817e467fea874efbbe456494c7d57fbc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

817e467fea874efbbe456494c7d57fbc_JaffaCakes118
Size

1.3MB
MD5

817e467fea874efbbe456494c7d57fbc
SHA1

6f04da313507bc9afb13178458a418e3ea6539b1
SHA256

9ed3c768dba367b87cd0fd77a6bd1dafe480211ca0b2c75880e1ec1377a0e59f
SHA512

61e37d07c02a9c579502058db39b26eac0ba775070261e34f49e4e36c7a7e4dd1ce67eaad4f4f18efdb077504fe79811314bd8ed7dea2e5f9bde89ee73e2b731
SSDEEP

12288:ttOKFaCkmJBDr2/zBRiHJiauNgC2ywE2MDenHL6HLOHLtsjR/QgIsjFRZQY6IHLn:PnnBDDrHiauNgOetucWTSmVJizUe+Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
817e467fea874efbbe456494c7d57fbc_JaffaCakes118

Files

817e467fea874efbbe456494c7d57fbc_JaffaCakes118
.exe windows:4 windows x64 arch:x64

72db49955eff10c9fc56d71af95378b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
GetTokenInformation
LookupPrivilegeValueA
LsaAddAccountRights
LsaClose
LsaEnumerateAccountRights
LsaFreeMemory
LsaOpenPolicy
OpenProcessToken

kernel32

CloseHandle
DeleteCriticalSection
EnterCriticalSection
FormatMessageA
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLargePageMinimum
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LocalAlloc
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadConsoleA
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleMode
SetConsoleTextAttribute
SetThreadAffinityMask
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoA
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__mb_cur_max
__set_app_type
__setusermatherr
_acmdln
_aligned_free
_aligned_malloc
_amsg_exit
_cexit
_errno
_fmode
_initterm
_localtime64
_lock
_onexit
_stricmp
_strnicmp
_time64
_unlock
_vsnprintf
abort
calloc
exit
fclose
fflush
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
localeconv
malloc
memchr
memcmp
memcpy
memmove
rand
realloc
rewind
signal
srand
strchr
strcmp
strerror
strftime
strlen
strncmp
strstr
strtol
tolower
toupper
vfprintf
wcslen

libwinpthread-1

pthread_cond_timedwait
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_unlock
pthread_once

shell32

ShellExecuteExA

libstdc++-6

_ZNKSt5ctypeIcE13_M_widen_initEv
_ZNKSt6locale2id5_M_idEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5rfindEPKcyy
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7compareEPKc
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7compareERKS4_
_ZNKSt9type_infoeqERKS_
_ZNSi10_M_extractIlEERSiRT_
_ZNSi10_M_extractIxEERSiRT_
_ZNSi6ignoreExi
_ZNSirsERi
_ZNSo3putEc
_ZNSo5flushEv
_ZNSt11logic_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt11logic_errorC2ERKS_
_ZNSt11regex_errorD1Ev
_ZNSt11this_thread11__sleep_forENSt6chrono8durationIxSt5ratioILx1ELx1EEEENS1_IxS2_ILx1ELx1000000000EEEE
_ZNSt12__basic_fileIcED1Ev
_ZNSt12future_errorD1Ev
_ZNSt13__future_base12_Result_baseC2Ev
_ZNSt13__future_base12_Result_baseD2Ev
_ZNSt13basic_filebufIcSt11char_traitsIcEE4openEPKcSt13_Ios_Openmode
_ZNSt13basic_filebufIcSt11char_traitsIcEE5closeEv
_ZNSt13basic_filebufIcSt11char_traitsIcEEC1Ev
_ZNSt13basic_filebufIcSt11char_traitsIcEED1Ev
_ZNSt13runtime_errorC2EPKc
_ZNSt14basic_ofstreamIcSt11char_traitsIcEED1Ev
_ZNSt15__exception_ptr13exception_ptr4swapERS0_
_ZNSt15__exception_ptr13exception_ptrD1Ev
_ZNSt18condition_variable10notify_allEv
_ZNSt18condition_variable10notify_oneEv
_ZNSt18condition_variable4waitERSt11unique_lockISt5mutexE
_ZNSt18condition_variableC1Ev
_ZNSt18condition_variableD1Ev
_ZNSt5ctypeIcE2idE
_ZNSt6chrono3_V212steady_clock3nowEv
_ZNSt6chrono3_V212system_clock3nowEv
_ZNSt6localeC1ERKS_
_ZNSt6localeC1Ev
_ZNSt6localeD1Ev
_ZNSt6localeaSERKS_
_ZNSt6thread15_M_start_threadESt10unique_ptrINS_6_StateESt14default_deleteIS1_EEPFvvE
_ZNSt6thread4joinEv
_ZNSt6thread6_StateD2Ev
_ZNSt6thread6detachEv
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE10_M_replaceEyyPKcy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE12_M_constructEyc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE14_M_replace_auxEyyyc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6appendEPKc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6assignEPKc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6resizeEyc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7reserveEy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE8_M_eraseEyy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_appendEPKcy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_assignERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_createERyy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_mutateEyyPKcy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9push_backEc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1ERKS4_yy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSEOS4_
_ZNSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEE7_M_syncEPcyy
_ZNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt8__detail15_List_node_base7_M_hookEPS0_
_ZNSt8__detail15_List_node_base9_M_unhookEv
_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZNSt8ios_baseC2Ev
_ZNSt8ios_baseD2Ev
_ZNSt9basic_iosIcSt11char_traitsIcEE4initEPSt15basic_streambufIcS1_E
_ZNSt9basic_iosIcSt11char_traitsIcEE5clearESt12_Ios_Iostate
_ZSt14__once_functor
_ZSt15future_categoryv
_ZSt16__get_once_mutexv
_ZSt16__ostream_insertIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_PKS3_x
_ZSt16__throw_bad_castv
_ZSt17__throw_bad_allocv
_ZSt17current_exceptionv
_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPSt18_Rb_tree_node_base
_ZSt19__throw_logic_errorPKc
_ZSt19__throw_regex_errorNSt15regex_constants10error_typeE
_ZSt20__throw_future_errori
_ZSt20__throw_length_errorPKc
_ZSt20__throw_system_errori
_ZSt24__throw_out_of_range_fmtPKcz
_ZSt25__throw_bad_function_callv
_ZSt27__set_once_functor_lock_ptrPSt11unique_lockISt5mutexE
_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_
_ZSt3cin
_ZSt4cout
_ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_
_ZSt7getlineIcSt11char_traitsIcESaIcEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EES4_
_ZSt9terminatev
_ZSt9use_facetINSt7__cxx117collateIcEEERKT_RKSt6locale
_ZSt9use_facetISt5ctypeIcEERKT_RKSt6locale
_ZStrsIcSt11char_traitsIcESaIcEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EE
_ZTTNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEEE
_ZTTSt14basic_ifstreamIcSt11char_traitsIcEE
_ZTTSt14basic_ofstreamIcSt11char_traitsIcEE
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVN10__cxxabiv121__vmi_class_type_infoE
_ZTVNSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEEE
_ZTVNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEEE
_ZTVSt11regex_error
_ZTVSt12future_error
_ZTVSt13basic_filebufIcSt11char_traitsIcEE
_ZTVSt14basic_ifstreamIcSt11char_traitsIcEE
_ZTVSt14basic_ofstreamIcSt11char_traitsIcEE
_ZTVSt15basic_streambufIcSt11char_traitsIcEE
_ZTVSt9basic_iosIcSt11char_traitsIcEE
_ZdaPv
_ZdlPv
_Znay
_Znwy
__cxa_allocate_exception
__cxa_bad_cast
__cxa_begin_catch
__cxa_end_catch
__cxa_free_exception
__cxa_guard_abort
__cxa_guard_acquire
__cxa_guard_release
__cxa_rethrow
__cxa_throw
__cxa_throw_bad_array_new_length
__dynamic_cast
__gxx_personality_seh0
__once_proxy

ws2_32

freeaddrinfo
getaddrinfo
getnameinfo

wsock32

WSAGetLastError
WSAStartup
closesocket
connect
getpeername
inet_ntoa
recv
send
setsockopt
shutdown
socket

libcrypto-10

BIO_ctrl
BIO_f_base64
BIO_free
BIO_free_all
BIO_new
BIO_push
BIO_puts
BIO_read
BIO_s_mem
BIO_set_flags
BIO_write
ERR_load_BIO_strings
ERR_load_crypto_strings
ERR_print_errors
EVP_get_digestbyname
OpenSSL_add_all_digests
X509_digest
X509_free

libmicrohttpd-12

MHD_add_response_header
MHD_create_response_from_buffer
MHD_destroy_response
MHD_digest_auth_check
MHD_digest_auth_get_username
MHD_lookup_connection_value
MHD_queue_auth_fail_response
MHD_queue_response
MHD_start_daemon

libssl-10

BIO_new_ssl_connect
SSL_CTX_ctrl
SSL_CTX_new
SSL_get_peer_certificate
SSL_library_init
SSL_load_error_strings
SSL_set_cipher_list
SSLv23_method

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

72db49955eff10c9fc56d71af95378b9

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

libwinpthread-1

shell32

libstdc++-6

ws2_32

wsock32

libcrypto-10

libmicrohttpd-12

libssl-10

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.data Size: 2KB - Virtual size: 2KB

.rdata Size: 59KB - Virtual size: 59KB

.pdata Size: 9KB - Virtual size: 9KB

.xdata Size: 25KB - Virtual size: 24KB

.bss Size: - Virtual size: 5KB

.idata Size: 15KB - Virtual size: 14KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 104B

.text
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 2KB - Virtual size: 2KB

.rdata
Size: 59KB - Virtual size: 59KB

.pdata
Size: 9KB - Virtual size: 9KB

.xdata
Size: 25KB - Virtual size: 24KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 15KB - Virtual size: 14KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 104B