ff4aab34fe51f87399540ed3bcac12f1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ff4aab34fe51f87399540ed3bcac12f1_JaffaCakes118
Size

862KB
MD5

ff4aab34fe51f87399540ed3bcac12f1
SHA1

ef42e770be26bea8328a561f9680371fce8d0691
SHA256

4319dfd2b1de13f9fbae64ac816efe9393566ca1788245436a13365ecdeed0f4
SHA512

536f391251d1398fd0aff8d2f75251a9403917ac13502e1aae439a2b7642920be5fe0f8bd3e935ab209a1700d58710597a10c91ffe6f7bbed9c55bb16f6f5245
SSDEEP

24576:Rz+d2tGsT34H2VUGr+xZf0U6cTpyNbJBaqWNmte:Rz+8HTyrGrY6ctyDAo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff4aab34fe51f87399540ed3bcac12f1_JaffaCakes118

Files

ff4aab34fe51f87399540ed3bcac12f1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

116baf140da744dccd857fcda945f22a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??3@YAXPAX@Z
__set_app_type
_mbsset
_fgetwchar
strerror
??0__non_rtti_object@@QAE@ABV0@@Z
islower
_findfirst64
_lrotl
_EH_prolog
_cscanf
raise
_inpw
_fcloseall
_pctype
__threadid
rand
_wpgmptr
_wsearchenv
_rotr
__getmainargs
??0bad_cast@@QAE@ABV0@@Z
_isnan
ispunct
_fsopen
wprintf
??0bad_typeid@@QAE@PBD@Z
_fpclass
_purecall
_wenviron
_wspawnl
_aligned_offset_realloc
exit
__p__commode
__p__pctype
_wfsopen
_fstati64

crtdll

_sopen
memcpy
_isctype
iswxdigit
_mbsupr
_CIatan2
_abnormal_termination
_spawnl
_CIacos
_ismbcupper
_execlp
_ismbbpunct
_fpclass
_lsearch
_mbscpy
_dup
fabs
wcstok
_snprintf
_lfind
_CIcosh
_strnicmp
_creat
strncmp
_execlpe
strftime
_sleep
_chgsign
sin
wcsxfrm

lz32

LZStart
LZOpenFileW
LZSeek
LZClose
LZInit
LZCloseFile
LZRead
LZDone
CopyLZFile
LZOpenFileA

kernel32

TransmitCommChar
WriteProfileSectionW
GetTempPathW
LocalFileTimeToFileTime
LocalLock
GlobalDeleteAtom
SetComPlusPackageInstallStatus
GetShortPathNameA
SetDefaultCommConfigW
SetTapeParameters
GetSystemTimeAdjustment
VirtualAlloc
OutputDebugStringA
GlobalReAlloc
ConnectNamedPipe
SetThreadLocale
Thread32Next
IsBadReadPtr
FindCloseChangeNotification
GetWriteWatch
DeleteTimerQueue
CreatePipe
HeapValidate
IsValidCodePage
DeleteVolumeMountPointW
GetUserDefaultLCID
GetConsoleAliasExesW
GetDateFormatA
DeleteTimerQueueEx
GetConsoleWindow
SetFilePointerEx
GetTapePosition
GlobalAddAtomW
EnterCriticalSection
LoadLibraryA
UnregisterConsoleIME
SetFileApisToOEM
lstrlenA
CreateMemoryResourceNotification
SetClientTimeZoneInformation
TlsAlloc
IsValidLocale
GlobalAlloc
GetCommModemStatus

catsrvut

ManagedRequestW
FindAssemblyModulesW
??_7CComPlusMethod@@6B@
?GetITypeLib@CComPlusTypelib@@QAEPAUITypeLib@@XZ
??1CComPlusInterface@@UAE@XZ
RegDBBackup
??0CComPlusComponent@@QAE@ABV0@@Z
??0CComPlusInterface@@QAE@ABV0@@Z
COMPlusUninstallActionW
??_7CComPlusComponent@@6B@
SysprepComplus
RegDBRestore
SysprepComplus2
??4CComPlusComponent@@QAEAAV0@ABV0@@Z
??1CComPlusComponent@@UAE@XZ
??4CComPlusTypelib@@QAEAAV0@ABV0@@Z
??4CComPlusMethod@@QAEAAV0@ABV0@@Z
??0CComPlusMethod@@QAE@ABV0@@Z
WinlogonHandlePendingInfOperations
StartMTSTOCOM
RunMTSToCom
QueryUserDllW
??4CComPlusInterface@@QAEAAV0@ABV0@@Z
??_7CComPlusObject@@6B@
??0CComPlusObject@@QAE@ABV0@@Z
DllGetClassObject
??_7CComPlusInterface@@6B@
CGMIsAdministrator
??4CComPlusObject@@QAEAAV0@ABV0@@Z

user32

EndDialog
MessageBoxW

shell32

SHGetMalloc

Sections

.text
Size: 442KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

116baf140da744dccd857fcda945f22a

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

crtdll

lz32

kernel32

catsrvut

user32

shell32

Sections

.text Size: 442KB - Virtual size: 442KB

.rdata Size: 301KB - Virtual size: 301KB

.data Size: 115KB - Virtual size: 1.5MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 442KB - Virtual size: 442KB

.rdata
Size: 301KB - Virtual size: 301KB

.data
Size: 115KB - Virtual size: 1.5MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B