fa26f0fe9864ab97d99ace3cf3bf4602_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa26f0fe9864ab97d99ace3cf3bf4602_JaffaCakes118
Size

863KB
MD5

fa26f0fe9864ab97d99ace3cf3bf4602
SHA1

c0cb905b87464d1565ccf6b65c8aa770df27dc6b
SHA256

40e0c0e5f1b97d56fd6d1d857025906505a7b8e4cbfd394a6d6cc7cff809141c
SHA512

f8b5e6755ad8bbb5b3538ebcf6628dac6e429b19778817f5a52a5039d8e7b0532e80d19bcc1a66e33201cd824edd9f82e3ced29dcc4d29b256f8e99df2d9458c
SSDEEP

24576:Tbzm9fEIVHD9QrRv5oRJ9vztmaDoIggELEDYZPfNO:Tbef9hyFv2R/tloLgEoMZPFO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa26f0fe9864ab97d99ace3cf3bf4602_JaffaCakes118

Files

fa26f0fe9864ab97d99ace3cf3bf4602_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a9964770e900ca1fe921ffa021f4619e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AddRefActCtx
SetVolumeLabelW
LocalFileTimeToFileTime
ConvertDefaultLocale
EnumCalendarInfoExA
SuspendThread
_llseek
GetTempPathW
ConsoleMenuControl
IsValidLocale
GetLocaleInfoW
InitializeCriticalSection
ProcessIdToSessionId
GetConsoleFontSize
RtlCaptureStackBackTrace
LoadLibraryA
GetThreadSelectorEntry
GlobalMemoryStatus
ChangeTimerQueueTimer
lstrcpyW
Thread32Next
RegisterWowExec
PrivCopyFileExW
CreateTapePartition
DeleteVolumeMountPointA
GenerateConsoleCtrlEvent
FlushInstructionCache
IsBadStringPtrW
FreeUserPhysicalPages
GetProcessTimes
VirtualAlloc
_lopen
DosPathToSessionPathW
OpenConsoleW
SetThreadPriority
SetConsoleIcon
EnumUILanguagesW
SetComputerNameA

msvcrt

isalpha
__argc
_CIasin
_beginthread
??_V@YAXPAX@Z
_ftol
_adj_fdiv_m32
_getch
_chdir
??_Gexception@@UAEPAXI@Z
atan
__set_app_type
_wopen
memcmp
__p__commode
_wmktemp
_set_sbh_threshold
sinh
iswcntrl
_fstat64
__setlc_active
_ismbbalpha
_filbuf
_filelengthi64
__getmainargs
??0exception@@QAE@ABV0@@Z
__p__tzname
__wgetmainargs
iswalnum
_mbsnbcpy
_strnicmp
exit
_heapmin
wcslen
_fcvt
_ismbcl0
__CxxUnregisterExceptionObject
_fputchar
_wspawnl
_getsystime
??1__non_rtti_object@@UAE@XZ
_cputws
mblen
_ungetch
_snwprintf

polstore

IPSecGetAssignedPolicyData
IPSecSetPolicyData
IPSecExportPolicies
IPSecAssignPolicy
IPSecCopyFilterData
IPSecDeletePolicyData
IPSecCreateFilterData
IPSecUnassignPolicy
IPSecEnumFilterData
IPSecGetISAKMPData
IPSecFreeMulPolicyData
IPSecGetFilterData
IPSecCopyNegPolData
IPSecOpenPolicyStore
IPSecFreeFilterData
IPSecCopyISAKMPData
IPSecSetNegPolData
IPSecSetISAKMPData
IPSecFreePolicyData
IPSecFreeMulNegPolData
IPSecAllocPolMem
IPSecCopyAuthMethod
IPSecIsDomainPolicyAssigned
IPSecEnumISAKMPData
IPSecCopyNFAData
IPSecFreeISAKMPData
IPSecGetNegPolData
IPSecImportPolicies
IPSecDeleteFilterData
IPSecCreateNFAData
IPSecEnumPolicyData
IPSecDeleteISAKMPData
IPSecCreatePolicyData
IPSecDeleteNegPolData

