54da4c4777462c84e9862e80f33ba295_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

54da4c4777462c84e9862e80f33ba295_JaffaCakes118
Size

833KB
MD5

54da4c4777462c84e9862e80f33ba295
SHA1

8152362194d364427b5a850a9277e8f8ef94a33b
SHA256

481f596e0fec15e745fccdb7aad86a25d9a6ef0582966d3567602a0614867999
SHA512

c9646000a08f33b69262fa3fa7910d65f4cf36037bc6b98a67aafd1f0697865cb1d40ccaaff3450d9616e03a42f85989cdcc7a493a9dcdfa29a09ec4713f30e9
SSDEEP

24576:G+5NC+DI6hP/VKN43ZCrYxwk3XRsnKt/eQ2cs1ur:NPD86h3VUr8wkHzVb9br

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54da4c4777462c84e9862e80f33ba295_JaffaCakes118

Files

54da4c4777462c84e9862e80f33ba295_JaffaCakes118
.exe windows:5 windows x86 arch:x86

31fa2939741a53542d6397ec402f6692

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_GetDlgItemText@16
_RegDeleteKey_@8
_NDdeShareEnum_@24
_NDdeSetTrustedShare_@12
_CopyEnhMetaFile_@8
_GlobalGetAtomName_@12
_DefDlgProc_@16
_GetCharWidth32_@16
_ObjectCloseAuditAlarm_@12
_OpenDesktop_@16
_RegOpenKeyEx_@20
_GetCurrentDirectory_@8
_SetClassLong_@12
_GetModuleHandle_@4
_GetWindowsDirectory_@8
_SetMenuItemInfo_@16
_ExtTextOut@32
_lstrcat_@8
_GetFileSecurity_@20
_lstrcpy_@8
_LogonUser_@24
_AddFontResource_@4

ntdll

ZwShutdownSystem
RtlInterlockedPushEntrySList
ZwSuspendThread
ZwTerminateJobObject
ispunct
strpbrk
ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
ZwConnectPort
RtlUnicodeStringToInteger
ZwUnloadDriver
RtlUpcaseUnicodeStringToOemString
RtlZombifyActivationContext
RtlDoesFileExists_U
NtSetInformationFile
RtlPinAtomInAtomTable
RtlDowncaseUnicodeChar
NtQueryInformationProcess
RtlGetProcessHeaps
ZwYieldExecution
wcscpy
ZwMakePermanentObject
RtlInitializeSListHead
NtSetDefaultHardErrorPort
NtSetIntervalProfile
NtQueryDefaultUILanguage
RtlEnableEarlyCriticalSectionEventCreation
NtOpenThreadToken
ZwClose
_allshr

msvcirt

??0filebuf@@QAE@H@Z
?setb@streambuf@@IAEXPAD0H@Z
?fill@ios@@QBEDXZ
??6ostream@@QAEAAV0@PAVstreambuf@@@Z
??0ios@@IAE@ABV0@@Z
??0ofstream@@QAE@PBDHH@Z
??6ostream@@QAEAAV0@F@Z
?get@istream@@QAEAAV1@PAEHD@Z
??_Distream@@QAEXXZ
?cerr@@3Vostream_withassign@@A
?tie@ios@@QAEPAVostream@@PAV2@@Z
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
?stdiofile@stdiobuf@@QAEPAU_iobuf@@XZ
??0iostream@@IAE@XZ
??6ostream@@QAEAAV0@N@Z
??1stdiostream@@UAE@XZ
?unlock@ios@@QAAXXZ
??_8istream@@7B@
??1stdiobuf@@UAE@XZ
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z

kernel32

InterlockedPushEntrySList
AddConsoleAliasA
DeleteVolumeMountPointW
GlobalFindAtomW
WritePrivateProfileStructA
OpenMutexW
SetLastConsoleEventActive
LoadLibraryW
GetProcAddress
FormatMessageW
RegisterConsoleIME
SetComputerNameW
IsValidLanguageGroup
GetExitCodeProcess
EnumCalendarInfoW
WaitForSingleObject
SetLastError

linkinfo

ResolveLinkInfoW
GetCanonicalPathInfoA
CreateLinkInfo
GetLinkInfoData
ResolveLinkInfoA
CreateLinkInfoW
DestroyLinkInfo
IsValidLinkInfo
DisconnectLinkInfo
ResolveLinkInfo
CompareLinkInfoReferents
GetCanonicalPathInfoW
GetCanonicalPathInfo
CreateLinkInfoA
CompareLinkInfoVolumes

mapistub

HrIStorageFromStream@16
HrAddColumns@16
EnableIdleRoutine@8
MAPIInitialize@4
WrapCompressedRTFStream@12
MAPISendDocuments
cmc_read
MNLS_CompareStringW@24
cmc_look_up
FBadEntryList@4
HrValidateIPMSubtree@20
UNKOBJ_COFree@8
HrEntryIDFromSz@12
BMAPISendMail

Sections

.text
Size: 380KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31fa2939741a53542d6397ec402f6692

Headers

DLL Characteristics

File Characteristics

Imports

sqlunirl

ntdll

msvcirt

kernel32

linkinfo

mapistub

Sections

.text Size: 380KB - Virtual size: 379KB

.rdata Size: 146KB - Virtual size: 145KB

.data Size: 189KB - Virtual size: 1.5MB

.rsrc Size: 116KB - Virtual size: 116KB

.reloc Size: 1024B - Virtual size: 832B

.text
Size: 380KB - Virtual size: 379KB

.rdata
Size: 146KB - Virtual size: 145KB

.data
Size: 189KB - Virtual size: 1.5MB

.rsrc
Size: 116KB - Virtual size: 116KB

.reloc
Size: 1024B - Virtual size: 832B