0f98cc1136060b43aa86417588d7269f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0f98cc1136060b43aa86417588d7269f_JaffaCakes118
Size

49KB
MD5

0f98cc1136060b43aa86417588d7269f
SHA1

9385b494ad9d6fd256910797b6029d28b920193d
SHA256

9b1895cfe75b5577ea5d4f0ea027bfe82fda3b5139efc5624bbc47f759260e42
SHA512

c95501e3e18f070cfa87ebe5cf772ec54280899cfe7d7265c6e377fa7ef0b2e479472672f241015bea2ef5f80575c224680fd980f5730735d4d5d3040998b29b
SSDEEP

1536:394hc18rAcuCsXYITzJzZmFvPjOSRqgBcGM:t4hc18rAcuCsXDlQjOAqgp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f98cc1136060b43aa86417588d7269f_JaffaCakes118

Files

0f98cc1136060b43aa86417588d7269f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

efb11aaec790eb31ca41fe21b92dc948

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rtm

RtmGetFirstRoute
RtmCreateEnumerationHandle
RtmReleaseRouteInfo
RtmRegisterForChangeNotification
InsertIntoTable
RtmBlockDeleteRoutes
RtmCreateDestEnum
RtmBlockSetRouteEnable
MgmGroupEnumerationEnd
MgmDeRegisterMProtocol
RtmGetNextRoute
RtmCreateRouteListEnum
RtmDequeueRouteChangeMessage
DeleteFromTable
MgmDeInitialize
RtmGetExactMatchDestination
RtmHoldDestination
RtmGetMostSpecificDestination
MgmGetMfe
MgmInitialize
MgmGetNextMfe
RtmReleaseNextHops
MgmDeleteGroupMembershipEntry
RtmInvokeMethod
RtmGetRouteAge
SearchInTable
RtmReadAddressFamilyConfig

winscard

SCardStatusA
SCardTransmit
SCardReleaseContext
SCardForgetCardTypeA
g_rgSCardT1Pci
SCardIntroduceReaderW
SCardReconnect
SCardIntroduceCardTypeW
SCardGetAttrib
SCardSetCardTypeProviderNameA
SCardListReaderGroupsW
SCardStatusW
SCardLocateCardsW
SCardReleaseStartedEvent
SCardFreeMemory
SCardIntroduceReaderGroupA
SCardAddReaderToGroupA
SCardListReaderGroupsA
SCardListInterfacesW
SCardIntroduceReaderGroupW
SCardIsValidContext
SCardLocateCardsByATRA
SCardEstablishContext
SCardGetStatusChangeW
SCardAccessNewReaderEvent
SCardListCardsW
SCardSetCardTypeProviderNameW
SCardGetCardTypeProviderNameW
SCardGetCardTypeProviderNameA
SCardIntroduceCardTypeA

wldap32

ldap_first_attribute
ldap_create_page_controlA
ber_peek_tag
ldap_escape_filter_elementW
ldap_delete_extA
ldap_search_sA
ldap_modify_ext_s
ldap_explode_dn
ldap_compare_ext
ldap_err2stringA
ldap_rename_ext_sA
ber_printf
ldap_get_optionA
ldap_set_dbg_routine
ldap_modify_ext
ber_skip_tag
ldap_parse_referenceA
ldap_first_attributeA
ldap_ufn2dn
ldap_add_ext
LdapMapErrorToWin32
ldap_encode_sort_controlA
ldap_modrdn_sW
ldap_next_entry
ldap_extended_operation
ldap_check_filterW
ldap_search_ext_s
ldap_modrdnW
ldap_extended_operation_sA
ldap_count_valuesW
ldap_modify_extA
ldap_addA
ldap_control_free
ldap_compare
ber_next_element
ldap_get_valuesW
ldap_memfree
ldap_delete_ext_sA
ldap_modify_ext_sA
ldap_next_reference
ldap_cleanup
ldap_perror

msvcirt

?pcount@strstream@@QBEHXZ
??_Eofstream@@UAEPAXI@Z
?put@ostream@@QAEAAV1@E@Z
?attach@fstream@@QAEXH@Z
??_8ostream@@7B@
??0ifstream@@QAE@HPADH@Z
?rdbuf@ostrstream@@QBEPAVstrstreambuf@@XZ
?fill@ios@@QAEDD@Z
?underflow@strstreambuf@@UAEHXZ
?writepad@ostream@@AAEAAV1@PBD0@Z
??0istream_withassign@@QAE@XZ
?setmode@fstream@@QAEHH@Z
?lock@ios@@QAAXXZ
?stossc@streambuf@@QAEXXZ
?ws@@YAAAVistream@@AAV1@@Z
?is_open@fstream@@QBEHXZ
?get@istream@@QAEAAV1@AAD@Z
?setf@ios@@QAEJJ@Z
?setmode@ofstream@@QAEHH@Z
??0stdiobuf@@QAE@PAU_iobuf@@@Z
?precision@ios@@QAEHH@Z
?unbuffered@streambuf@@IAEXH@Z
?xalloc@ios@@SAHXZ
??6ostream@@QAEAAV0@N@Z
?rdstate@ios@@QBEHXZ
?precision@ios@@QBEHXZ
?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
?get@istream@@QAEAAV1@PADHD@Z
?fd@ifstream@@QBEHXZ
?x_maxbit@ios@@0JA
?sync_with_stdio@ios@@SAXXZ
??_7ifstream@@6B@
??5istream@@QAEAAV0@AAF@Z
??1ios@@UAE@XZ
?stdiofile@stdiobuf@@QAEPAU_iobuf@@XZ
??0strstreambuf@@QAE@PADH0@Z
?sync@filebuf@@UAEHXZ
?pbackfail@stdiobuf@@UAEHH@Z

kernel32

VirtualAlloc
SleepEx
VirtualUnlock
LoadLibraryA
ReadConsoleInputExW
ConvertDefaultLocale
SetThreadUILanguage
WideCharToMultiByte
SearchPathA
GetEnvironmentStrings
EnumResourceTypesW
FindFirstVolumeA
GetFileSize
RegisterConsoleVDM
PeekNamedPipe
SetThreadPriority
lstrlen
LocalFree
_hread
GetTimeFormatW
SetLastConsoleEventActive
OpenSemaphoreW
TransactNamedPipe
FreeResource
LZOpenFileW
WriteConsoleInputVDMW
FatalAppExitA
MoveFileWithProgressW
OutputDebugStringA
SetProcessPriorityBoost
BeginUpdateResourceW
AddAtomA
Process32NextW
OpenFileMappingA
CommConfigDialogA
GetPrivateProfileIntA
GlobalGetAtomNameW
CommConfigDialogW
GetEnvironmentStringsA
SetTermsrvAppInstallMode
GetDriveTypeA
GetModuleHandleExA
QueryPerformanceCounter
GetSystemDefaultUILanguage
LocalHandle
GetFileAttributesExW
GetNumaProcessorNode
InitializeSListHead
UTRegister
RegisterWaitForSingleObject
GetSystemInfo
SwitchToThread
VerifyVersionInfoA
SetConsoleIcon
WaitCommEvent
EnumerateLocalComputerNamesA
ResetEvent
GetVersion
ExpandEnvironmentStringsA
GetWriteWatch
LocalReAlloc
HeapSize
DefineDosDeviceA
SetComPlusPackageInstallStatus
FindAtomA
RemoveLocalAlternateComputerNameA
HeapCreate
InvalidateConsoleDIBits
GetComputerNameA
DelayLoadFailureHook
GetCurrentThread

msvcrt40

_beginthreadex
_getw
__RTtypeid
tan
_ctype
_safe_fprem1
sinh
??_Glogic_error@@UAEPAXI@Z
??1iostream@@UAE@XZ
exp
??0ios@@IAE@ABV0@@Z
??1ostream@@UAE@XZ
?setbuf@filebuf@@UAEPAVstreambuf@@PADH@Z
?fd@ifstream@@QBEHXZ
iswctype
vprintf
_safe_fdiv
isspace
free
??0ostream@@IAE@ABV0@@Z
isupper
?unlockc@ios@@KAXXZ
wcscat
_memicmp
??_8ostrstream@@7B@
_flushall
?setbuf@ofstream@@QAEPAVstreambuf@@PADH@Z
?is_open@fstream@@QBEHXZ
_lrotr
?tellp@ostream@@QAEJXZ
is_wctype
__threadid
_wexeclpe
?setlock@streambuf@@QAEXXZ
??0streambuf@@IAE@XZ
_heapmin
_getch
_strnicmp

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

efb11aaec790eb31ca41fe21b92dc948

Headers

DLL Characteristics

File Characteristics

Imports

rtm

winscard

wldap32

msvcirt

kernel32

msvcrt40

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 7KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 52KB

.rsrc Size: 3KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 7KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 52KB

.rsrc
Size: 3KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB