2a051e447a865534027ebc8465301669_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2a051e447a865534027ebc8465301669_JaffaCakes118
Size

365KB
MD5

2a051e447a865534027ebc8465301669
SHA1

1d3192ff2be7187af1e3146421d12c011f58266b
SHA256

651578cc03440b5aa6fee28ca9f639ad533f901de01796e4d2f31c7eafd0146e
SHA512

5216efbe7dfe5204808bf48dcbe4742a1b4805c2bd3b7bf9262653609785f32e86782a928aee355b614828fe386fd08ede0b7a3f1a443099b41a315fbeda6090
SSDEEP

6144:3vXgQ0aTdS8CENhDSGh32L6YCRSzFEFURiKheXg2iB8kU6avoe/UPgvtVDukqE:fXgQ0sdSgDS0GW89neXg2M8ie/UITDuV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a051e447a865534027ebc8465301669_JaffaCakes118

Files

2a051e447a865534027ebc8465301669_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ee1fbadfd08b5f5eb87ffe3a93bac70a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

expsrv

rtcImmediateIf
__vbaUdtVar
GetMem4
__vbaVarImp
_adj_fdivr_m64
__vbaMidStmtVar
rtcVarFromFormatVar
__vbaVar2Vec
rtcTrimBstr
__vbaExitProc
rtcCompareBstr
rtcFV
rtcIRR
__vbaCyForNext
__vbaStrComp
__vbaDateStr
__vbaVargVarMove
rtcChoose
rtcSwitch
__vbaForEachVar
__vbaDerefAry1
rtcGetCurrentCalendar
__vbaRecAnsiToUni
SetMemEvent
__vbaUbound
rtcMidCharVar
rtcStringBstr
__vbaRsetFixstr
__vbaOnError
rtcGetMinuteOfHour
rtUI1FromErrVar
__vbaRecDestructAnsi
EbResetProjectNormal
__vbaR8ForNextCheck
__vbaStrCat
__vbaVarFix
__vbaR8IntI2
rtcMacId
__vbaStr2Vec
__vbaVarTextTstLe
__vbaFpI2
rtcSetDateBstr
__vbaEnd
__vbaVarSub
__vbaVargObjAddref
__vbaAryLock
__vbaVarTextCmpLt
__vbaVarTextLikeVar
__vbaEraseKeepData
__vbaR4ForNextCheck
__vbaEraseNoPop
__vbaCVarAryUdt
__vbaNextEachCollVar
__vbaVarTstGt
rtcMakeDir
rtR8FromErrVar
__vbaVarVargNofree
rtcCVErrFromVar
__vbaGenerateBoundsError
__vbaFreeStrList
__vbaGet3
__vbaVarMul
__vbaI2Str
rtcPartition
rtcAnsiValueBstr
__vbaFpCmpCy
__vbaVarTextCmpEq
rtcCommandVar
__vbaVarTstLe
__vbaGosubReturn
__vbaFpI4
rtcVarDateFromVar
rtcStrReverse
rtcChangeDrive
__vbaR4ErrVar

kernel32

AddLocalAlternateComputerNameW
ClearCommBreak
GetVolumeInformationW
GlobalLock
LeaveCriticalSection
GetPrivateProfileSectionNamesA
SetThreadLocale
CopyFileExW
SetTermsrvAppInstallMode
SetSystemTimeAdjustment
GlobalReAlloc
VirtualAlloc
InterlockedPushEntrySList
EnumTimeFormatsA
GetStringTypeExW
EnterCriticalSection
SetUserGeoID
SetDefaultCommConfigW
SetCurrentDirectoryA
GetConsoleInputExeNameA
AddRefActCtx
GetConsoleInputExeNameW
LoadLibraryA
ReleaseMutex
GlobalAddAtomW
GetSystemDirectoryA
GetFileSize
lstrcmpiA
GetPrivateProfileSectionA
RemoveLocalAlternateComputerNameW
DeleteVolumeMountPointW
GetModuleFileNameA
BaseCheckAppcompatCache
GetConsoleHardwareState
BuildCommDCBW
DeleteCriticalSection
HeapDestroy
GetFileSizeEx
FlushInstructionCache
InterlockedIncrement
RequestDeviceWakeup
SetCalendarInfoA
SetCommMask

wsock32

WEP
getpeername
GetAddressByNameW
getservbyport
MigrateWinsockConfiguration
send
WSARecvEx
socket
getservbyname
rexec
EnumProtocolsA
GetNameByTypeW
WSAStartup
WSAAsyncGetServByName
accept
connect
GetTypeByNameW
__WSAFDIsSet
getnetbyname
WSAAsyncGetProtoByNumber
getprotobynumber
gethostbyname
WSAGetLastError
WSACleanup
htons
WSAAsyncGetServByPort
WSASetBlockingHook
gethostbyaddr
s_perror
bind
WSApSetPostRoutine
AcceptEx
WSAUnhookBlockingHook
rresvport
GetTypeByNameA
WSASetLastError
inet_ntoa
SetServiceW
select
NPLoadNameSpaces
listen
htonl

opengl32

glPixelStoref
glClear
glRectd
glPopClientAttrib
glVertex2fv
glLineStipple
glGetMapfv
glEdgeFlag
glEvalCoord2fv
glGetTexParameterfv
glTexEnvf
glColor4us
glDebugEntry
glIndexs
glGetTexEnviv
glMap2f
glDrawArrays
glMap1d
glCullFace
glNormalPointer
glTexGenf
glGetTexGenfv
glRasterPos2f
glPopAttrib
glListBase
wglSetPixelFormat
glColor4usv
glEvalPoint2
glNormal3f
glDepthFunc
glTexCoord2sv
glNormal3sv
glLighti

udhisapi

GetExtensionVersion
HttpExtensionProc
TerminateExtension

mshtmled

DllUnregisterServer
DllRegisterServer
DllGetClassObject
DllEnumClassObjects

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 514KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee1fbadfd08b5f5eb87ffe3a93bac70a

Headers

DLL Characteristics

File Characteristics

Imports

expsrv

kernel32

wsock32

opengl32

udhisapi

mshtmled

Sections

.text Size: 177KB - Virtual size: 177KB

.rdata Size: 122KB - Virtual size: 121KB

.data Size: 58KB - Virtual size: 514KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 1024B - Virtual size: 1008B

.text
Size: 177KB - Virtual size: 177KB

.rdata
Size: 122KB - Virtual size: 121KB

.data
Size: 58KB - Virtual size: 514KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1024B - Virtual size: 1008B