0775a5e666be0f337ee1c473c7a3a07f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0775a5e666be0f337ee1c473c7a3a07f_JaffaCakes118
Size

2.3MB
MD5

0775a5e666be0f337ee1c473c7a3a07f
SHA1

babc524af7837172d16ab1582c5cf7ec858b7d93
SHA256

b80b4e0cadcf31f8e30a46588bb19c42f3251cf4fdb6eb80da89b5af607eac38
SHA512

6d47ac5dac67c1a524bb17e5063c45e714c65ad5a0f6388b6425ba4de2af5dc90ccbe3214974e0aa65b15a2b2c6cb60ddcefb6866e0ed265e3abfce6f23d8635
SSDEEP

24576:mNtScQPFuESRwHJ7bq9YKWRde8JmRl6UKknwHEQIejR7ng8iPfAe58tld+5PlN2J:UaPF1yxFMw8JMQEQFih58t2NipJ0PW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0775a5e666be0f337ee1c473c7a3a07f_JaffaCakes118

Files

0775a5e666be0f337ee1c473c7a3a07f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f1ccf0b2cfa4e606459c7fe940097ea7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\ccviews\autobuild1_br-0909-044c_6.0_snapshot\amt_development\sw\src\services\uns\release\UNS.pdb

Imports

wsock32

accept
ntohs
ntohl
closesocket
__WSAFDIsSet
getsockname
getpeername
htonl
bind
listen
WSAStartup
socket
setsockopt
htons
connect
getsockopt
ioctlsocket
gethostbyname
WSACleanup
recv
send
inet_ntoa
select
WSAGetLastError
shutdown
inet_addr

crypt32

CryptProtectData
CryptUnprotectData
CertFindCertificateInStore
CertGetNameStringA
CertOpenStore

iphlpapi

GetExtendedTcpTable
GetNetworkParams

winhttp

WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryAuthSchemes
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpSetStatusCallback
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpOpen
WinHttpSetOption
WinHttpCloseHandle

advapi32

OpenProcessToken
SetSecurityDescriptorGroup
IsValidSid
GetLengthSid
CopySid
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegCreateKeyExW
RegSetValueExW
AllocateAndInitializeSid
SetEntriesInAclA
RegSetKeySecurity
FreeSid
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
EnumServicesStatusExA
GetAce
AddAce
GetAclInformation
InitializeAcl
AddAccessAllowedAce
LookupAccountNameA
SetSecurityDescriptorDacl
EqualSid
ControlService
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
StartServiceCtrlDispatcherA
CreateWellKnownSid
ConvertSidToStringSidA
DeleteService
CreateServiceA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegisterServiceCtrlHandlerExA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
OpenSCManagerA
OpenServiceA
ChangeServiceConfigA
ChangeServiceConfig2A
CloseServiceHandle
SetServiceStatus
GetTokenInformation
LookupAccountSidW
OpenThreadToken

user32

UnregisterClassA
DispatchMessageA
GetDesktopWindow
GetUserObjectInformationW
UnregisterDeviceNotification
RegisterDeviceNotificationA
wsprintfA
PostThreadMessageA
LoadStringA
MessageBoxA
CharUpperA
CharNextA
GetMessageA
TranslateMessage
GetProcessWindowStation

