3c73f30c93cd8041b1eb5dab9276caca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c73f30c93cd8041b1eb5dab9276caca_JaffaCakes118
Size

62KB
MD5

3c73f30c93cd8041b1eb5dab9276caca
SHA1

b7adf03458f2d98b6ec46a24b7e548a9786dc571
SHA256

c2c69dd8f1041e090826709cdb58127d04ce43fc03a9a62fe1eec45dc9d323c7
SHA512

d6985579b81e5dafa6172261d422df1bff828e09e280b107486ee7873670e5fdc12d4ec9ea95b2fafd290a7bf653104d6e780447bf709c9f7aa9461f5b0a558a
SSDEEP

1536:vt512Os7BpL1S2SB/6TIYfyfjjx9+Kr7FNININ9:vtP2OGLw2S4UB9VKKz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c73f30c93cd8041b1eb5dab9276caca_JaffaCakes118

Files

3c73f30c93cd8041b1eb5dab9276caca_JaffaCakes118
.exe windows:5 windows x86 arch:x86

02aeb9ad50f638cce1461497381dfca6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowTextLengthW
EnumDisplayDevicesA
SetWindowRgn
GetSubMenu
VkKeyScanA
SetActiveWindow
SetWindowLongA
DdeQueryStringW
WinHelpA
GetWindowThreadProcessId
SetCursor
EndTask
EnumDisplayMonitors
CheckRadioButton
CreateDialogIndirectParamA
EnableWindow
GetWindowRect
GetLayeredWindowAttributes
InitializeLpkHooks
EnumPropsExW
UpdateWindow
AllowSetForegroundWindow
SetWindowPlacement
SendDlgItemMessageW
TranslateMessage

msvcrt40

??1logic_error@@UAE@XZ
vsprintf
_itoa
fprintf
_filelengthi64
_findnext
_getpid
_adjust_fdiv
?fLockcInit@ios@@0HA
_dup2
??0strstream@@QAE@XZ
_wtmpnam
?stossc@streambuf@@QAEXXZ
__mb_cur_max
??0streambuf@@QAE@ABV0@@Z
wcstod
??_Eostream@@UAEPAXI@Z
??_7stdiostream@@6B@
_execlp
_adj_fdivr_m32
raise
??_Gostrstream@@UAEPAXI@Z
freopen
??0ostream_withassign@@QAE@XZ
??_Gstreambuf@@UAEPAXI@Z
_winminor

certcli

CACertTypeSetSecurity
CASetCertTypeProperty
DllCanUnloadNow
CAGetCertTypeProperty
GetProxyDllInfo
CACloneCertType
CAAccessCheckEx
CACertTypeRegisterQuery
CAGetCertTypeExpiration
CACreateCertType
CASetCASecurity
CAEnumCertTypesForCA
CASetCertTypeFlagsEx
CAOIDGetLdapURL
CASetCertTypeExtension
CACertTypeGetSecurity
CAGetCASecurity
CAEnumFirstCA
CACreateNewCA
CAGetCAProperty
CAFindByIssuerDN
CAOIDAdd
CAFindByCertType
CAFindCertTypeByName
CACertTypeUnregisterQuery

kernel32

RegisterWowBaseHandlers
GetCurrencyFormatW
OpenSemaphoreW
ExpungeConsoleCommandHistoryW
GetCurrentProcess
VirtualAlloc
GetStartupInfoW
CreateProcessW
GlobalMemoryStatus
ReplaceFileW
LoadLibraryA
WaitNamedPipeA
GetProcessHeaps
HeapValidate
GetCurrentProcessId
FindNextFileA
GetFileAttributesExA
GetCompressedFileSizeA
GetTickCount
FoldStringA
BaseCleanupAppcompatCacheSupport
GetBinaryTypeA
SetSystemPowerState
GetCurrentThreadId
GetModuleHandleW
QueryPerformanceCounter
GetDiskFreeSpaceExW
SetVolumeLabelA
GetConsoleSelectionInfo

mprapi

MprPortSetUsage
MprAdminTransportSetInfo
RasPrivilegeAndCallBackNumber
MprConfigTransportDelete
MprAdminInterfaceEnum
MprAdminServerGetCredentials
MprInfoDelete
MprConfigTransportGetInfo
MprAdminMIBEntrySet
MprAdminTransportGetInfo
MprConfigInterfaceTransportAdd
MprAdminInterfaceGetCredentialsEx
MprAdminMIBBufferFree
MprAdminConnectionEnum
MprAdminUserSetInfo
MprAdminInterfaceUpdatePhonebookInfo
MprInfoBlockFind
MprAdminMIBServerDisconnect
MprAdminInterfaceGetCredentials
MprConfigGetFriendlyName
MprAdminEstablishDomainRasServer
MprAdminInterfaceQueryUpdateResult
MprAdminUserClose
MprAdminInterfaceTransportGetInfo
MprAdminInterfaceGetInfo

msvcirt

?is_open@fstream@@QBEHXZ
??_Eistrstream@@UAEPAXI@Z
??_Dstrstream@@QAEXXZ
?stossc@streambuf@@QAEXXZ
??_7ostrstream@@6B@
??5istream@@QAEAAV0@AAE@Z
??4filebuf@@QAEAAV0@ABV0@@Z
??0stdiostream@@QAE@ABV0@@Z
??_8iostream@@7Bistream@@@
??0filebuf@@QAE@HPADH@Z
?attach@fstream@@QAEXH@Z
?str@ostrstream@@QAEPADXZ
??0filebuf@@QAE@ABV0@@Z
??_Elogic_error@@UAEPAXI@Z
?fd@fstream@@QBEHXZ
??6ostream@@QAEAAV0@PAVstreambuf@@@Z
??0ostrstream@@QAE@XZ
??0stdiobuf@@QAE@PAU_iobuf@@@Z
?fd@ifstream@@QBEHXZ
?write@ostream@@QAEAAV1@PBCH@Z
??6ostream@@QAEAAV0@PBX@Z
?opfx@ostream@@QAEHXZ

msvcp60

??0ios_base@std@@IAE@XZ
?do_encoding@codecvt_base@std@@MBEHXZ
?narrow@?$ctype@G@std@@QBEDGD@Z
?_Getcat@?$messages@G@std@@SAIXZ
?pubimbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??_7range_error@std@@6B@
?pubsetbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PADH@Z
?_Getcat@?$numpunct@G@std@@SAIXZ
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
?do_max_length@codecvt_base@std@@MBEHXZ
?do_decimal_point@?$_Mpunct@D@std@@MBEDXZ
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
??4?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?pow@?$_Ctr@O@std@@SAOOO@Z
??0?$complex@O@std@@QAE@ABV?$complex@N@1@@Z
??Ystd@@YAAAV?$complex@N@0@AAV10@ABV10@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
_LCosh
??1?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
?round_error@?$numeric_limits@D@std@@SADXZ
??_7money_base@std@@6B@
?_Tidy@strstreambuf@std@@IAEXXZ

expsrv

__vbaVarLateMemSt
__vbaFreeObjList
rtcIsObject
__vbaAryConstruct
_adj_fdiv_m16i
__vbaFpCSngR8
__vbaVarSetVar
rtcLeftCharBstr
_CIlog
__vbaVarSetVarAddref
rtcRightTrimBstr
__vbaAryUnlock
__vbaLateMemCallSt
__vbaStrDate
__vbaCopyBytesZero
rtcIsError
__vbaPutFxStr4
__vbaI2ForNextCheck
BASIC_CLASS_Release
rtcSYD
__vbaInStrVarB
rtcMakeDir
rtcFileAttributes
__vbaVarTextTstNe
rtcLeftTrimVar

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02aeb9ad50f638cce1461497381dfca6

Headers

DLL Characteristics

File Characteristics

Imports

user32

msvcrt40

certcli

kernel32

mprapi

msvcirt

msvcp60

expsrv

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 24KB - Virtual size: 109KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 272B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 24KB - Virtual size: 109KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 272B