2fdf9dec8c297f24516fdb4fa6d30898_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2fdf9dec8c297f24516fdb4fa6d30898_JaffaCakes118
Size

60KB
MD5

2fdf9dec8c297f24516fdb4fa6d30898
SHA1

76102c6f27b627715fd187cb743db21c05b3454d
SHA256

f2805ec7c407b2f2c712742012eb6300dc9e3a658551591b618cb90fe540247d
SHA512

d8e35680032c5cfe003007c26703ab12ec664e6e7c728cdaa5a9d8d596aee028828b8fd433e48f2a9183165c18e3511ac565d5d917459931c4cfd98552efc03c
SSDEEP

1536:b0NgVGBr+FBPKAJMYZolmgFSmRVPxqSlqep:bVVG1+FBNB+mgFSmRVPMJE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fdf9dec8c297f24516fdb4fa6d30898_JaffaCakes118

Files

2fdf9dec8c297f24516fdb4fa6d30898_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fbad077495be2f5e89d350ca29695c33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

_llseek
GetCurrentThreadId
VirtualAlloc
GetTickCount
DeleteVolumeMountPointA
GetConsoleAliasA
GetBinaryTypeW
GetStartupInfoW
GetCurrentProcessId
DebugActiveProcessStop
SetConsoleLocalEUDC
QueryPerformanceCounter
WideCharToMultiByte
Beep
WaitNamedPipeA
GetConsoleDisplayMode
FreeResource
WriteFileGather
CompareStringW
GetShortPathNameW
SetupComm
SizeofResource
SetConsoleTitleW
FreeEnvironmentStringsA
LCMapStringA
GetModuleHandleExA
IsBadStringPtrA
LoadLibraryA
_lread
GetNumaAvailableMemoryNode
LoadLibraryW
GetModuleHandleW
UnmapViewOfFile
ReadConsoleInputExW
SetHandleContext

apphelp

SdbReadQWORDTagRef
SdbUnregisterDatabase
ApphelpGetNTVDMInfo
SdbCreateMsiTransformFile
SdbFindFirstMsiPackage_Str
SdbFindFirstTag
SdbQueryData
SdbResolveDatabase
SdbGetDatabaseVersion
ApphelpFixMsiPackageExe
SdbGrabMatchingInfoEx
SdbGetStringTagPtr
ApphelpFixMsiPackage
SdbFindFirstTagRef
SdbTagIDToTagRef
SdbTagToString
SdbReadMsiTransformInfo
SdbSetPermLayerKeys
SetPermLayers
SdbReadStringTagRef
SdbGetNextChild
ApphelpCheckShellObject
SdbGetPermLayerKeys
ApphelpShowDialog
ApphelpCheckIME
ShimDumpCache

crtdll

_CItan
_ismbclower
__pxcptinfoptrs
_mbstrlen
exp
_osver_dll
_gcvt
_ftime
_swab
_spawnlpe
_mbscspn
_mbsstr
_execve
localtime
_mbsspnp
_cgets
fread
wprintf
_ismbcl2
_lrotr
_fcloseall
_lrotl
vwprintf
iswascii

msvcrt40

_mtlock
?isfx@istream@@QAEXXZ
_wctime
__iscsym
??_Dofstream@@QAEXXZ
?overflow@filebuf@@UAEHH@Z
??5istream@@QAEAAV0@PAVstreambuf@@@Z
?cin@@3Vistream_withassign@@A
??_Eifstream@@UAEPAXI@Z
cos
??0Iostream_init@@QAE@XZ
strxfrm
_exit
mbstowcs
?getline@istream@@QAEAAV1@PAEHD@Z
?get@istream@@QAEAAV1@PAEHD@Z
_seterrormode
_mbscat
__threadhandle
_wchmod
__winitenv
?underflow@stdiobuf@@UAEHXZ
?eatwhite@istream@@QAEXXZ
_beginthreadex
_strtime

ntdll

ZwWriteFileGather
NtTerminateJobObject
DbgUiDebugActiveProcess
NtCreateEventPair
sprintf
RtlConvertSidToUnicodeString
NtQueryInformationFile
strstr
RtlCreateUnicodeStringFromAsciiz
wcstol
RtlUpperString
ZwRenameKey
fabs
NtQuerySecurityObject
NtTerminateProcess
RtlInitializeAtomPackage
ZwCreateTimer
NtMapUserPhysicalPagesScatter
NtQueryDefaultUILanguage
ZwCreateSymbolicLinkObject
NtLoadKey
RtlFreeAnsiString
NtImpersonateClientOfPort
ZwOpenProcessTokenEx
NtSetContextThread
ZwPulseEvent
RtlZeroMemory

msvcp60

?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?toupper@?$ctype@G@std@@QBEPBGPAGPBG@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@N@0@@Z
?write@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@PBGH@Z
_FRteps
??4_Num_int_base@std@@QAEAAU01@ABU01@@Z
?classic_table@?$ctype@D@std@@KAPBFXZ
_Getcoll
_FCosh
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
?find_last_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?infinity@?$numeric_limits@F@std@@SAFXZ
?min@?$numeric_limits@O@std@@SAOXZ
?real@?$_Complex_base@M@std@@QBEMXZ
?sungetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?frac_digits@?$_Mpunct@G@std@@QBEHXZ
?flags@ios_base@std@@QAEHH@Z
??_D?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
?_Init@?$codecvt@DDH@std@@IAEXABV_Locinfo@2@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
_Getctype
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXXZ
??1?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ

wmdmlog

DllUnregisterServer
DllRegisterServer
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbad077495be2f5e89d350ca29695c33

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

apphelp

crtdll

msvcrt40

ntdll

msvcp60

wmdmlog

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 23KB - Virtual size: 91KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 280B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 23KB - Virtual size: 91KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 280B