0b2cca7f95b9450c9ed890227199a7e1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b2cca7f95b9450c9ed890227199a7e1_JaffaCakes118
Size

2.0MB
MD5

0b2cca7f95b9450c9ed890227199a7e1
SHA1

f5171693397edecf8e41fd555626a12be544881b
SHA256

ac218ec43054c4ce6dc445716bda7086845786b83eccfd099a3791c7e2bccaa8
SHA512

950d7943246d5cbbbee1551f5c1989b072bd6defca3b0b6230684183e70528dcd1df3faec3d77b7eb326d08052cba4c0887422b1fb2efa757884dbf22a4f4bfb
SSDEEP

24576:FfF7ukZwMnrzVlG89pq+GDTUsSNcJlF/7xGnskSeGeB0dBrgeLFJ1JWSgwQpwB3J:bZwMnbGrRhnF/S8eNMrgBpwB3nl1Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b2cca7f95b9450c9ed890227199a7e1_JaffaCakes118

Files

0b2cca7f95b9450c9ed890227199a7e1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3612f08538d5b23457ef908a286fee93

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_ntoa
select
WSAGetLastError
WSAStartup
socket
gethostbyname
htons
bind
ioctlsocket
getsockopt
listen
getsockname
ntohs
accept
recv
send
WSACleanup
connect
htonl
__WSAFDIsSet
ntohl
shutdown
WSASetLastError
inet_addr
closesocket
setsockopt

crypt32

CertOpenStore
CertFindCertificateInStore
CertGetNameStringA
CryptProtectData
CryptUnprotectData

iphlpapi

GetNetworkParams

winhttp

WinHttpConnect
WinHttpOpenRequest
WinHttpOpen
WinHttpSetOption
WinHttpCloseHandle
WinHttpCrackUrl
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpSetStatusCallback

advapi32

OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
SetServiceStatus
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
AllocateAndInitializeSid
CreateWellKnownSid
SetEntriesInAclA
RegSetKeySecurity
FreeSid
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
ReportEventA
DeregisterEventSource
RegCloseKey
RegisterEventSourceA
GetAce
AddAce
GetAclInformation
InitializeAcl
AddAccessAllowedAce
LookupAccountNameA
GetTokenInformation
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
IsValidSid
GetLengthSid
CopySid
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
AddAccessDeniedAce

user32

RegisterDeviceNotificationA
LoadStringA
wsprintfA
GetProcessWindowStation
GetUserObjectInformationW
PostThreadMessageA
UnregisterDeviceNotification
GetDesktopWindow
MessageBoxA

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces

statusstrings

GetStatusString

xerces-c_2_7

??1XercesDOMParser@xercesc_2_7@@UAE@XZ
?handleAttributesPSVI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0PAVPSVIAttributeList@2@@Z
?handlePartialElementPSVI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0PAVPSVIElement@2@@Z
?handleElementPSVI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0PAVPSVIElement@2@@Z
?TextDecl@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0@Z
?startExtSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?startIntSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?startAttList@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@@Z
?notationDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLNotationDecl@2@_N@Z
?resetDocType@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?entityDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDEntityDecl@2@_N1@Z
?endExtSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?endIntSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?endAttList@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@@Z
?elementDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@_N@Z
?doctypeWhitespace@AbstractDOMParser@xercesc_2_7@@UAEXQB_WI@Z
?doctypePI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0@Z
?doctypeDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@QB_W1_N2@Z
?doctypeComment@AbstractDOMParser@xercesc_2_7@@UAEXQB_W@Z
?attDef@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@ABVDTDAttDef@2@_N@Z
?startInputSource@XercesDOMParser@xercesc_2_7@@UAEXABVInputSource@2@@Z
?resolveEntity@XercesDOMParser@xercesc_2_7@@UAEPAVInputSource@2@QB_W00@Z
?resolveEntity@XercesDOMParser@xercesc_2_7@@UAEPAVInputSource@2@PAVXMLResourceIdentifier@2@@Z
?resetEntities@XercesDOMParser@xercesc_2_7@@UAEXXZ
?expandSystemId@XercesDOMParser@xercesc_2_7@@UAE_NQB_WAAVXMLBuffer@2@@Z
?endInputSource@XercesDOMParser@xercesc_2_7@@UAEXABVInputSource@2@@Z
?resetErrors@XercesDOMParser@xercesc_2_7@@UAEXXZ
?error@XercesDOMParser@xercesc_2_7@@UAEXIQB_WW4ErrTypes@XMLErrorReporter@2@000JJ@Z
?createElementNSNode@AbstractDOMParser@xercesc_2_7@@MAEPAVDOMElement@2@PB_W0@Z
?setPSVIHandler@AbstractDOMParser@xercesc_2_7@@UAEXQAVPSVIHandler@2@@Z
?elementTypeInfo@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0@Z
?XMLDecl@AbstractDOMParser@xercesc_2_7@@UAEXQB_W000@Z
?startEntityReference@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLEntityDecl@2@@Z
?startElement@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLElementDecl@2@IQB_WABV?$RefVectorOf@VXMLAttr@xercesc_2_7@@@2@I_N3@Z
?startDocument@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?resetDocument@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?ignorableWhitespace@AbstractDOMParser@xercesc_2_7@@UAEXQB_WI_N@Z
?endEntityReference@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLEntityDecl@2@@Z
?endElement@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLElementDecl@2@I_NQB_W@Z
?endDocument@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?docPI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0@Z
?docComment@AbstractDOMParser@xercesc_2_7@@UAEXQB_W@Z
?docCharacters@AbstractDOMParser@xercesc_2_7@@UAEXQB_WI_N@Z
??0MemBufInputSource@xercesc_2_7@@QAE@QBEIQBD_NQAVMemoryManager@1@@Z
??0XercesDOMParser@xercesc_2_7@@QAE@QAVXMLValidator@1@QAVMemoryManager@1@QAVXMLGrammarPool@1@@Z
?setDoNamespaces@AbstractDOMParser@xercesc_2_7@@QAEX_N@Z
?setDoSchema@AbstractDOMParser@xercesc_2_7@@QAEX_N@Z
?setExternalNoNamespaceSchemaLocation@AbstractDOMParser@xercesc_2_7@@QAEXQBD@Z
?parse@AbstractDOMParser@xercesc_2_7@@QAEXABVInputSource@2@@Z
?getDocument@AbstractDOMParser@xercesc_2_7@@QAEPAVDOMDocument@2@XZ
??1MemBufInputSource@xercesc_2_7@@UAE@XZ
??1MemBufFormatTarget@xercesc_2_7@@UAE@XZ
?flush@XMLFormatTarget@xercesc_2_7@@UAEXXZ
?writeChars@MemBufFormatTarget@xercesc_2_7@@UAEXQBEIQAVXMLFormatter@2@@Z
?getDOMImplementation@DOMImplementationRegistry@xercesc_2_7@@SAPAVDOMImplementation@2@PB_W@Z
?fgMemoryManager@XMLPlatformUtils@xercesc_2_7@@2PAVMemoryManager@2@A
??2XMemory@xercesc_2_7@@SAPAXI@Z
??0MemBufFormatTarget@xercesc_2_7@@QAE@HQAVMemoryManager@1@@Z
?getRawBuffer@MemBufFormatTarget@xercesc_2_7@@QBEPBEXZ
??3XMemory@xercesc_2_7@@SAXPAX@Z
?release@XMLString@xercesc_2_7@@SAXPAPAD@Z
?transcode@XMLString@xercesc_2_7@@SAPADQB_W@Z
?release@XMLString@xercesc_2_7@@SAXPAPA_W@Z
?transcode@XMLString@xercesc_2_7@@SAPA_WQBD@Z
?getMessage@XMLException@xercesc_2_7@@QBEPB_WXZ
?getMessage@DOMException@xercesc_2_7@@QBEPB_WXZ
?Terminate@XMLPlatformUtils@xercesc_2_7@@SAXXZ
?fgXercescDefaultLocale@XMLUni@xercesc_2_7@@2QBDB
?Initialize@XMLPlatformUtils@xercesc_2_7@@SAXQBD0QAVPanicHandler@2@QAVMemoryManager@2@_N@Z
?fgDOMXMLDeclaration@XMLUni@xercesc_2_7@@2QB_WB