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA

statusstrings

GetStatusString

xerces-c_2_7

?getMessage@XMLException@xercesc_2_7@@QBEPB_WXZ
?getMessage@DOMException@xercesc_2_7@@QBEPB_WXZ
?Terminate@XMLPlatformUtils@xercesc_2_7@@SAXXZ
?fgXercescDefaultLocale@XMLUni@xercesc_2_7@@2QBDB
?Initialize@XMLPlatformUtils@xercesc_2_7@@SAXQBD0QAVPanicHandler@2@QAVMemoryManager@2@_N@Z
?error@XercesDOMParser@xercesc_2_7@@UAEXIQB_WW4ErrTypes@XMLErrorReporter@2@000JJ@Z
?attDef@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@ABVDTDAttDef@2@_N@Z
?doctypeComment@AbstractDOMParser@xercesc_2_7@@UAEXQB_W@Z
?doctypeDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@QB_W1_N2@Z
?doctypePI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0@Z
?doctypeWhitespace@AbstractDOMParser@xercesc_2_7@@UAEXQB_WI@Z
?elementDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@_N@Z
?endAttList@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@@Z
?endIntSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?endExtSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?entityDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDEntityDecl@2@_N1@Z
?resetDocType@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?notationDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLNotationDecl@2@_N@Z
?startAttList@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@@Z
?startIntSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?startExtSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?TextDecl@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0@Z
?handleElementPSVI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0PAVPSVIElement@2@@Z
?handlePartialElementPSVI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0PAVPSVIElement@2@@Z
?handleAttributesPSVI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0PAVPSVIAttributeList@2@@Z
?transcode@XMLString@xercesc_2_7@@SAPA_WQBD@Z
?fgDOMXMLDeclaration@XMLUni@xercesc_2_7@@2QB_WB
?createElementNSNode@AbstractDOMParser@xercesc_2_7@@MAEPAVDOMElement@2@PB_W0@Z
?setPSVIHandler@AbstractDOMParser@xercesc_2_7@@UAEXQAVPSVIHandler@2@@Z
?elementTypeInfo@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0@Z
?XMLDecl@AbstractDOMParser@xercesc_2_7@@UAEXQB_W000@Z
?startEntityReference@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLEntityDecl@2@@Z
?startElement@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLElementDecl@2@IQB_WABV?$RefVectorOf@VXMLAttr@xercesc_2_7@@@2@I_N3@Z
?startDocument@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?resetDocument@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?ignorableWhitespace@AbstractDOMParser@xercesc_2_7@@UAEXQB_WI_N@Z
?endEntityReference@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLEntityDecl@2@@Z
?endElement@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLElementDecl@2@I_NQB_W@Z
?endDocument@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?docPI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0@Z
?docComment@AbstractDOMParser@xercesc_2_7@@UAEXQB_W@Z
?docCharacters@AbstractDOMParser@xercesc_2_7@@UAEXQB_WI_N@Z
??0MemBufInputSource@xercesc_2_7@@QAE@QBEIQBD_NQAVMemoryManager@1@@Z
??0XercesDOMParser@xercesc_2_7@@QAE@QAVXMLValidator@1@QAVMemoryManager@1@QAVXMLGrammarPool@1@@Z
?setDoNamespaces@AbstractDOMParser@xercesc_2_7@@QAEX_N@Z
?setDoSchema@AbstractDOMParser@xercesc_2_7@@QAEX_N@Z
?setExternalNoNamespaceSchemaLocation@AbstractDOMParser@xercesc_2_7@@QAEXQBD@Z
?parse@AbstractDOMParser@xercesc_2_7@@QAEXABVInputSource@2@@Z
?getDocument@AbstractDOMParser@xercesc_2_7@@QAEPAVDOMDocument@2@XZ
??1MemBufInputSource@xercesc_2_7@@UAE@XZ
?release@XMLString@xercesc_2_7@@SAXPAPA_W@Z
?transcode@XMLString@xercesc_2_7@@SAPADQB_W@Z
?release@XMLString@xercesc_2_7@@SAXPAPAD@Z
??3XMemory@xercesc_2_7@@SAXPAX@Z
?getRawBuffer@MemBufFormatTarget@xercesc_2_7@@QBEPBEXZ
??0MemBufFormatTarget@xercesc_2_7@@QAE@HQAVMemoryManager@1@@Z
??2XMemory@xercesc_2_7@@SAPAXI@Z
?fgMemoryManager@XMLPlatformUtils@xercesc_2_7@@2PAVMemoryManager@2@A
?resolveEntity@XercesDOMParser@xercesc_2_7@@UAEPAVInputSource@2@QB_W00@Z
?resolveEntity@XercesDOMParser@xercesc_2_7@@UAEPAVInputSource@2@PAVXMLResourceIdentifier@2@@Z
?resetEntities@XercesDOMParser@xercesc_2_7@@UAEXXZ
?expandSystemId@XercesDOMParser@xercesc_2_7@@UAE_NQB_WAAVXMLBuffer@2@@Z
?resetErrors@XercesDOMParser@xercesc_2_7@@UAEXXZ
??1XercesDOMParser@xercesc_2_7@@UAE@XZ
?endInputSource@XercesDOMParser@xercesc_2_7@@UAEXABVInputSource@2@@Z
??1MemBufFormatTarget@xercesc_2_7@@UAE@XZ
?flush@XMLFormatTarget@xercesc_2_7@@UAEXXZ
?getDOMImplementation@DOMImplementationRegistry@xercesc_2_7@@SAPAVDOMImplementation@2@PB_W@Z
?startInputSource@XercesDOMParser@xercesc_2_7@@UAEXABVInputSource@2@@Z
?writeChars@MemBufFormatTarget@xercesc_2_7@@UAEXQBEIQAVXMLFormatter@2@@Z

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

dtmessagelib

?DHCI_GetDeviceInfo@@YA?AW4_DHCILibStatus@@PAU_CommunicationContext@@EAAU_DHCI_GetDeviceInfoLibResponse@@@Z
?DHCI_GetDeviceList@@YA?AW4_DHCILibStatus@@PAU_CommunicationContext@@AAU_DHCI_GetDeviceListLibResponse@@@Z
?DHCI_GetConfigOperationalContext@@YA?AW4_DHCILibStatus@@PAU_CommunicationContext@@AAU_DHCI_GetConfigOperationalContextLibResponse@@@Z
?CommunicationContextConstructor@@YAPAU_CommunicationContext@@P6AEPAU1@@Z@Z
?CreateError@@YAXPAU_CommunicationContext@@GG@Z
?TerminateCom@@YAXPAPAU_CommunicationContext@@@Z

kernel32

SetHandleCount
VirtualFree
HeapCreate
HeapDestroy
HeapSize
SetStdHandle
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFullPathNameA
GetFullPathNameW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetConsoleMode
ReadConsoleInputA
ExitThread
FindFirstFileA
GetOEMCP
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
SetConsoleCtrlHandler
GetStartupInfoA
GetProcessHeap
GetCurrentDirectoryA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
GetCPInfo
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapAlloc
HeapFree
RtlUnwind
GetThreadLocale
GetLocaleInfoA
GetACP
TlsFree
LCMapStringW
LCMapStringA
FindFirstFileW
GetDriveTypeW
ExitProcess
UnlockFile
LockFile
GetDriveTypeA
ReleaseSemaphore
CreateSemaphoreA
TlsGetValue
DuplicateHandle
TlsSetValue
TlsAlloc
CreateMutexA
ResumeThread
InterlockedExchange
FlushConsoleInputBuffer
GetVersionExA
GlobalMemoryStatus
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
GetStdHandle
GetFileType
GetVersion
SetErrorMode
LoadLibraryA
GetComputerNameA
GlobalAlloc
GlobalFree
SetLastError
ReleaseMutex
GetProcAddress
GetLogicalDrives
GetVolumeInformationW
DeviceIoControl
WriteFile
ReadFile
GetOverlappedResult
CreateFileA
OpenEventA
ResetEvent
FormatMessageA
OutputDebugStringA
OpenProcess
WaitForMultipleObjects
GetSystemTime
InterlockedDecrement
InterlockedIncrement
CreateEventA
CreateThread
RaiseException
IsDBCSLeadByte
lstrcmpiA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileW
GetCommandLineA
LocalFree
LocalAlloc
Sleep
GetLastError
GetCurrentThreadId
CloseHandle
GetCurrentProcess
GetCurrentThread
GetSystemDefaultLCID
lstrlenW
lstrlenA
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
SetEvent
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA

shell32

SHGetFolderPathA

ole32

CoInitializeSecurity
CoCreateInstance
CoResumeClassObjects
CoRevokeClassObject
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CoUninitialize
CoRegisterClassObject
CoSuspendClassObjects
CoRevertToSelf
CoImpersonateClient
StringFromGUID2

oleaut32

SafeArrayCreate
SysFreeString
RegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
VarUI4FromStr
UnRegisterTypeLi
LoadRegTypeLi
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
SysStringByteLen
SafeArrayGetUBound
SafeArrayPutElement
SafeArrayCreateVector
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayGetVartype
SafeArrayCopy
SafeArrayGetLBound

shlwapi

StrTrimA

ws2_32

WSASetLastError

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 396KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 88KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.srdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f1ccf0b2cfa4e606459c7fe940097ea7

Headers

File Characteristics

PDB Paths

Imports

wsock32

crypt32

iphlpapi

winhttp

advapi32

user32

rpcrt4

setupapi

statusstrings

xerces-c_2_7

version

dtmessagelib

kernel32

shell32

ole32

oleaut32

shlwapi

ws2_32

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 396KB - Virtual size: 392KB

.data Size: 88KB - Virtual size: 116KB

.rsrc Size: 28KB - Virtual size: 24KB

.srdata Size: 68KB - Virtual size: 68KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 396KB - Virtual size: 392KB

.data
Size: 88KB - Virtual size: 116KB

.rsrc
Size: 28KB - Virtual size: 24KB

.srdata
Size: 68KB - Virtual size: 68KB