fac0f5ab9822353e91777e784379f78c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fac0f5ab9822353e91777e784379f78c_JaffaCakes118
Size

36KB
MD5

fac0f5ab9822353e91777e784379f78c
SHA1

21f6cccbe71c6ef3e73952f98676807a3df1186f
SHA256

19ade3729b6469c63c1a1bec337bf56c1a22439260c60b4358d0786740a46492
SHA512

0f5786dea790a1f65cf9bdc06bd9397593377e1faa61e95c4e699876ef186c6b7c02a4630987d9caf87f163b79366f1da539cf1cdc5f6cab01dabb23a6893890
SSDEEP

384:IfWY2z/k57c4wTzJDPdh4UTH5W0xYIZSCvagfLtMpc1KgMTJs6bnj:IfjecwTztPdiU1sISCvagfh5k3j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fac0f5ab9822353e91777e784379f78c_JaffaCakes118

Files

fac0f5ab9822353e91777e784379f78c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

280be14e53934a80af89d1659ff78ebc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\views\nw\nt86\7.6.2\nsr\fileix\nt86\0\nsrls.pdb

Imports

libwiss

wiss_mount
wiss_dismount
wiss_init
wiss_dirstat

libnsr

find_nsrmmvolume
nsr_resdb_open
set_indexpath_db
set_clientname_db
enum_hosts
clientname
snooze
nsrrm_indx_setinfo
get_client_id
get_index_path
mmdb_control
nsr_amount

librpc

xdrfdbuf_create
__lgto_xdr_string
xdrcount_create
__lgto_xdr_bytes
__lgto_xdr_vector
xdr_lgui_t
xdr_sha_digest
__xdr
__lgto_xdrmem_create
__lgto_xdr_enum
__lgto_xdr_int64_t
__lgto_xdr_uint32_t
__lgto_xdr_uint64_t

liblocal

_dlist_insert
_dlist_remove
sha_update
sha_final
sha_init
lg_lseek
lg_trylockfile
lg_stat
lg_mkdirpath
lg_chmod
lg_sprintf
lg_getenv_ulong
lgpurify_is_running
render_string
err_settype
xcalloc
lgui_is_zeroid
local_bsearch_i
lg_unlink
Debug
debugprintf
xstrdup
lg_unlockfile
lg_open
lg_lockfile
lg_close
err_set
lg_strerror
msg_create
_lginit
lg_set_progname
getopt
lg_getlocalhost
_optind
chartostr
inttostr
err_print
lg_uint64str
lg_get_progname
msg_print

msvcr80

?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
__lconv_init
malloc
exit
strncmp
strtol
memset
memmove
strrchr
calloc
_errno
qsort
free
_unlock
__dllonexit
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_strdup
_write
_read
_lock

kernel32

InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

280be14e53934a80af89d1659ff78ebc

Headers

File Characteristics

PDB Paths

Imports

libwiss

libnsr

librpc

liblocal

msvcr80

kernel32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 1KB