5654e263c6c27e137f607aebea6cbb63_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5654e263c6c27e137f607aebea6cbb63_JaffaCakes118
Size

37KB
MD5

5654e263c6c27e137f607aebea6cbb63
SHA1

8e63fb19a3ad4dccac5849a1196e11ce92bbba56
SHA256

932da9a56a8d3ed42e28f9c7c1bbcf21c4ef3b2ad1eb9a5c9f899ce3a47d84ba
SHA512

0069f1456e8c588ce3e65c75e8862499a02796201be0bd2d75165fd20d030ac125c771cf75357eff6f5c1378de6c903a0bdc9e1cd2ebba1c205233285823c691
SSDEEP

384:3TVfNZk+vj4Ab5n2MFzNEGLQ67fEE/eX0BwyYiueWOnp6Eg+cOk9uVsjDO4s:jzZkwbbJ2MxmGU67+PtiueTSOk9uQO4s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5654e263c6c27e137f607aebea6cbb63_JaffaCakes118

Files

5654e263c6c27e137f607aebea6cbb63_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bfc2fb0834f4c10a76833a72cf859045

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcirt

??1ostream_withassign@@UAE@XZ
??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z
??4ostream_withassign@@QAEAAVostream@@PAVstreambuf@@@Z
??_Estrstream@@UAEPAXI@Z
?bad@ios@@QBEHXZ
?pptr@streambuf@@IBEPADXZ
?basefield@ios@@2JB
??0filebuf@@QAE@XZ
?read@istream@@QAEAAV1@PADH@Z
??_Eostream_withassign@@UAEPAXI@Z
?open@ifstream@@QAEXPBDHH@Z
??_Distrstream@@QAEXXZ
?setp@streambuf@@IAEXPAD0@Z
??0ostream@@IAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??_8strstream@@7Bistream@@@
??4stdiobuf@@QAEAAV0@ABV0@@Z
??4ios@@IAEAAV0@ABV0@@Z
?width@ios@@QAEHH@Z
??Bios@@QBEPAXXZ
?ipfx@istream@@QAEHH@Z
??4ostrstream@@QAEAAV0@ABV0@@Z
??0filebuf@@QAE@H@Z
??4ostream@@IAEAAV0@PAVstreambuf@@@Z
??1ostrstream@@UAE@XZ
?open@fstream@@QAEXPBDHH@Z

kernel32

InterlockedDecrement
CreateEventA
BuildCommDCBAndTimeoutsW
ActivateActCtx
WriteProfileStringW
OutputDebugStringA
PurgeComm
_lopen
ReplaceFileW
GetHandleInformation
ReadConsoleOutputCharacterW
ReplaceFile
UnregisterConsoleIME
LoadLibraryA
GetPrivateProfileSectionNamesW
SuspendThread
GetSystemDefaultLCID
WriteConsoleInputA
IsValidCodePage
GetUserDefaultLCID
WriteFileEx
DeleteTimerQueue
GetLongPathNameW
GetSystemPowerStatus
EnterCriticalSection
EnumResourceNamesA
SetComputerNameExA
GetConsoleCP
FindFirstVolumeA
SetProcessWorkingSetSize
FatalExit
IsDebuggerPresent
EscapeCommFunction
GetVolumeNameForVolumeMountPointA
LeaveCriticalSection
VirtualAlloc
GetSystemDefaultLangID
IsValidLocale
LockResource
LocalHandle
LCMapStringA
GetModuleHandleA
EnumSystemCodePagesW
WritePrivateProfileSectionA
GetProfileSectionA
SetDefaultCommConfigA
FindFirstVolumeMountPointA
BeginUpdateResourceW
GetConsoleCommandHistoryLengthW
RegisterConsoleIME
CreateHardLinkW

lz32

LZSeek
LZClose
LZDone
LZCloseFile
GetExpandedNameA
LZRead
LZInit
LZOpenFileA
GetExpandedNameW
CopyLZFile
LZCopy
LZOpenFileW
LZCreateFileW
LZStart

ntdll

ZwOpenIoCompletion
RtlMultiByteToUnicodeSize
NtAllocateVirtualMemory
_i64tow
ZwAccessCheckByTypeAndAuditAlarm
NtTranslateFilePath
ZwDeleteValueKey
RtlDebugPrintTimes
RtlAreBitsSet
RtlPinAtomInAtomTable
NtWriteFile
ZwResetWriteWatch
RtlLookupAtomInAtomTable
NtFsControlFile
_chkstk
RtlUpdateTimer
NtQueryObject
RtlCreateUnicodeString
NtImpersonateClientOfPort
RtlInterlockedPushListSList
RtlAddRefActivationContext
NtQueryDefaultUILanguage
RtlAreAnyAccessesGranted
RtlSetTimeZoneInformation
_CIlog
NtCompleteConnectPort
RtlImageRvaToVa
ZwCreateProfile
RtlSetDaclSecurityDescriptor
RtlTraceDatabaseValidate
RtlFindLeastSignificantBit
ZwWriteFileGather
wcsncpy
RtlpNtSetValueKey
ZwWaitForSingleObject
strcspn
RtlUpperChar
ZwInitializeRegistry

wintrust

CryptCATAdminPauseServiceForBackup
HTTPSCertificateTrust
CryptCATGetCatAttrInfo
CryptSIPGetRegWorkingFlags
WinVerifyTrust
WVTAsn1CatNameValueEncode
WintrustAddDefaultForUsage
WVTAsn1SpcSigInfoEncode
WintrustSetRegPolicyFlags
WVTAsn1SpcStatementTypeDecode
CryptCATGetMemberInfo
CryptCATAdminReleaseCatalogContext
WVTAsn1SpcPeImageDataEncode
DriverFinalPolicy
CryptCATVerifyMember
SoftpubDllRegisterServer
WVTAsn1SpcSpAgencyInfoEncode
DriverCleanupPolicy
WVTAsn1CatMemberInfoDecode
CatalogCompactHashDatabase
CryptCATCDFEnumMembersByCDFTag
WTHelperIsInRootStore
TrustIsCertificateSelfSigned
WinVerifyTrustEx
WTHelperProvDataFromStateData
CryptCATCDFEnumAttributesWithCDFTag
MsCatConstructHashTag
MsCatFreeHashTag
CryptCATPutAttrInfo
CryptCATAdminResolveCatalogPath
CryptSIPCreateIndirectData
CryptCATOpen
GenericChainCertificateTrust
WTHelperGetProvPrivateDataFromChain
SoftpubAuthenticode
mssip32DllRegisterServer
CryptSIPGetSignedDataMsg
CryptCATClose

msvcrt

__set_app_type
__getmainargs
exit
_memicmp
__RTCastToVoid
_lfind
_safe_fdivr
wcscmp
_outpd
_adj_fprem1
_winver
_stat64
_findnext64
_rmdir
_aligned_offset_realloc
_wfullpath
_pipe
wcslen
__p__commode
__CxxFrameHandler
__CxxQueryExceptionSize
_getwch
towupper
_tzname
_acmdln
_ismbbprint
wcstoul
_mbsdec

wmvcore

WMCreateWriterNetworkSink
WMCreateEditor
WMCreateWriterPriv
WMCreateIndexer
WMCreateReaderPriv
WMCreateBackupRestorerPrivate
WMCreateProfileManager
WMCreateWriterFileSink
WMValidateData
WMCheckURLExtension

kbduk

KbdLayerDescriptor

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfc2fb0834f4c10a76833a72cf859045

Headers

DLL Characteristics

File Characteristics

Imports

msvcirt

kernel32

lz32

ntdll

wintrust

msvcrt

wmvcore

kbduk

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 33KB - Virtual size: 230KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 33KB - Virtual size: 230KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB