFontData
GdiAddFontResourceW
DdEntry2
StartPage
CreateDIBitmap
GdiQueryTable
GdiFixUpHandle
StrokePath

mtxoci

ocom
ocof
oermsg
oclose
oflng
obindps
obndra
opinit
olog
orol
MTxolog
oopen
obndrv
odefin
ologTransacted
oexec
MTxOciGetVersion
oopt
ocan
ocon
ofetch
ofen
oexn

kernel32

GetCommandLineA
GetProfileSectionA
VerifyVersionInfoW
GetUserDefaultLangID
SystemTimeToTzSpecificLocalTime
InterlockedExchangeAdd
GetConsoleHardwareState
EscapeCommFunction
GetCurrentConsoleFont
GetBinaryType
SizeofResource
BackupWrite
SetThreadPriority
RemoveDirectoryW
GetStartupInfoA
GetDriveTypeW
GetCurrentActCtx
GetProcAddress
SetLocalTime
GetModuleHandleW
FindActCtxSectionGuid
VirtualAlloc
HeapCreate
CreateTapePartition
FindFirstChangeNotificationA
LoadLibraryA
DebugActiveProcessStop

catsrvut

??1CComPlusInterface@@UAE@XZ
RegDBRestore
QueryUserDllW
??4CComPlusMethod@@QAEAAV0@ABV0@@Z
??0CComPlusObject@@QAE@ABV0@@Z
DllUnregisterServer
??1CComPlusComponent@@UAE@XZ
WinlogonHandlePendingInfOperations
RunMTSToCom
ManagedRequestW
??4CComPlusObject@@QAEAAV0@ABV0@@Z
SysprepComplus
COMPlusUninstallActionW
??0CComPlusComponent@@QAE@ABV0@@Z
StartMTSTOCOM
SysprepComplus2
??_7CComPlusInterface@@6B@
CGMIsAdministrator
??0CComPlusMethod@@QAE@ABV0@@Z
??_7CComPlusMethod@@6B@
FindAssemblyModulesW
??_7CComPlusComponent@@6B@
DllCanUnloadNow
RegDBBackup
DllRegisterServer
??_7CComPlusObject@@6B@
?GetITypeLib@CComPlusTypelib@@QAEPAUITypeLib@@XZ
??4CComPlusTypelib@@QAEAAV0@ABV0@@Z
DllGetClassObject
??4CComPlusInterface@@QAEAAV0@ABV0@@Z

version

GetFileVersionInfoA
VerInstallFileA
VerInstallFileW
GetFileVersionInfoSizeW
VerLanguageNameA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA
VerFindFileW
VerFindFileA
VerLanguageNameW
VerQueryValueW

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

363c7ab0d25b8e9c2a361375cb1629e9

Headers

DLL Characteristics

File Characteristics

Imports

msvcp60

dbghelp

gdi32

mtxoci

kernel32

catsrvut

version

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 13KB - Virtual size: 74KB

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 512B - Virtual size: 388B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 13KB - Virtual size: 74KB

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 512B - Virtual size: 388B