3716eea605785fc339984d380dcf8700_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3716eea605785fc339984d380dcf8700_JaffaCakes118
Size

62KB
MD5

3716eea605785fc339984d380dcf8700
SHA1

46a443f162c0e96d7210fbbcb5c6dc61c4169f4c
SHA256

fd2dbc6e079bf0966a2b7952028e7960d4967536b2c3d1d6820d607b8d9fe1ad
SHA512

7cd1f62f7680cd46261c3e4b3f12d2ba38fed0d875b0163e1b6ed86590ce35c7cdd6f45cd052747e32801725fe10b68369d5bba2e31652ece90dc5b3cdeaecde
SSDEEP

1536:e7DXlj/ZMEteHmoJPSvCV4kJRoimYd5PDURWcHW44La:Or9zteG6eCpVmsPYRWh44L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3716eea605785fc339984d380dcf8700_JaffaCakes118

Files

3716eea605785fc339984d380dcf8700_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5613a0640b0a6c675f24208314251080

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetMenuInfo
GetMonitorInfoW
SetTaskmanWindow
GetWindowLongA
GetClipboardData
TrackMouseEvent
DefDlgProcW
SetWindowTextW
ReasonCodeNeedsComment
DefDlgProcA
CreateDesktopW
DestroyMenu
RegisterRawInputDevices
AlignRects
DisableProcessWindowsGhosting
DestroyCursor
WaitForInputIdle
MoveWindow
GetLastActivePopup
SetWindowStationUser
ShowOwnedPopups
RegisterLogonProcess
MessageBoxW
GetTabbedTextExtentA
SendNotifyMessageA
CharToOemBuffA

msvcp60

??4?$numeric_limits@C@std@@QAEAAV01@ABV01@@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIABV12@II@Z
??1time_base@std@@UAE@XZ
??1?$numpunct@D@std@@UAE@XZ
??X?$_Complex_base@N@std@@QAEAAV01@ABN@Z
??4?$_Ctr@N@std@@QAEAAV01@ABV01@@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PAG0ABV12@@Z
??8std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
?_Isinf@?$_Ctr@N@std@@SA_NN@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXPAGPBG1@Z
??_7ios_base@std@@6B@
_LDtest
?min@?$numeric_limits@_N@std@@SA_NXZ
??_Fbad_cast@std@@QAEXXZ
?_Xlen@std@@YAXXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PAG0PBG1@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
?exp@std@@YA?AV?$complex@N@1@ABV21@@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ

kernel32

GetTickCount
GetCurrentProcessId
GlobalSize
ReleaseMutex
GetVolumeNameForVolumeMountPointW
DebugBreak
LoadLibraryA
GetCurrentThreadId
DeleteCriticalSection
GetNumaNodeProcessorMask
LocalSize
GlobalUnfix
CreateFileA
CreateRemoteThread
_lopen
CreateFiber
GetStartupInfoW
UnmapViewOfFile
GetModuleHandleW
GlobalMemoryStatus
OpenSemaphoreA
ReplaceFileA
BackupSeek
GetConsoleAliasExesLengthA
ReadConsoleInputW
CreateJobObjectA
LoadLibraryW
MulDiv
GetProcessTimes
BaseUpdateAppcompatCache
FindFirstFileW
EnumSystemCodePagesW
QueryPerformanceCounter
ShowConsoleCursor
VirtualAlloc
TryEnterCriticalSection
TerminateProcess
TzSpecificLocalTimeToSystemTime
GetProcAddress
lstrlenA

schannel

SslEmptyCacheA
AcquireCredentialsHandleA
SpUserModeInitialize
InitSecurityInterfaceA
DeleteSecurityContext
SslFreeCertificate
QuerySecurityPackageInfoW
SslGetMaximumKeySize
InitializeSecurityContextA
QueryContextAttributesA
QueryContextAttributesW
AcceptSecurityContext
ImpersonateSecurityContext
RevertSecurityContext
SslLoadCertificate
SealMessage
QuerySecurityPackageInfoA
InitializeSecurityContextW
SslGenerateRandomBits
AcquireCredentialsHandleW
EnumerateSecurityPackagesA
CompleteAuthToken
ApplyControlToken
InitSecurityInterfaceW
FreeContextBuffer
SslEmptyCacheW
MakeSignature
SpLsaModeInitialize
UnsealMessage

ntdll

RtlIsGenericTableEmptyAvl
RtlFreeHeap
ZwCreateThread
VerSetConditionMask
RtlQueryRegistryValues
ZwAllocateUserPhysicalPages
ZwCreateJobSet
RtlAllocateHeap
log
ZwReadRequestData
ZwOpenDirectoryObject
RtlxAnsiStringToUnicodeSize
ZwImpersonateAnonymousToken
ZwMakeTemporaryObject
NtQuerySystemInformation
_alloca_probe
RtlGetActiveActivationContext
RtlInitString
RtlIpv4StringToAddressA
NtSetInformationThread
RtlNumberOfSetBits
_CIsqrt
RtlFindActivationContextSectionGuid
LdrAddRefDll
ZwQueryMultipleValueKey
NtSystemDebugControl

msvcrt20

fwprintf
??0strstreambuf@@QAE@ABV0@@Z
??_8strstream@@7Bostream@@@
?width@ios@@QBEHXZ
?seekoff@streambuf@@UAEJJW4seek_dir@ios@@H@Z
_CIcosh
??_7ofstream@@6B@
??0ostream@@IAE@XZ
_commode
isgraph
_wspawnv
??_Gifstream@@UAEPAXI@Z
?setmode@filebuf@@QAEHH@Z
_ultoa
isupper
?ebuf@streambuf@@IBEPADXZ
_ismbbalnum
?good@ios@@QBEHXZ
asin
_tempnam
?sgetn@streambuf@@QAEHPADH@Z
?rdbuf@ifstream@@QBEPAVfilebuf@@XZ
_mbscoll
_mbsdup
fgetc
_mbsnccnt

mspatcha

TestApplyPatchToFileByHandles
ApplyPatchToFileExW
GetFilePatchSignatureW
ApplyPatchToFileByHandlesEx
ApplyPatchToFileByHandles
TestApplyPatchToFileW
ApplyPatchToFileExA
GetFilePatchSignatureA
GetFilePatchSignatureByHandle
ApplyPatchToFileA
ApplyPatchToFileW
TestApplyPatchToFileA

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5613a0640b0a6c675f24208314251080

Headers

DLL Characteristics

File Characteristics

Imports

user32

msvcp60

kernel32

schannel

ntdll

msvcrt20

mspatcha

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 14KB - Virtual size: 60KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 292B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 14KB - Virtual size: 60KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 292B