fe62d8146c80313b4e007ef49ed1c329_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fe62d8146c80313b4e007ef49ed1c329_JaffaCakes118
Size

47KB
MD5

fe62d8146c80313b4e007ef49ed1c329
SHA1

3f9e90b9bdb73d4c7f3f42d8b9fa07a157ee06dd
SHA256

db05b43630c30bca19b6b011a6de2a7d1ef1afc447c764182a40d3098d36fd94
SHA512

6df723d5cb6f2a48c8b0b1b655837c9ce5afa6592291f14c47d2d3d906fd6a7008daca38131183a5205f3bdc3b862f50359aa76b5396ce17af9bfc472aeb2cff
SSDEEP

768:MSZkZLEs5l9lsh+wp3QFDB9Ol/gdjQ8qlgjoI/DY0c9Seh507idTydjGqtXpwefC:ENZ5l9lshhozCgjyly3c9SWiwTydjF54

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe62d8146c80313b4e007ef49ed1c329_JaffaCakes118

Files

fe62d8146c80313b4e007ef49ed1c329_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e683cd8f900de4cbc4a48546f3949249

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hlink

HlinkResolveStringForData
HlinkGetValueFromParams
HlinkCreateFromMoniker
DllUnregisterServer
HlinkCreateShortcut
HlinkPreprocessMoniker
HlinkCreateExtensionServices
HlinkClone
HlinkUpdateStackItem
DllRegisterServer
HlinkParseDisplayName
HlinkOnRenameDocument
HlinkResolveShortcut
HlinkGetSpecialReference
HlinkResolveMonikerForData
DllCanUnloadNow
HlinkNavigateToStringReference
HlinkSetSpecialReference
HlinkResolveShortcutToString
HlinkResolveShortcutToMoniker
HlinkCreateShortcutFromMoniker
HlinkCreateFromData
OleSaveToStreamEx
DllGetClassObject
HlinkCreateShortcutFromString
HlinkIsShortcut
HlinkCreateBrowseContext
HlinkQueryCreateFromData

rpcrt4

I_RpcExceptionFilter
NDRSContextUnmarshall2
NdrVaryingArrayMarshall
NdrConformantStructMemorySize
I_RpcSsDontSerializeContext
NdrConformantVaryingStructMemorySize
RpcServerUseAllProtseqsEx
NdrInterfacePointerMemorySize
NDRSContextMarshallEx
SimpleTypeMemorySize
NdrEncapsulatedUnionBufferSize
RpcNetworkInqProtseqsA
RpcServerRegisterAuthInfoW
RpcErrorSaveErrorInfo
NdrStubInitialize
RpcServerUseProtseqExW
I_RpcServerUseProtseqEp2A
NdrServerMarshall
RpcServerUseAllProtseqsIfEx
RpcServerInqIf
NdrConformantVaryingStructUnmarshall
RpcSsContextLockExclusive
NdrByteCountPointerFree
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerRelease
NdrTypeFree
RpcServerUseProtseqEpExW
NdrComplexStructBufferSize

msvcrt40

towupper
?putback@istream@@QAEAAV1@D@Z
_wsopen
??_7ostrstream@@6B@
??0ostrstream@@QAE@XZ
_controlfp
_wpopen
iswdigit
?overflow@strstreambuf@@UAEHH@Z
_heapset
getc
_ismbbkana
_chdrive
_wputenv
_commode
?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
_strdate
_adj_fdiv_m32i
iswxdigit
iswlower
??0exception@@QAE@ABV0@@Z
_memicmp
__p___wargv
??_Eostream_withassign@@UAEPAXI@Z
??5istream@@QAEAAV0@AAK@Z
_strcmpi
_wchdir
??0strstreambuf@@QAE@ABV0@@Z
??_Estrstreambuf@@UAEPAXI@Z
_wfindfirst
mblen
_adj_fptan
??0filebuf@@QAE@ABV0@@Z
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
log
??4ios@@IAEAAV0@ABV0@@Z
??0fstream@@QAE@PBDHH@Z
_pipe
_adj_fdivr_m64
??_7bad_cast@@6B@
_copysign
cosh
??1type_info@@UAE@XZ
?setbuf@strstreambuf@@UAEPAVstreambuf@@PADH@Z
_getche
??_Estreambuf@@UAEPAXI@Z
_fputchar
??4filebuf@@QAEAAV0@ABV0@@Z
_mbsnbcpy

kernel32

CreateProcessInternalA
Module32NextW
SignalObjectAndWait
ExpandEnvironmentStringsW
EnumCalendarInfoExW
GetDateFormatW
GetCommConfig
GetVolumeInformationW
GetOEMCP
CreateFiberEx
SizeofResource
GlobalDeleteAtom
LoadLibraryA
GetFileSizeEx
SetConsoleDisplayMode
GlobalUnWire
LZCopy
SetEnvironmentVariableA
GetLastError
FreeUserPhysicalPages
VirtualAlloc
GetWindowsDirectoryW
GetProcessPriorityBoost
SetCalendarInfoW
GetConsoleCommandHistoryLengthA
GetDiskFreeSpaceA
RegisterWaitForInputIdle
SetMessageWaitingIndicator
GetProcessHeap
GetModuleHandleA

msrating

RatingFreeDetails
ClickedOnRAT
RatingCustomSetUserOptions
RatingCustomAddRatingHelper
RatingCustomDeleteCrackedData
RatingCustomCrackData
RatingObtainCancel
RatingCheckUserAccess
RatingCustomInit
RatingCustomSetDefaultBureau
RatingInit
RatingAccessDeniedDialog
RatingAccessDeniedDialog2
RatingObtainQuery
RatingCustomRemoveRatingHelper
RatingEnable
RatingAddPropertyPages
VerifySupervisorPassword
RatingCustomAddRatingSystem
RatingSetupUI
ChangeSupervisorPassword
RatingEnabledQuery
ClickedOnPRF

msdart

?TryReadLock@CSmallSpinLock@@QAE_NXZ
?ConvertExclusiveToShared@CSpinLock@@QAEXXZ
?MpHeapCompact@@YAKPAX@Z
?_LockSpin@CReaderWriterLock2@@AAEX_N@Z
?IsUnlocked@CLockedSingleList@@QBE_NXZ
?_RemoveThisFromGlobalList@CLKRLinearHashTable@@AAEXXZ
?_PredTrue@CLKRLinearHashTable@@CG?AW4LK_PREDICATE@@PBXPAX@Z
?DeleteRecord@CLKRHashTable@@QAE?AW4LK_RETCODE@@PBX@Z
?GetStatistics@CLKRHashTable@@QBE?AVCLKRHashTableStats@@XZ
?_TryWriteLock@CReaderWriterLock@@AAE_NXZ
?ReadLock@CLKRHashTable@@QBEXXZ
?ConvertExclusiveToShared@CSmallSpinLock@@QAEXXZ
?_ExtractKey@CLKRHashTable@@ABE?BKPBX@Z
?IsWriteLocked@CSpinLock@@QBE_NXZ
MpHeapDestroy
?ReadLock@CReaderWriterLock@@QAEXXZ
mpCalloc
?BucketSizes@CLKRHashTableStats@@SGPBJXZ
?ReadOrWriteLock@CCritSec@@QAE_NXZ
?TryReadLock@CSpinLock@@QAE_NXZ
?InsertHead@CDoubleList@@QAEXQAVCListEntry@@@Z
??4CLockedDoubleList@@QAEAAV0@ABV0@@Z
?NumSubTables@CLKRLinearHashTable@@QBEHXZ

msvcrt20

??6ostream@@QAEAAV0@O@Z
_splitpath
??_Estrstreambuf@@UAEPAXI@Z
strxfrm
??0Iostream_init@@QAE@XZ
_spawnvpe
??_7strstreambuf@@6B@
_mbsnbcoll
_mbsncmp
_adj_fprem
_tcsninc
putwchar
??1iostream@@UAE@XZ
??1ostream_withassign@@UAE@XZ
_wtmpnam
??4ostrstream@@QAEAAV0@ABV0@@Z
_tcscspn
vwprintf
??4ofstream@@QAEAAV0@ABV0@@Z
??7ios@@QBEHXZ

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e683cd8f900de4cbc4a48546f3949249

Headers

DLL Characteristics

File Characteristics

Imports

hlink

rpcrt4

msvcrt40

kernel32

msrating

msdart

msvcrt20

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 16KB - Virtual size: 84KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 160B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 16KB - Virtual size: 84KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 160B