edb4f71e0e96a13899c84c2fe8959f1a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

edb4f71e0e96a13899c84c2fe8959f1a_JaffaCakes118
Size

2.1MB
MD5

edb4f71e0e96a13899c84c2fe8959f1a
SHA1

cb93d02842c57df6b4ce5a5f39935b6145daa3f4
SHA256

48e1751f19ff628c5e2686ba45cda9062880522ed12265534d07684fec6a6de1
SHA512

846d6b6d8ec030e739bf2cd5051e29860470d4083bc84642364c558d92c94e17e75b3e8f8fe9028cdea91f00dd7ea0a45ce721d5e968d17935c1e865bbd1eed5
SSDEEP

49152:NB1H3/khlixneVc0J7RiC4PafPfEwp0NCFdiGukX5/uLdwy:TtPkbiEW0HiNvwp0NCiGukwN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
edb4f71e0e96a13899c84c2fe8959f1a_JaffaCakes118

Files

edb4f71e0e96a13899c84c2fe8959f1a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5e9a27ff5d9edfc1f02ee89ef03592a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

deskadp

DllCanUnloadNow
DllGetClassObject

mciwave

DriverProc

dinput

DllCanUnloadNow
DirectInputCreateA
DllUnregisterServer
DllRegisterServer
DllGetClassObject
DirectInputCreateW
DirectInputCreateEx

msoert2

GetDllMajorVersion
HrCopyStream
CreateSystemHandleName
WriteStreamToFileW
CreateLogFile
PszAllocA
PszDayFromIndex
CreateDataObject
PszScanToCharA
HrLPSZCPToBSTR
HrFindInetTimeZone
IsValidFileIfFileUrlW
HrGetStreamPos
PszEscapeMenuStringA
CreateTempFileStream
IsUpper
OpenFileStream
FIsEmptyW
FIsEmptyA
OpenFileStreamShareW
PszSkipWhiteW
WriteStreamToFileHandle
HrCopyStreamCB
HrIndexOfMonth
HrIndexOfWeek
ReplaceCharsW
CreateTempFile
PVGetCertificateParam
HrGetElementImpl
FIsSpaceW
CryptAllocFunc
IsPrint
CrackNotificationPackage
FMissingCert
OpenFileStreamWithFlagsW
IsDigit
HrStreamSeekCur
PszDupW

sqlwoa

_tfopen
newWideCharFromMultiByte
newMultiByteFromWideCharSize
_trename
_tsystem
newMultiByteFromWideCharEx
AllocConvertMultiSZNameToA
newMultiByteFromWideChar
ConvertMultiSZNameToW

cliconfg

CPlApplet
OnInitDialogMain
ClientConfigureAddEdit

stclient

DllUnregisterServer
DllGetClassObject
DllRegisterServer
DllCanUnloadNow

mscms

InternalGetPS2PreviewCRD
InstallColorProfileW
SelectCMM
CreateColorTransformW
GetStandardColorSpaceProfileW
AssociateColorProfileWithDeviceA
UnregisterCMMW
GetNamedProfileInfo
UnregisterCMMA
InternalGetPS2ColorRenderingDictionary
SetColorProfileHeader
UninstallColorProfileA
UninstallColorProfileW
GenerateCopyFilePaths
TranslateColors
InstallColorProfileA
EnumColorProfilesA
GetColorDirectoryA
GetPS2ColorRenderingDictionary
DisassociateColorProfileFromDeviceW
EnumColorProfilesW
InternalGetPS2ColorSpaceArray
GetColorProfileHeader
CreateColorTransformA
SetColorProfileElement
OpenColorProfileW
DisassociateColorProfileFromDeviceA
GetPS2ColorRenderingIntent
RegisterCMMA
InternalGetPS2CSAFromLCS
OpenColorProfileA
GetColorDirectoryW
IsColorProfileValid
CloseColorProfile
TranslateBitmapBits
GetCMMInfo
InternalGetDeviceConfig
DeleteColorTransform
GetColorProfileFromHandle
SetStandardColorSpaceProfileA

msvcp60

_Toupper

ws2help

WahCompleteRequest
WahQueueUserApc
WahOpenApcHelper
WahCreateNotificationHandle
WahOpenHandleHelper
WahCreateHandleContextTable
WahDestroyHandleContextTable
WahWaitForNotification
WahOpenNotificationHandleHelper
WahRemoveHandleContext
WahCloseHandleHelper
WahEnableNonIFSHandleSupport
WahCloseApcHelper
WahDisableNonIFSHandleSupport
WahNotifyAllProcesses
WahCloseSocketHandle
WahCreateSocketHandle

pdh

PdhGetLogFileSize
PdhExpandWildCardPathA
PdhGetRawCounterValue
PdhGetDataSourceTimeRangeW
PdhEnumObjectsA
PdhCollectQueryDataEx
PdhCalculateCounterFromRawValue
PdhIsRealTimeQuery
PdhSetDefaultRealTimeDataSource
PdhVbOpenQuery
PdhExpandCounterPathA
PdhVbGetOneCounterPath
PdhExpandWildCardPathW
PdhGetFormattedCounterArrayA
PdhAddCounterA
PdhValidatePathW
PdhGetDllVersion
PdhEnumMachinesA
PdhVbGetLogFileSize
PdhListLogFileHeaderW
PdhFormatFromRawValue
PdhBrowseCountersA
PdhVbGetCounterPathFromList
PdhUpdateLogFileCatalog
PdhSelectDataSourceA
PdhVbAddCounter
PdhGetCounterInfoW
PdhOpenQuery
PdhReadRawLogRecord
PdhGetDefaultPerfObjectW
PdhUpdateLogW
PdhLookupPerfIndexByNameW

ntmarta

AccProvHandleSetAccessRights
AccRewriteGetHandleRights
AccProvRevokeAuditRights
AccProvSetAccessRights
AccRewriteSetHandleRights
AccProvIsObjectAccessible
AccProvHandleRevokeAuditRights
AccConvertAclToAccess
AccProvHandleGetAllRights
AccProvHandleRevokeAccessRights
AccProvHandleIsObjectAccessible
AccGetAccessForTrustee
AccConvertAccessMaskToActrlAccess
AccRewriteGetExplicitEntriesFromAcl
AccLookupAccountName
AccConvertAccessToSecurityDescriptor
AccProvGetOperationResults
AccSetEntriesInAList
AccProvHandleGetTrusteesAccess
AccRewriteSetEntriesInAcl
AccConvertSDToAccess
AccRewriteGetNamedRights
EventNameFree
AccProvHandleGrantAccessRights
AccProvGetAllRights
AccProvHandleIsAccessAudited
AccLookupAccountTrustee
AccProvIsAccessAudited
AccProvGetTrusteesAccess
AccProvCancelOperation
AccProvHandleGetAccessInfoPerObjectType
AccProvGrantAccessRights
AccLookupAccountSid
AccProvGetAccessInfoPerObjectType
AccConvertAccessToSD
AccProvGetCapabilities
AccRewriteSetNamedRights
EventGuidToName

kernel32

BuildCommDCBAndTimeoutsW
SetConsoleNlsMode
Process32Next
GlobalFindAtomA
VirtualAlloc
CreateMailslotA
WriteConsoleInputA
CreateDirectoryExA
CloseHandle
FreeLibraryAndExitThread
EnumCalendarInfoExA
GetConsoleScreenBufferInfo
EnumLanguageGroupLocalesW
GetConsoleInputExeNameA
GetFileType
GetVolumePathNameA
RegisterWowBaseHandlers
QueueUserWorkItem
GetLastError
FillConsoleOutputCharacterA
SetCalendarInfoA
GetConsoleWindow
HeapLock
WriteProfileSectionA
CompareStringW
DisableThreadLibraryCalls
GetModuleFileNameA
Process32FirstW
SetHandleCount
AddConsoleAliasW
SetThreadPriority
FindNextVolumeA
DeleteFiber
WriteConsoleInputVDMW
GetProcessWorkingSetSize
VerifyConsoleIoHandle
OpenFileMappingW
OpenSemaphoreW
CommConfigDialogA
FreeLibrary
GetConsoleDisplayMode
GetFullPathNameW
FindNextFileA
ReadConsoleOutputA
QueryPerformanceCounter
_hread
MapUserPhysicalPages
ResumeThread
SetCommConfig
HeapSummary
Beep
GetThreadTimes

iassvcs

DllGetClassObject
IASSetMaxNumberOfThreads
DllRegisterServer
IASVariantChangeType
IASInitialize
IASReportEvent
IASRequestThread
IASUninitialize
IASAllocateUniqueID
IASSetMaxThreadIdle
IASRegisterComponent
DllUnregisterServer
IASRadiusCrypt
IASAdler32
DllCanUnloadNow

advpack

GetVersionFromFile

docprop

DllGetClassObject
DllCanUnloadNow

certcli

CAFindByCertType
CAGetCertTypeProperty
CASetCACertificate
CAAddCACertificateType
CAFindByIssuerDN
CAFreeCertTypeExtensions
CACountCertTypes
CASetCertTypeProperty
CACreateCertType
CAEnumCertTypes
CASetCAFlags
CASetCertTypeFlags
CAEnumNextCA

wintrust

mssip32DllUnregisterServer
CryptCATCDFOpen
TrustFreeDecode
CryptSIPCreateIndirectData
DriverCleanupPolicy
WintrustAddDefaultForUsage
WVTAsn1SpcSigInfoEncode
WTHelperOpenKnownStores
WVTAsn1SpcPeImageDataEncode
WTHelperGetFileName
OfficeCleanupPolicy
DllRegisterServer
CryptCATCatalogInfoFromContext
WVTAsn1SpcSigInfoDecode
WTHelperGetAgencyInfo
SoftpubDefCertInit
DriverInitializePolicy
CryptCATGetMemberInfo
SoftpubLoadSignature
WTHelperGetProvPrivateDataFromChain
WVTAsn1SpcStatementTypeEncode
WintrustGetRegPolicyFlags
WVTAsn1SpcFinancialCriteriaInfoDecode
CryptCATOpen
CryptCATCDFEnumMembers
WintrustCertificateTrust
MsCatFreeHashTag
CryptCATCDFEnumCatAttributes
TrustDecode
CryptCATPutMemberInfo
WTHelperProvDataFromStateData
WVTAsn1SpcFinancialCriteriaInfoEncode
WVTAsn1CatNameValueDecode
CatalogCompactHashDatabase
WVTAsn1CatMemberInfoEncode
SoftpubLoadDefUsageCallData
CryptCATPutAttrInfo
DriverFinalPolicy

Sections

.data
Size: - Virtual size: 14.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 602KB - Virtual size: 602KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5e9a27ff5d9edfc1f02ee89ef03592a0

Headers

File Characteristics

Imports

deskadp

mciwave

dinput

msoert2

sqlwoa

cliconfg

stclient

mscms

msvcp60

ws2help

pdh

ntmarta

kernel32

iassvcs

advpack

docprop

certcli

wintrust

Sections

.data Size: - Virtual size: 14.4MB

.rdata Size: 602KB - Virtual size: 602KB

.tls Size: 512B - Virtual size: 4KB

.text Size: 75KB - Virtual size: 75KB

.rsrc Size: 25KB - Virtual size: 24KB

.data
Size: - Virtual size: 14.4MB

.rdata
Size: 602KB - Virtual size: 602KB

.tls
Size: 512B - Virtual size: 4KB

.text
Size: 75KB - Virtual size: 75KB

.rsrc
Size: 25KB - Virtual size: 24KB