0db6ad84c46f49f509dff9e66b76e9b3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0db6ad84c46f49f509dff9e66b76e9b3_JaffaCakes118
Size

826KB
MD5

0db6ad84c46f49f509dff9e66b76e9b3
SHA1

0fb905c74001e6dcbf0bee184fe2623bec269586
SHA256

8f79003e76c8802c6af196736cc909c297757abfa4cd5c788d82d4e82a7567c3
SHA512

4e8363f0b26c429c499cb0a7d3100420906c66b9f9638b4cdb22506976a9ec339ee603e9233aeec14401e9cdf9ab9dbc9c65812ed548c71f51f0bbade623f08f
SSDEEP

24576:dbV63Uxy1zjA+RlI4JR+nhyB+te3RTc9tu5J:dbVAuy1HdTI4R+EB+te3RTc9GJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0db6ad84c46f49f509dff9e66b76e9b3_JaffaCakes118

Files

0db6ad84c46f49f509dff9e66b76e9b3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ebff4fcd8aa1a83d3b964b1ef83ddcbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp60

?id@?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?open@?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEXPBDF@Z
?_Mode@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEHH@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?min@?$numeric_limits@_N@std@@SA_NXZ
?_Isnan@?$_Ctr@M@std@@SA_NM@Z
?_Getcat@?$moneypunct@D$0A@@std@@SAIXZ
??8std@@YA_NABV?$complex@M@0@ABM@Z
??_8?$basic_ifstream@GU?$char_traits@G@std@@@std@@7B@
??_0std@@YAAAV?$complex@N@0@AAV10@ABV10@@Z
?min@?$numeric_limits@E@std@@SAEXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cos@std@@YA?AV?$complex@O@1@ABV21@@Z
?id@?$moneypunct@G$00@std@@2V0locale@2@A
?is@?$ctype@G@std@@QBE_NFG@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
?_Doraise@range_error@std@@MBEXXZ
?ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?resetiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_7?$messages@D@std@@6B@
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
??_0std@@YAAAV?$complex@M@0@AAV10@ABV10@@Z
?_Init_cnt@_Winit@std@@0HA
??X?$_Complex_base@N@std@@QAEAAV01@ABN@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?do_always_noconv@?$codecvt@GDH@std@@MBE_NXZ
?copy@?$char_traits@G@std@@SAPAGPAGPBGI@Z
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDF@Z
?epsilon@?$numeric_limits@M@std@@SAMXZ
?copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPADII@Z

netapi32

NetFileGetInfo
NetRenameMachineInDomain
NetMessageNameAdd
NetDfsAddStdRootForced
I_BrowserQueryEmulatedDomains
NetpwPathType
I_NetServerTrustPasswordsGet
DsRoleDcAsReplica
NetGetDisplayInformationIndex
RxNetServerEnum
DsGetDcSiteCoverageW
NetLocalGroupAddMember
I_NetServerPasswordGet
NetServerComputerNameDel
NetServerTransportDel
NetBrowserStatisticsGet
NetReplImportDirGetInfo
NetServerSetInfo
DsGetDcNameWithAccountW
NetReplImportDirDel
I_NetServerPasswordSet2
NetDfsManagerGetConfigInfo
NetRemoteTOD
NetpwPathCanonicalize
NetScheduleJobEnum
NetErrorLogClear
I_NetLogonSamLogonWithFlags
DsAddressToSiteNamesA
NetLocalGroupSetMembers
DsValidateSubnetNameW
NetGroupDel
NetUseEnum
RxNetAccessGetUserPerms
NetAlertRaiseEx
NetApiBufferAllocate
NetGroupGetInfo
NetServerEnum
NetLocalGroupGetMembers
NetpAddTlnFtinfoEntry
NetReplImportDirEnum
DsRoleDemoteDc
NetpOpenConfigData
NetApiBufferSize
DsGetDcOpenW

user32

DlgDirSelectExA
WINNLSEnableIME
IsChild
SetActiveWindow
CreateDesktopW
PaintMenuBar
SystemParametersInfoW
GetWindowLongW
FreeDDElParam
SetMenuItemInfoA
AlignRects
RecordShutdownReason
EnumDesktopsA
CloseClipboard
DefMDIChildProcW
MapVirtualKeyA
GetMessagePos
ActivateKeyboardLayout
OemToCharA
GetRawInputBuffer
DeviceEventWorker
RegisterClipboardFormatW
AnimateWindow
mouse_event
IsDialogMessageA
DdeQueryStringA
GetSystemMenu
GetFocus
DestroyMenu
wsprintfA
DdeAccessData
GetKeyboardLayout
MessageBoxTimeoutA
EnumPropsW
GetWindowDC
IsDialogMessageW
PrivateExtractIconExW
SetScrollPos
GetDlgItemTextA
DlgDirSelectExW
GetClassInfoExA
DdeKeepStringHandle
PostMessageW
GetGuiResources
MessageBoxIndirectA
RegisterDeviceNotificationA
InSendMessage
LoadImageW
CharPrevA
ShowStartGlass
SetCapture
LockWindowUpdate
DialogBoxParamW
DdeCreateStringHandleA
DestroyCaret
SetTimer
GetMenuContextHelpId
DdeCmpStringHandles
CopyIcon
DdeConnect
SetScrollInfo
DdeFreeDataHandle
DdeImpersonateClient
DefMDIChildProcA
TrackPopupMenu
DlgDirSelectComboBoxExA
GetKeyboardType
GetActiveWindow
RegisterSystemThread
GetThreadDesktop

query

?Add@CWorkQueue@@QAEXPAVPWorkItem@@@Z
?Release@CImpersonateRemoteAccess@@QAEXXZ
?SetPriority@CGenericCiProxy@@QAEXKK@Z
?QueryInterface@CDbProperties@@UAGJABU_GUID@@PAPAX@Z
??0CFwAsyncWorkItem@@QAE@AAVCWorkManager@@AAVCWorkQueue@@@Z
??1CPropertyStoreWids@@QAE@XZ
??0CRangeRestriction@@QAE@XZ
InitializeCIISAPIPerformanceData
??1CContentRestriction@@QAE@XZ
?Remove@CColumns@@QAEXI@Z
?GetOleError@@YGJAAVCException@@@Z
?AddRefWorkThreads@CWorkQueue@@QAEXXZ
??0CRcovStrmTrans@@IAE@AAVPRcovStorageObj@@W4RcovOpType@@@Z
??0CStandardPropMapper@@QAE@XZ
?GetStartupData@CGenericCiProxy@@QAEPBEAAU_GUID@@AAK@Z
?AddArg@CFwEventItem@@QAEXPBG@Z
?GetUShort@CMemDeSerStream@@UAEGXZ
?UpdateContentIndex@@YGKPBG00H@Z
?QueryScopeList@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
?Set@CPidRemapper@@QAEXAAV?$XArray@K@@@Z
?GetI4@CAllocStorageVariant@@QBEJI@Z
?Marshall@CDbProp@@QBEXAAVPSerStream@@@Z
?GetCGIVariableW@CWebServer@@QAEHPBGAAV?$XArray@G@@AAK@Z
?CheckError@CPropListFile@@QAEJAAKPAPAG@Z
?WriteProperty@CPropStoreManager@@QAEJKKABVCStorageVariant@@@Z
?Commit@CRcovStrmAppendTrans@@QAEXXZ
??0CSortSet@@QAE@I@Z
?IsCIEnabled@CMachineAdmin@@QAEHXZ
?QueryInterface@CFwPropertyMapper@@UAGJABU_GUID@@PAPAX@Z
?SetBSTR@CAllocStorageVariant@@QAEXPAGAAVPMemoryAllocator@@@Z
??0CSdidLookupTable@@QAE@XZ
?SetProperty@CFullPropSpec@@QAEXK@Z
?EnableCI@CMachineAdmin@@QAEHXZ

kernel32

GetModuleFileNameW
LoadModule
SetVolumeMountPointW
EnumSystemGeoID
AddAtomA
CreateMailslotA
DisconnectNamedPipe
MapViewOfFile
GetCurrentProcessId
FindVolumeMountPointClose
RegisterConsoleVDM
GetSystemWindowsDirectoryA
GetFileAttributesExA
GlobalUnlock
ReleaseMutex
WaitForMultipleObjects
FindClose
SetConsoleMaximumWindowSize
DebugActiveProcessStop
WritePrivateProfileStringW
GetEnvironmentVariableA
CreateMailslotW
SetFirmwareEnvironmentVariableW
GetModuleHandleW
SetConsoleCtrlHandler
UpdateResourceA
EnumSystemLanguageGroupsA
BaseUpdateAppcompatCache
SetConsoleCursorMode
SetComputerNameExW
SetSystemPowerState
WaitNamedPipeA
SetDefaultCommConfigA
LoadLibraryA
LoadLibraryExA
FindFirstFileExA
GetThreadSelectorEntry
GetNumaProcessorNode
GetCommandLineW
SetStdHandle
GetLargestConsoleWindowSize
SetThreadPriority
SetHandleContext
GetQueuedCompletionStatus
GetCompressedFileSizeA
GetConsoleAliasExesLengthA
CompareStringA
ReadConsoleInputExW
GetConsoleFontInfo
ResetWriteWatch
DebugActiveProcess
FlushInstructionCache
EnumSystemCodePagesA
CreateTimerQueueTimer
IsDebuggerPresent
RtlCaptureStackBackTrace
CompareFileTime
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
SearchPathA
lstrcmpi
GetProfileSectionA
SetFileTime
VirtualAlloc
lstrcpyW
Heap32ListFirst
LZRead
SetConsoleInputExeNameA
GetVolumePathNamesForVolumeNameA
GetModuleHandleExA

crtdll

_chgsign
_ismbbprint
fputc
ungetc
puts
_tempnam
fsetpos
_filelength
_itow
_iob
atol
_mbsstr
_mbsset
_mbslen
_mbscspn
__toascii
_ismbbkalnum
malloc
_j1
_snwprintf
_findfirst
wcscat
time
_ismbbalnum
_mbsnbicmp
fwscanf
__pxcptinfoptrs
_mbscat
fputs
_chdir
_winmajor_dll
realloc
_mbclen
getchar
_mbctoupper
_strerror
_copysign
_toupper
isalpha
_ltow
_daylight_dll
_mbsnicmp
_strinc
wcsncpy
_exit
iswxdigit
_mbsnbcmp
remove
iswascii
_mbspbrk
_mbsspn
_cwait
_wcsset
setbuf
getenv
_strnicmp
_execv
sqrt
acos
_mbbtombc
div
??3@YAXPAX@Z
strcspn
raise
tolower
_mbsupr
_isctype
_putenv
fgetpos

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 588KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebff4fcd8aa1a83d3b964b1ef83ddcbd

Headers

DLL Characteristics

File Characteristics

Imports

msvcp60

netapi32

user32

query

kernel32

crtdll

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 144KB - Virtual size: 144KB

.data Size: 588KB - Virtual size: 1.9MB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 300B

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 144KB - Virtual size: 144KB

.data
Size: 588KB - Virtual size: 1.9MB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 300B