2b58b1981b5b00edd99923d249d98f34_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b58b1981b5b00edd99923d249d98f34_JaffaCakes118
Size

86KB
MD5

2b58b1981b5b00edd99923d249d98f34
SHA1

4a921914eb3fa331ab9d8de0db84ce6001f80f67
SHA256

da5cc111a8978850dc94934029a58d5b5d2cc1a870ae8e948c3654733011a90c
SHA512

9a9f0ea8583e48e4f983da122ff48666c132c435b00dd8300b315ac48201a0647138e619f7b1800662b00e1b9a3d45dfe912cb095de12650f299ea77e56603ff
SSDEEP

1536:kyyDHtjuxdjTmgn9FT41h2A07wg+Js+xMtxYkeSGQH9EpjCjPuuo:kymjemgbT41h2A07QS+GRHcOg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b58b1981b5b00edd99923d249d98f34_JaffaCakes118

Files

2b58b1981b5b00edd99923d249d98f34_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9c2a55a4f43fc3b70e14a344f20bbbb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNumberFormatA
DeleteCriticalSection
VirtualAlloc
AddConsoleAliasW
OpenSemaphoreW
GetCurrentProcessId
GetCurrentThreadId
LoadLibraryExA
GetPriorityClass
TlsAlloc
CreateHardLinkA
lstrcat
SetTimerQueueTimer
GetModuleHandleW
FindVolumeMountPointClose
GetPrivateProfileStructW
SetProcessWorkingSetSize
LoadLibraryA
GetProcAddress
QueryPerformanceCounter
ClearCommBreak
LocalHandle
GetSystemTimeAsFileTime
RegisterConsoleOS2
SetConsoleTitleW
CancelDeviceWakeupRequest

msvcrt40

?sgetn@streambuf@@QAEHPADH@Z
strerror
?epptr@streambuf@@IBEPADXZ
?setbuf@filebuf@@UAEPAVstreambuf@@PADH@Z
strtok
_wspawnvpe
_cabs
_strnset
?x_maxbit@ios@@0JA
?getdouble@istream@@AAEHPADH@Z
??_Dostream_withassign@@QAEXXZ
??_Eostream_withassign@@UAEPAXI@Z
__p__daylight
??_Gistrstream@@UAEPAXI@Z
is_wctype

rpcrt4

TowerConstruct
RpcNetworkIsProtseqValidA
RpcSsContextLockExclusive
I_RpcRequestMutex
RpcStringBindingParseA
NdrConformantVaryingStructBufferSize
NdrConformantStructBufferSize
I_RpcNsInterfaceUnexported
RpcStringFreeW
NdrConformantVaryingArrayBufferSize
RpcServerUseProtseqIfA
NdrServerContextMarshall

msvcp60

?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?table@?$ctype@D@std@@IBEPBFXZ
?min@?$numeric_limits@F@std@@SAFXZ
?sinh@std@@YA?AV?$complex@O@1@ABV21@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0ID@Z
?pow@?$_Ctr@N@std@@SANNN@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@II@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??_7__non_rtti_object@std@@6B@
??4?$_Complex_base@M@std@@QAEAAV01@ABV01@@Z
?open@?$basic_fstream@GU?$char_traits@G@std@@@std@@QAEXPBDH@Z
?sync@?$basic_filebuf@GU?$char_traits@G@std@@@std@@MAEHXZ
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@G@Z
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
??_7?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IID@Z
?conj@std@@YA?AV?$complex@N@1@ABV21@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z

d3d8thk

OsThunkDdCreateD3DBuffer
OsThunkDdCreateSurface
OsThunkDdGetAvailDriverMemory
OsThunkDdCanCreateD3DBuffer
OsThunkDdGetDxHandle
OsThunkDdUnattachSurface
OsThunkDdSetExclusiveMode
OsThunkDdEndMoCompFrame
OsThunkDdGetBltStatus
OsThunkDdGetDriverInfo
OsThunkDdGetFlipStatus
OsThunkD3dContextDestroy
OsThunkDdAlphaBlt
OsThunkDdUnlockD3D
OsThunkDdSetOverlayPosition
OsThunkDdQueryDirectDrawObject
OsThunkDdFlipToGDISurface
OsThunkDdGetMoCompFormats
OsThunkDdReenableDirectDrawObject

pstorsvc

Start
PSTOREServiceMain
ServiceEntry

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c2a55a4f43fc3b70e14a344f20bbbb6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt40

rpcrt4

msvcp60

d3d8thk

pstorsvc

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 18KB - Virtual size: 72KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 328B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 18KB - Virtual size: 72KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 328B