eb9a0dabfa91ed27457fed3795d9c16b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eb9a0dabfa91ed27457fed3795d9c16b_JaffaCakes118
Size

863KB
MD5

eb9a0dabfa91ed27457fed3795d9c16b
SHA1

8d9eafb1880eec09481399521011fe34fa3b2b43
SHA256

a0c2da3e4fe34b8e96daa5d8d208ad256b06d41fe84303ac7e3dd5bd8452df91
SHA512

6e5c6265452c5b0ff815ddd1e3adee5b67de886ae4dff02138156fbf00dc83cfdbdcab094dfd3c5e9df10721f4092d069929e9a3bf2bb7474980bc85a65fe0c5
SSDEEP

24576:G+utZs4Ck2UpcsAf8UJIyZvWjy0o/Pas1rPtoV:QPCk2qcoW/vC+KOt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb9a0dabfa91ed27457fed3795d9c16b_JaffaCakes118

Files

eb9a0dabfa91ed27457fed3795d9c16b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6ab3a838910f4c405486267074b7cd84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenFileMappingA
SetConsoleDisplayMode
GlobalAlloc
GetStartupInfoW
LockFile
QueryPerformanceCounter
HeapCreate
lstrcmpiW
OpenFile
GetFirmwareEnvironmentVariableW
LoadLibraryExW
GetTimeZoneInformation
FindResourceA
GetConsoleCommandHistoryLengthW
VirtualAlloc
OutputDebugStringA
GetConsoleHardwareState
lstrcatA
GetVDMCurrentDirectories
LocalCompact
RemoveVectoredExceptionHandler
ReadConsoleOutputA
CreateTimerQueue
QueryDosDeviceW
RegisterConsoleIME
LZOpenFileW
LoadLibraryA
IsBadHugeReadPtr
GetThreadSelectorEntry
SetConsoleLocalEUDC
CreateActCtxA
GetBinaryType
ExpungeConsoleCommandHistoryA
BeginUpdateResourceW
GetModuleHandleW
GetComputerNameW
GetVolumeInformationA
GetVersionExA
SetInformationJobObject
lstrcat
GetCurrentProcess
FindNextVolumeMountPointW
SetComputerNameW
ReadProcessMemory
RestoreLastError
GetExitCodeThread
BaseFlushAppcompatCache
SetFileTime
FatalAppExitA
SetClientTimeZoneInformation
GetConsoleAliasesW
SystemTimeToTzSpecificLocalTime
FillConsoleOutputCharacterW
WriteFile
SetComputerNameExW
SetComputerNameA
GetConsoleAliasA
EnumSystemLanguageGroupsA
SetComPlusPackageInstallStatus
FreeLibrary
IsBadWritePtr
SetupComm
LZCreateFileW
GetThreadTimes
GetPrivateProfileStructA
AreFileApisANSI
ReadConsoleOutputCharacterW
FindResourceExW
VirtualFreeEx
SetFileAttributesW
GetSystemTimeAsFileTime
TryEnterCriticalSection
GetConsoleOutputCP
GetCurrentActCtx
GetExitCodeProcess
GetShortPathNameA
CreateDirectoryA
CreateActCtxW
FreeConsole
RtlCaptureContext
WriteConsoleOutputA
SetCommBreak
lstrcpyW
GetNumaHighestNodeNumber
GlobalFindAtomW

msvcrt40

?unlock@ios@@QAAXXZ
??_Eofstream@@UAEPAXI@Z
_ismbbkprint
??4iostream@@IAEAAV0@AAV0@@Z
_filbuf
cosh
_ismbbkalnum
scanf
_adj_fdiv_m16i
?setlock@streambuf@@QAEXXZ
_setmbcp
??1iostream@@UAE@XZ
_wrename
??4exception@@QAEAAV0@ABV0@@Z
_wstrtime
?clrlock@streambuf@@QAEXXZ
_mbscspn
??Bios@@QBEPAXXZ
??4ostream_withassign@@QAEAAVostream@@ABV1@@Z
??_8ostream@@7B@
??_7bad_cast@@6B@
??_Dfstream@@QAEXXZ
_chsize
?fLockcInit@ios@@0HA
_HUGE
?pcount@strstream@@QBEHXZ
time
?attach@ifstream@@QAEXH@Z
??_Eistrstream@@UAEPAXI@Z
??_7iostream@@6B@
?good@ios@@QBEHXZ
isgraph
_wcsnicoll
_y0
?setmode@ofstream@@QAEHH@Z
strcpy

