031a7f0b0ba7ba35c59f439dbd50c6ae_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

031a7f0b0ba7ba35c59f439dbd50c6ae_JaffaCakes118
Size

36KB
MD5

031a7f0b0ba7ba35c59f439dbd50c6ae
SHA1

0fa0cc2d19f7c2aeb5ed192ad5262892e4964916
SHA256

cdbfb49f3e083ac1f921fccfc3b446ce761457e49cd5dbe05b65937ba7d84927
SHA512

f4b8e3084347d793666c95f9efbbbfa39b71471101be4bc8843be499f0cbab98f4a444a1ae23f5f05bbf3cb51909890f46b87cf86ac9110a753a8245e2f3067d
SSDEEP

768:2Qu5d8nVXkd0jxFlkTdzp5Db1+DZv/A+49v9+7g:2QuQIOj4QJv6Uk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
031a7f0b0ba7ba35c59f439dbd50c6ae_JaffaCakes118

Files

031a7f0b0ba7ba35c59f439dbd50c6ae_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ea9afdcc1514cfaaf9e6434ada32356a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msdart

?IsReadUnlocked@CFakeLock@@QBE_NXZ
??0CCritSec@@QAE@XZ
?ReadUnlock@CLKRLinearHashTable@@QBEXXZ
?ConvertSharedToExclusive@CSpinLock@@QAEXXZ
?_CalcKeyHash@CLKRLinearHashTable@@ABEKK@Z
??0CSmallSpinLock@@QAE@XZ
?Clear@CLKRHashTable@@QAEXXZ
?IsWin98@CMdVersionInfo@@SAHXZ
?_LockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
??1CLKRLinearHashTable@@QAE@XZ
MPDeleteCriticalSection
?_BucketAddress@CLKRLinearHashTable@@ABEKK@Z
?_DeleteKey@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@KK@Z
?IsReadUnlocked@CReaderWriterLock2@@QBE_NXZ
?GetSpinCount@CCritSec@@QBEGXZ
?IsWriteLocked@CReaderWriterLock@@QBE_NXZ

crypt32

CryptDecodeMessage
CryptImportPublicKeyInfoEx
CertOpenStore
I_CryptFindSmartCardCertInStore
CryptGetOIDFunctionValue
CryptSetKeyIdentifierProperty
CertAddEncodedCRLToStore
CryptMsgGetAndVerifySigner
CertSetCertificateContextProperty
CryptGetKeyIdentifierProperty
CertFreeCRLContext
CertSetCRLContextProperty
CertSerializeCRLStoreElement
CertRemoveStoreFromCollection
CertRDNValueToStrW
CertGetStoreProperty
CryptGetMessageCertificates
CertFindSubjectInCTL
CryptDecodeObject
CryptSetOIDFunctionValue
CryptSIPRetrieveSubjectGuidForCatalogFile
I_CryptDisableLruOfEntries
CertSetCTLContextProperty

kernel32

PrivCopyFileExW
GetOEMCP
GetShortPathNameA
GetLocaleInfoW
IsSystemResumeAutomatic
EnumerateLocalComputerNamesW
lstrcmpiW
GetFileAttributesW
DeleteVolumeMountPointA
GetEnvironmentStringsA
GetPrivateProfileSectionNamesA
LoadLibraryW
GetFileAttributesExA
CreateThread
GetProcessId
CreateMutexW
FindFirstVolumeA
GetVolumeNameForVolumeMountPointW
GetDiskFreeSpaceExA
QueueUserWorkItem
ReadConsoleOutputCharacterW
CreateConsoleScreenBuffer

ntdll

RtlIpv4StringToAddressA
RtlUnicodeStringToAnsiString
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlGetNativeSystemInformation
ZwQuerySection
NtAdjustPrivilegesToken
_i64tow
ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
wcslen
ZwAssignProcessToJobObject
NtSetUuidSeed
RtlQueueWorkItem
NtCreateSection
RtlUnicodeToCustomCPN
ZwPulseEvent
NtQueryMutant
NtClearEvent
ZwOpenProcessToken

msvcrt

_findnext64
exit
_getsystime
div
_findnexti64
_wexecv
_nextafter
_wcmdln
_mbbtype
_mbsspnp
_getch
__p__commode
__set_app_type
??_V@YAXPAX@Z
_cprintf
_findfirst64
_ftime
_wfdopen
_wtoi
fgetws
_ismbcalpha
_lseeki64
_CIsinh
_ui64tow
_popen
??1bad_cast@@UAE@XZ
_CIfmod
__crtGetStringTypeW
__DestructExceptionObject
_ismbchira
__unDNameEx
_safe_fprem
_global_unwind2
__setlc_active
_wcreat
??_Gexception@@UAEPAXI@Z
_wopen
__threadid
_mbspbrk
_heapchk
memmove
_wsystem
tanh
__getmainargs
_mkdir
__p__acmdln
__wcserror
__setusermatherr
??_7bad_typeid@@6B@
wcstok
fwprintf
_CIatan

dpwsockx

DPWS_BuildIPMessageHeader
DPWS_GetEnumPort
SPInit

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea9afdcc1514cfaaf9e6434ada32356a

Headers

DLL Characteristics

File Characteristics

Imports

msdart

crypt32

kernel32

ntdll

msvcrt

dpwsockx

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 888B

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 888B