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

DuplicateHandle
TlsSetValue
TlsAlloc
CreateMutexA
TlsGetValue
MultiByteToWideChar
CreateSemaphoreA
ReleaseSemaphore
Sleep
GetVersion
GetFileType
GetStdHandle
GetTickCount
QueryPerformanceCounter
ResumeThread
GlobalMemoryStatus
FlushConsoleInputBuffer
InterlockedExchange
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
WideCharToMultiByte
GetCurrentProcessId
GetVersionExA
DeviceIoControl
WriteFile
CreateEventA
ReadFile
GetOverlappedResult
CreateFileA
GetTimeZoneInformation
CreateFileMappingA
UnmapViewOfFile
OpenFileMappingA
MapViewOfFile
LeaveCriticalSection
EnterCriticalSection
FormatMessageA
SetLastError
WaitForSingleObject
CreateFileW
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetFullPathNameW
GetFullPathNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
SetStdHandle
GetOEMCP
GetACP
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
FlushFileBuffers
HeapSize
GetStartupInfoA
SetHandleCount
TlsFree
LCMapStringW
LCMapStringA
FindFirstFileW
GetDriveTypeW
ExitProcess
UnlockFile
LockFile
SetConsoleMode
ReadConsoleInputA
CreateThread
ExitThread
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
SetConsoleCtrlHandler
GetProcessHeap
GetCommandLineA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetDateFormatA
GetTimeFormatA
GetCPInfo
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
GetCurrentDirectoryA
ReleaseMutex
HeapFree
LocalAlloc
lstrlenA
GetModuleFileNameA
GetCurrentThread
LocalFree
GetLastError
GlobalFree
GlobalAlloc
FreeLibrary
GetCurrentProcess
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleHandleA
GetCurrentThreadId
DeleteCriticalSection
RaiseException
SetEvent
InterlockedDecrement
InitializeCriticalSection
OutputDebugStringA
CloseHandle

shell32

SHGetFolderPathA

ole32

CoSetProxyBlanket
CoTaskMemFree
CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 80KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.srdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3612f08538d5b23457ef908a286fee93

Headers

File Characteristics

Imports

wsock32

crypt32

iphlpapi

winhttp

advapi32

user32

rpcrt4

setupapi

statusstrings

xerces-c_2_7

version

kernel32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 348KB - Virtual size: 347KB

.data Size: 80KB - Virtual size: 112KB

.rsrc Size: 12KB - Virtual size: 9KB

.srdata Size: 72KB - Virtual size: 72KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 348KB - Virtual size: 347KB

.data
Size: 80KB - Virtual size: 112KB

.rsrc
Size: 12KB - Virtual size: 9KB

.srdata
Size: 72KB - Virtual size: 72KB