wininet

InternetTimeFromSystemTimeW
InternetGetLastResponseInfoA
FindFirstUrlCacheContainerA
InternetCrackUrlA
InternetOpenUrlW
InternetTimeFromSystemTimeA
FtpSetCurrentDirectoryW
DetectAutoProxyUrl
InternetFindNextFileW
InternetQueryOptionW
SetUrlCacheConfigInfoW
InternetSetDialStateW
ShowCertificate
GetUrlCacheEntryInfoExA
InternetErrorDlg
FtpPutFileW
InternetGetConnectedState
CreateMD5SSOHash
IsHostInProxyBypassList
HttpSendRequestA
SetUrlCacheEntryInfoW
InternetTimeToSystemTimeW
FtpOpenFileA
RunOnceUrlCache
InternetOpenW
FtpRenameFileW
InternetWriteFileExA
FindFirstUrlCacheEntryW
ShowX509EncodedCertificate
FreeUrlCacheSpaceW
HttpQueryInfoW
GopherFindFirstFileW
InternetHangUp
InternetTimeToSystemTime
InternetDial
FreeUrlCacheSpaceA
PrivacySetZonePreferenceW
IncrementUrlCacheHeaderData
InternetGetPerSiteCookieDecisionW
InternetGetCookieExA
InternetAutodial
InternetSetStatusCallbackA
FindNextUrlCacheContainerA
GopherOpenFileA

msvcrt40

?rdbuf@ostrstream@@QBEPAVstrstreambuf@@XZ
?fd@fstream@@QBEHXZ
?seekp@ostream@@QAEAAV1@J@Z
??6ostream@@QAEAAV0@E@Z
?floatfield@ios@@2JB
?rdbuf@ifstream@@QBEPAVfilebuf@@XZ
_ismbbkpunct
_tell
??_Gfilebuf@@UAEPAXI@Z
??_Gofstream@@UAEPAXI@Z
??7ios@@QBEHXZ
tmpfile
__p__commode
_tzname
??_7istrstream@@6B@
??_7iostream@@6B@
?dbp@streambuf@@QAEXXZ
?ws@@YAAAVistream@@AAV1@@Z
?gbump@streambuf@@IAEXH@Z
_spawnv
??5istream@@QAEAAV0@AAC@Z
??4ostream_withassign@@QAEAAVostream@@PAVstreambuf@@@Z
_CIsinh
_read
__initenv
??_7stdiobuf@@6B@
getenv
_adj_fdivr_m16i
malloc
??0ifstream@@QAE@ABV0@@Z
__p___winitenv
_mbsnbcat
??6ostream@@QAEAAV0@G@Z
??0ios@@QAE@PAVstreambuf@@@Z
_wpgmptr
??_8fstream@@7Bistream@@@
_CIacos
_wcsupr
?unlock@streambuf@@QAEXXZ
gets
_strtime

security

AddSecurityPackageA
VerifySignature
AcquireCredentialsHandleW
DeleteSecurityContext
FreeContextBuffer
EnumerateSecurityPackagesW
QuerySecurityPackageInfoA
InitSecurityInterfaceW
CompleteAuthToken
QueryCredentialsAttributesW
AddSecurityPackageW
DeleteSecurityPackageW
QueryContextAttributesW
InitializeSecurityContextA
InitializeSecurityContextW
QueryCredentialsAttributesA
DeleteSecurityPackageA
AcquireCredentialsHandleA
EnumerateSecurityPackagesA
FreeCredentialsHandle
InitSecurityInterfaceA
MakeSignature
AcceptSecurityContext
EncryptMessage
DecryptMessage
RevertSecurityContext
ImportSecurityContextW
QuerySecurityContextToken
ExportSecurityContext
SealMessage
UnsealMessage
ApplyControlToken
QuerySecurityPackageInfoW
ImpersonateSecurityContext

user32

MessageBoxA
EndDialog

shell32

SHGetMalloc

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 321KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9964770e900ca1fe921ffa021f4619e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

polstore

wininet

msvcrt40

security

user32

shell32

Sections

.text Size: 342KB - Virtual size: 342KB

.rdata Size: 196KB - Virtual size: 196KB

.data Size: 321KB - Virtual size: 1.8MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 342KB - Virtual size: 342KB

.rdata
Size: 196KB - Virtual size: 196KB

.data
Size: 321KB - Virtual size: 1.8MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B