52fc9fb55eac0453804f7b2d0e2779c7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

52fc9fb55eac0453804f7b2d0e2779c7_JaffaCakes118
Size

46KB
MD5

52fc9fb55eac0453804f7b2d0e2779c7
SHA1

757f0bad3ec1a4b92058e9e68d28e00aebb7e8d6
SHA256

97d1b447bc6b49af7eec74174253aa99099810b2aafa93ca0d8b279e48fb923f
SHA512

dde6d047a8454faa62501003c249649edad72d4f2a719b0c9c14db08cc323f2ac0c83ff3b9fc6a787da4cd1cb8401ca69e2fb2240a67aafdaf40073f96ed0d66
SSDEEP

768:/j1JqYerBILCSZnUMN96KiV2Wk6NVr+e8uS/tvKeLT9vj76c30+NjC:/jWNdI209nNWkyVSXuW9pLx7jbjC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52fc9fb55eac0453804f7b2d0e2779c7_JaffaCakes118

Files

52fc9fb55eac0453804f7b2d0e2779c7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bf416524e29201fce935edefd4b00f34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

pdh

PdhReadRawLogRecord
PdhSetLogSetRunID
PdhGetRawCounterArrayW
PdhTranslateLocaleCounterW
PdhEnumObjectItemsW
PdhTranslate009CounterA
PdhGetLogFileSize
PdhGetDataSourceTimeRangeH
PdhBrowseCountersHA
PdhGetDefaultPerfCounterW
PdhExpandCounterPathW
PdhEnumLogSetNamesA
PdhOpenQueryW
PdhSetCounterScaleFactor
PdhVbGetOneCounterPath
PdhGetCounterTimeBase
PdhEnumMachinesHW
PdhEnumObjectsW
PdhOpenQueryA
PdhVbUpdateLog
PdhGetRawCounterValue
PdhVbOpenLog
PdhEnumMachinesW
PdhVbCreateCounterPathList
PdhEnumMachinesA
PdhMakeCounterPathA
PdhGetDataSourceTimeRangeA
PdhValidatePathW
PdhExpandWildCardPathW
PdhParseInstanceNameA

kernel32

_lread
EnumLanguageGroupLocalesW
CreateTimerQueue
ProcessIdToSessionId
EnumSystemCodePagesA
IsSystemResumeAutomatic
FindFirstVolumeW
CreateSemaphoreW
Module32First
GlobalAlloc
GetNamedPipeHandleStateW
GetModuleHandleW
DeviceIoControl
CancelWaitableTimer
GetStartupInfoA
SetConsoleDisplayMode
LocalLock
GetNumaHighestNodeNumber
GetStartupInfoW
GetPrivateProfileSectionNamesA
LockFile
WaitNamedPipeW
SetLocalPrimaryComputerNameA
VerifyVersionInfoW
GetPrivateProfileStructW
VirtualQueryEx
GetProcAddress
GetConsoleKeyboardLayoutNameA
VirtualAlloc
WriteConsoleA
LoadLibraryA

ntdll

_memccpy
strncpy
ZwAccessCheckAndAuditAlarm
ZwCancelTimer
sqrt
ZwLoadKey
_alldiv
RtlAnsiStringToUnicodeString
NtWriteVirtualMemory
RtlMultiByteToUnicodeN
ZwQueryDirectoryObject
RtlSystemTimeToLocalTime
NtMapViewOfSection
RtlValidateHeap
ZwNotifyChangeKey
NtWriteFileGather
RtlPinAtomInAtomTable
__toascii
RtlUnicodeStringToOemSize
ZwSetSystemEnvironmentValueEx
RtlApplyRXact
RtlCompactHeap
ZwSetDebugFilterState
RtlGetCurrentDirectory_U
RtlLockBootStatusData
RtlPushFrame
isupper
NtQuerySection
NtCompleteConnectPort
DbgBreakPoint
ZwSetLdtEntries
NtAdjustPrivilegesToken
RtlCharToInteger
ZwDelayExecution
RtlInitializeSid
ZwGetDevicePowerState
ZwReplaceKey
ZwPlugPlayControl
NtDisplayString
NtQueryValueKey
NtSetDefaultLocale
LdrFindResourceEx_U
RtlDeleteNoSplay
NtYieldExecution
NtOpenKey
NtInitializeRegistry
RtlGetNtVersionNumbers
NtPulseEvent
RtlActivateActivationContextEx
RtlIdentifierAuthoritySid
NtFlushWriteBuffer
NtEnumerateKey
RtlDeleteAtomFromAtomTable
RtlClearAllBits
NtUnlockFile
RtlCreateUserThread
NtSaveKey
RtlCreateAcl
RtlNewSecurityGrantedAccess
RtlUpcaseUnicodeString
CsrCaptureTimeout
ZwWaitForMultipleObjects
ZwQueryIoCompletion
RtlAcquireResourceExclusive
NtSecureConnectPort
ZwAccessCheckByTypeResultListAndAuditAlarm
ZwAccessCheckByTypeResultListAndAuditAlarmByHandle

crtdll

_baseversion_dll
fmod
_strupr
sqrt
vfprintf
sinh
_ismbclower
_ecvt
_mbsnbcnt
_stricmp
_strcmpi
_execl
ceil
_CIlog
_kbhit
_fstat
_vsnwprintf
wcscpy
_getdrives
_mbbtombc
difftime
wprintf
_lrotl
_ismbcupper
labs
_mbsnbicmp
_fpclass
_exit
getenv
_gcvt
ungetc
sin

msvcrt

_findnext
tmpfile
_adjust_fdiv
fprintf
frexp
_stat
__set_app_type
__RTCastToVoid
_ismbbtrail
_adj_fpatan
_snwprintf
ceil
wcscmp
rewind
ispunct
_lseek
exit
_pgmptr
_mbctokata
_ftime
sscanf
_heapwalk
_acmdln
__p__commode
wcsncmp
_snscanf
?before@type_info@@QBEHABV1@@Z
_cgetws
_y1
??0bad_cast@@QAE@ABV0@@Z
__iob_func
ferror
_dup
ldexp
_stricoll

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf416524e29201fce935edefd4b00f34

Headers

DLL Characteristics

File Characteristics

Imports

pdh

kernel32

ntdll

crtdll

msvcrt

Sections

.text Size: 35KB - Virtual size: 34KB

.rdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 1KB