rasapi32

RasGetEntryHrasconnW
RasSetEntryDialParamsW
RasSetEntryPropertiesA
RasGetAutodialAddressW
RasSetAutodialAddressW
RasQueryRedialOnLinkFailure
RasSetEntryDialParamsA
RasGetConnectionStatistics
RasGetErrorStringW
RasSetEntryPropertiesW
RasSetCredentialsW
RasGetConnectStatusW
RasSetAutodialEnableA
RasAutodialAddressToNetwork
RasEnumEntriesA
RasSetAutodialParamW
RasAutodialEntryToNetwork
RasGetSubEntryHandleA
RasSetSubEntryPropertiesA
RasAutoDialSharedConnection
DDMGetPhonebookInfo
RasHangUpA
DwCloneEntry
RasGetSubEntryPropertiesA
RasFreeEapUserIdentityW
RasGetSubEntryPropertiesW
RasEnumAutodialAddressesA
RasGetEntryDialParamsW
RasEnumConnectionsA
RasHangUpW
RasGetCustomAuthDataA
RasGetCountryInfoA
RasEnumDevicesA
RasCreatePhonebookEntryA
RasScriptTerm
RasGetCustomAuthDataW
RasSetCredentialsA
RasFreeEapUserIdentityA
RasValidateEntryNameA
RasSetEapUserDataA
DwRasUninitialize
RasGetEapUserDataA
RasGetAutodialParamW

rpcns4

I_RpcNsNegotiateTransferSyntax
RpcNsBindingUnexportA
RpcNsProfileEltInqBeginW
RpcNsMgmtBindingUnexportW
RpcNsBindingExportA
RpcNsGroupMbrInqBeginW
RpcNsMgmtEntryInqIfIdsW
RpcNsProfileDeleteA
RpcNsEntryExpandNameW
RpcNsBindingUnexportW
RpcNsBindingImportDone
RpcNsBindingExportPnPA
RpcNsMgmtEntryDeleteW
RpcNsMgmtHandleSetExpAge
RpcNsBindingExportW
RpcNsGroupMbrRemoveW
RpcNsProfileEltInqBeginA
RpcNsBindingUnexportPnPA
RpcNsProfileEltAddA
RpcNsProfileEltInqNextW
RpcNsProfileEltAddW
I_RpcNsGetBuffer
RpcNsGroupMbrInqBeginA
I_RpcNsRaiseException
RpcNsProfileEltInqNextA
RpcNsMgmtInqExpAge
RpcNsEntryObjectInqBeginA
RpcNsEntryObjectInqBeginW
I_RpcNsSendReceive
RpcNsMgmtEntryCreateA
RpcNsEntryObjectInqNext
RpcNsMgmtEntryCreateW
RpcNsBindingLookupBeginW
RpcNsGroupMbrInqDone
RpcNsBindingUnexportPnPW
RpcNsMgmtEntryInqIfIdsA
RpcNsMgmtBindingUnexportA
RpcNsBindingLookupBeginA

shlwapi

UrlApplySchemeA
PathSetDlgItemPathW
PathRemoveArgsW
ColorAdjustLuma
SHRegGetPathA
StrToInt64ExW
PathRemoveArgsA
PathFindOnPathW
PathIsRootW
PathIsURLW
PathIsSystemFolderA
SHAutoComplete
SHDeleteEmptyKeyW
SHSetValueW
SHRegEnumUSValueA
PathCreateFromUrlW
StrStrNIW
SHRegSetPathW
StrStrIA
UrlIsOpaqueW
PathSkipRootA
PathIsDirectoryEmptyW
SHStrDupA
PathCompactPathExA
SHRegQueryInfoUSKeyA
UrlGetPartW
StrCmpNW
SHRegEnumUSKeyW

dmloader

DllGetClassObject

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 363KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ab3a838910f4c405486267074b7cd84

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt40

rasapi32

rpcns4

shlwapi

dmloader

Sections

.text Size: 168KB - Virtual size: 168KB

.rdata Size: 327KB - Virtual size: 327KB

.data Size: 363KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 168KB - Virtual size: 168KB

.rdata
Size: 327KB - Virtual size: 327KB

.data
Size: 363KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB