175bf1afaef3f5643e65ef1c16437184_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

175bf1afaef3f5643e65ef1c16437184_JaffaCakes118
Size

404KB
MD5

175bf1afaef3f5643e65ef1c16437184
SHA1

266b36484b4c6de0630c57d5f4346b4dfee75a89
SHA256

7ac4a8fdea8de2ad3589bb2ffc1f1e1288b8b0298c7821e7febab1cf4b2ab211
SHA512

9b200fdf96aa7f02892d5f3a9f028f22eff588af9be146de9f5bbc69512c1e4c567e166407b61724fd85a51533534a706a4316606f624c21ce79f406e23b323c
SSDEEP

12288:4Rwzrm2o6+o7xPRQnk27RQCmnHDnZDAxbgfH:4Rwm2KIxPRF27SC+HDnZDApgf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
175bf1afaef3f5643e65ef1c16437184_JaffaCakes118

Files

175bf1afaef3f5643e65ef1c16437184_JaffaCakes118
.exe windows:5 windows x86 arch:x86

666e2c2d1a3f59984c3faace660b21ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetStringTypeExW
SetConsoleLocalEUDC
GetConsoleCursorMode
FindVolumeMountPointClose
GetDateFormatW
GlobalAddAtomA
GlobalMemoryStatusEx
GetCommandLineA
GetCommState
GetConsoleWindow
FileTimeToDosDateTime
WTSGetActiveConsoleSessionId
GetProcAddress
OpenSemaphoreW
LoadLibraryA
VirtualAlloc
MoveFileW
EndUpdateResourceA
EnumSystemLanguageGroupsW
GetConsoleAliasExesLengthA
GetDateFormatA
BuildCommDCBAndTimeoutsW
Module32FirstW
GetSystemWindowsDirectoryA
GetModuleHandleW
CreateDirectoryA
SetThreadContext
MoveFileWithProgressW
HeapLock
PurgeComm
GetExpandedNameA
GetComputerNameExW
VerLanguageNameW
GetPrivateProfileSectionW
HeapCreate
FindCloseChangeNotification
MulDiv
SetHandleContext
GetPriorityClass
CreateMailslotA
VDMOperationStarted
SetConsoleScreenBufferSize
WaitForMultipleObjects
WriteFile
VerLanguageNameA
RegisterConsoleVDM
GetStringTypeExA
ReadConsoleA
MoveFileExA
SetLocaleInfoA
GetEnvironmentStringsA
GetStartupInfoA
FindResourceA
CreateMemoryResourceNotification
IsBadCodePtr
GlobalUnlock
GetDiskFreeSpaceExW
IsDBCSLeadByteEx

expsrv

__vbaExitProc
PutMemObj
__vbaLenVar
__vbaAryVarVarg
SetMemEvent
_CIsqrt
TipCreateInstanceEx
__vbaR4Var
__vbaVarOr
_adj_fdiv_r
__vbaPrintFile
SetMemObj
__vbaLateIdSt
__vbaFpCy
__vbaI4ForNextCheck
__vbaCyMul
__vbaLateMemSt
BASIC_CLASS_Release
rtcErrObj
BASIC_CLASS_GetIDsOfNames
__vbaVarTextTstGt
__vbaRedimPreserveVar2
__vbaLateMemCallLd
__vbaLateMemNamedCall

msvcrt20

?fd@ifstream@@QBEHXZ
?sbumpc@streambuf@@QAEHXZ
_mbcjistojms
_commode
tmpfile
_y1
tan
_umask
??_7stdiobuf@@6B@
iswcntrl
_mbsspn
_putch
_mbsnicmp
_spawnv
memcmp
_getch
?rdbuf@ifstream@@QBEPAVfilebuf@@XZ
??_Gstdiostream@@UAEPAXI@Z
??_Efstream@@UAEPAXI@Z
?fd@ofstream@@QBEHXZ
fwprintf
?base@streambuf@@IBEPADXZ
??4istrstream@@QAEAAV0@ABV0@@Z
?opfx@ostream@@QAEHXZ

user32

GetTaskmanWindow
DrawTextExW
CharToOemBuffA
SetClipboardViewer
UpdateLayeredWindow
DdeGetQualityOfService
IsCharLowerW
EndPaint
CharUpperA
DrawCaptionTempW
GetActiveWindow
FlashWindowEx
OpenDesktopA
wvsprintfW
GetDlgItemInt
VkKeyScanA
GetUpdateRect
GetMenuDefaultItem
SetScrollInfo
CsrBroadcastSystemMessageExW
ReleaseDC
GetListBoxInfo
BeginPaint
EnumDisplaySettingsW

msvcrt40

??0strstreambuf@@QAE@P6APAXJ@ZP6AXPAX@Z@Z
??_Gstrstreambuf@@UAEPAXI@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
wcslen
?gbump@streambuf@@IAEXH@Z
_getmbcp
strstr
_aexit_rtn
_ultoa
??_Eostrstream@@UAEPAXI@Z
_mbsnicoll
??_Distrstream@@QAEXXZ
?write@ostream@@QAEAAV1@PBDH@Z
_ismbcl1
?clrlock@streambuf@@QAEXXZ
?ipfx@istream@@QAEHH@Z
_wsearchenv
??_Eistrstream@@UAEPAXI@Z
??0streambuf@@QAE@ABV0@@Z
fclose
?peek@istream@@QAEHXZ
_ltow
_wexecvp
??0istream_withassign@@QAE@XZ
_mbsnset
??0istream@@IAE@XZ

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 153KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

666e2c2d1a3f59984c3faace660b21ee

Headers

File Characteristics

Imports

kernel32

expsrv

msvcrt20

user32

msvcrt40

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 141KB - Virtual size: 140KB

.data Size: 153KB - Virtual size: 572KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 101KB - Virtual size: 100KB

.reloc Size: 512B - Virtual size: 300B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 141KB - Virtual size: 140KB

.data
Size: 153KB - Virtual size: 572KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 101KB - Virtual size: 100KB

.reloc
Size: 512B - Virtual size: 300B