f6fc5efaec56263f541776c9de0e1ab2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f6fc5efaec56263f541776c9de0e1ab2_JaffaCakes118
Size

306KB
MD5

f6fc5efaec56263f541776c9de0e1ab2
SHA1

000e0d32ef6f21f42186ed16c2ec3df8e00c3924
SHA256

779100e46fbeb0ad49518634c44ee4a94f0a1247a2ce7ba0b9c42449d6a5e573
SHA512

0113bea6a7c623c114ae772109167fa07f19207fa6d5f8a5797694e1d457ee1e2425cf91486545ce9dee7fade9be0e3478cab3b3b337ebe77f139b59ee7aaa1c
SSDEEP

6144:zYYVyLhTHUg+4Gm4HZT3FmCBOny6eUOtm:M51gFY4x1mCBOnyQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6fc5efaec56263f541776c9de0e1ab2_JaffaCakes118

Files

f6fc5efaec56263f541776c9de0e1ab2_JaffaCakes118
.exe windows:6 windows x86 arch:x86

73d49f0f80b0b4843e295f0c63dab60c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp140

?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?eof@ios_base@std@@QBE_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?fail@ios_base@std@@QBE_NXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1_Lockit@std@@QAE@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
??0_Lockit@std@@QAE@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xinvalid_argument@std@@YAXPBD@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAE_J_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ

api-ms-win-crt-stdio-l1-1-0

fwrite
_get_stream_buffer_pointers
__stdio_common_vsprintf_s
__stdio_common_vsprintf
fflush
setvbuf
fsetpos
fgetpos
fputc
ungetc
fgetc
fread
_fseeki64
fclose

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

kernel32

OpenProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
lstrlenA
DisconnectNamedPipe
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
ReadFile
ConnectNamedPipe
CreateNamedPipeA
VirtualQueryEx
Beep
GetTickCount
Sleep
WriteProcessMemory
ReadProcessMemory
MultiByteToWideChar
WideCharToMultiByte
GetCurrentDirectoryA
SetCurrentDirectoryA

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_cexit
terminate
abort
_errno

api-ms-win-crt-string-l1-1-0

_stricmp
strtok

vcruntime140

__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxUnregisterExceptionObject
__FrameUnwindFilter
_except_handler4_common
memmove
__current_exception
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__current_exception_context

user32

WindowFromPoint
PostMessageW
GetWindowThreadProcessId
SendMessageA
PostMessageA
GetSystemMetrics
GetDC
SetForegroundWindow
ShowWindow
ScreenToClient
GetCursorPos
SetFocus
GetKeyState
FindWindowA

gdi32

CreateCompatibleBitmap
DeleteObject
BitBlt
SelectObject
CreateCompatibleDC

comdlg32

GetSaveFileNameA
GetOpenFileNameA

winmm

PlaySoundA

wininet

InternetConnectA
InternetOpenA
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
InternetReadFile
InternetCloseHandle

ws2_32

socket
gethostbyname
htons
connect
send
recv
closesocket
WSACleanup
WSAStartup

gdiplus

GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipFree
GdipCloneImage
GdipAlloc

dwmapi

DwmUnregisterThumbnail
DwmUpdateThumbnailProperties
DwmRegisterThumbnail

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-convert-l1-1-0

strtof
atoi
strtol

api-ms-win-crt-locale-l1-1-0

setlocale

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

mscoree

_CorExeMain

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73d49f0f80b0b4843e295f0c63dab60c

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

vcruntime140

user32

gdi32

comdlg32

winmm

wininet

ws2_32

gdiplus

dwmapi

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

mscoree

Sections

.text Size: 134KB - Virtual size: 134KB

.rdata Size: 166KB - Virtual size: 166KB

.data Size: 2KB - Virtual size: 25KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 134KB - Virtual size: 134KB

.rdata
Size: 166KB - Virtual size: 166KB

.data
Size: 2KB - Virtual size: 25KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB