0f8d0aa0426f220414c3474b861f6f1c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f8d0aa0426f220414c3474b861f6f1c_JaffaCakes118
Size

863KB
MD5

0f8d0aa0426f220414c3474b861f6f1c
SHA1

21094b512ca309f5bdcb2b13a795141f1f8a7381
SHA256

f95a0be8e36a91dc2af138dc0744d87316aa1840937ec93f064ecb83990916bd
SHA512

498058c9f862f1c3b1cbfcc7b9bcc55eb7ff550857c5b991b8e79abf40503c053a6617c49a796c965d440667f4c404d8377f7b4f96d06fd7940dabd2dec54ef1
SSDEEP

12288:ElOC+LHfilCHuqVAX8MhwrQqSNmsZe0AWSidjJZ9fDd17m4l1fIQ/jYqCA48NW:nhXQqAmsc0AWSidjJZJDztIQ/jYZ3M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f8d0aa0426f220414c3474b861f6f1c_JaffaCakes118

Files

0f8d0aa0426f220414c3474b861f6f1c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6687907c7c9fab6f717ba203bf5ed44e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleCharType
OpenMutexW
MapUserPhysicalPagesScatter
RegisterWaitForSingleObjectEx
VirtualAlloc
GetProfileSectionW
EnumCalendarInfoExW
SetConsoleWindowInfo
CopyFileExW
ReadFile
EnumSystemCodePagesW
MulDiv
_hwrite
SetConsoleCursorPosition
OpenSemaphoreW
GetFullPathNameW
GetNumaAvailableMemoryNode
GetFileTime
GetProcessShutdownParameters
GetLastError
GetCalendarInfoW
LocalAlloc
OutputDebugStringA
GetACP
DnsHostnameToComputerNameW
WriteProfileStringA
SetComputerNameA
CreateNamedPipeW
GlobalFix
GlobalHandle
GetCommandLineA
QueueUserAPC
GetConsoleInputExeNameW
RegisterWaitForInputIdle
CompareStringA
GetEnvironmentStringsW
SetClientTimeZoneInformation
Process32Next
GetProcAddress
GetConsoleFontSize
PeekConsoleInputA
GetTempPathA
RequestWakeupLatency
Process32FirstW
GetConsoleCommandHistoryLengthA
SleepEx
GetProfileIntA
LoadLibraryA
SetUserGeoID
GetExitCodeThread
CreateMailslotW
PurgeComm
GetWriteWatch
SetFilePointer
QueueUserWorkItem
GetUserDefaultUILanguage
WriteConsoleW
EnumDateFormatsA
_hread
VerLanguageNameA
WriteFileGather
SetupComm
HeapValidate
GetSystemDirectoryW
CloseProfileUserMapping
GetConsoleMode
CreateActCtxW
GetSystemTimeAdjustment

duser

DUserGetRectPRID
GetGadgetFocus
UtilSetBackground
DUserRegisterGuts
GetStdColorF
IsInsideContext
DUserInstanceOf
BuildDropTarget
GetGadgetRgn
DUserDeleteGadget
GetGadgetRotation
DUserSendMethod
DUserCastClass
SetGadgetFillI
SetGadgetProperty
DUserFindClass
GetMessageExW
WaitMessageEx
GetStdColorPenF
DUserPostMethod
DrawGadgetTree
IsStartDelete
CreateAction
GetGadgetRootInfo
GetGadget
UnregisterGadgetProperty
DeleteHandle
GetStdColorPenI
DUserCastDirect

rtm

RtmGetExactMatchRoute
MgmGetMfeStats
RtmMarkDestForChangeNotification
RtmReleaseEntityInfo
RtmDereferenceHandles
RtmReleaseDests
RtmGetChangeStatus
RtmEnumerateGetNextRoute
MgmInitialize
RtmLockRoute
RtmFindNextHop
RtmGetRegisteredEntities
RtmIgnoreChangedDests
NextMatchInTable
RtmCreateRouteEnum
RtmCreateRouteList
MgmTakeInterfaceOwnership
MgmGetFirstMfeStats
RtmReadAddressFamilyConfig
RtmGetInstanceInfo
RtmGetOpaqueInformationPointer
RtmAddRouteToDest
RtmGetNextHopInfo
RtmGetChangedDests
RtmGetNextHopPointer
MgmDeleteGroupMembershipEntry

query

?AddRef@CFwPropertyMapper@@UAGKXZ
?AcceptCommand@CQueryScanner@@QAEXXZ
??0CRegAccess@@QAE@KPBG@Z
??0CCiAdminParams@@QAE@PAVCLangList@@@Z
?SetUI4@CStorageVariant@@QAEXKI@Z
??0CVirtualString@@QAE@I@Z
?TransferNode@CDbCmdTreeNode@@QAEXPAV1@@Z
?AddCatalog@CMachineAdmin@@QAEXPBG0@Z
?URLEscapeW@@YGXPBGAAVCVirtualString@@KH@Z
??0CDbColumnNode@@QAE@ABUtagDBID@@H@Z
?SetCurrentProperty@CQueryParser@@AAEXPBGW4PropertyType@@@Z
?GetPropInfoFromId@CEmptyPropertyList@@UAGJPBUtagDBID@@PAPAGPAGPAI@Z
?Skip@CEnumWorkid@@UAGJK@Z
??0CStandardPropMapper@@QAE@XZ
??0CMmStream@@QAE@KH@Z
?Seek@CRcovStrmTrans@@QAEHK@Z
?GetDrive@CDriveInfo@@SGXPBGPAG@Z
?OpenRecordForWrites@CPropStoreManager@@QAEPAVCCompositePropRecordForWrites@@KPAE@Z
??0CDbNatLangRestriction@@QAE@PBGABUtagDBID@@K@Z
?SkipFloat@CMemDeSerStream@@UAEXXZ
?Clone@CDbCmdTreeNode@@QBEPAV1@H@Z
?MakePath@CFullPath@@QAEXPBGI@Z
?SetValue@CPropertyRestriction@@QAEXPAU_GUID@@@Z
?DoUpdates@CFilterDaemon@@QAEJXZ
?UpdateContentIndex@@YGKPBG00H@Z
?GetDWORDParam@CMachineAdmin@@QAEHPBGAAK@Z
CollectCIISAPIPerformanceData
??1CWorkManager@@QAE@XZ
?GetFileSystem@CDriveInfo@@QAE?AW4eFileSystem@1@H@Z
?EnableCI@CMachineAdmin@@QAEHXZ
?ShrinkToFit@CPhysStorage@@QAEXXZ
?GetCY@CAllocStorageVariant@@QBE?ATtagCY@@I@Z
?Release@CFwPropertyMapper@@UAGKXZ
??1CImpersonateClient@@QAE@XZ
??0CRcovStrmAppendTrans@@QAE@AAVPRcovStorageObj@@@Z
??1CProcess@@QAE@XZ
??0CGenericCiProxy@@QAE@AAVCSharedNameGen@@KK@Z
??1CCatalogAdmin@@QAE@XZ

advapi32

SystemFunction027
SetSecurityInfoExA
AccessCheckAndAuditAlarmA
RegEnumValueW
CryptSignHashW
LookupAccountNameA
RegRestoreKeyW
DeregisterEventSource
RegQueryMultipleValuesA
LookupPrivilegeDisplayNameW
CredWriteW
GetTrusteeFormW
LsaSetDomainInformationPolicy
BuildTrusteeWithNameW
MD4Update
ControlTraceA
SystemFunction015
GetMultipleTrusteeW
ElfChangeNotify
GetEffectiveRightsFromAclA
GetTraceEnableFlags
LockServiceDatabase
QueryServiceStatus
StopTraceA
ObjectOpenAuditAlarmW
CommandLineFromMsiDescriptor
RegCloseKey
GetTrusteeNameA
WmiSetSingleInstanceA
RegSetValueW
GetEventLogInformation
SetNamedSecurityInfoA
RegOverridePredefKey
I_ScSendTSMessage
RegDeleteValueW
RegCreateKeyA
GetManagedApplicationCategories
LsaEnumerateAccountRights
GetAce
ElfReportEventA
CreatePrivateObjectSecurity
WmiCloseBlock
AddAuditAccessAce
ObjectDeleteAuditAlarmA
GetAuditedPermissionsFromAclA
CloseTrace
SetNamedSecurityInfoW
CredWriteDomainCredentialsA
SetSecurityInfo
ElfClearEventLogFileW
GetTrusteeTypeW
AbortSystemShutdownA
LsaSetSecret
LsaGetSystemAccessAccount
LsaEnumeratePrivileges
LsaSetInformationTrustedDomain

mapistub

MAPIOpenLocalFormContainer@4
EnableIdleRoutine@8
OpenIMsgOnIStg@44
HrValidateIPMSubtree@20
cmc_send
__CPPValidateParameters@8
FPropExists@8
OpenTnefStreamEx@32
MAPIDeleteMail
ScRelocProps@20
DeinitMapiUtil@0
EncodeID@12
GetAttribIMsgOnIStg@12
cmc_logoff
MAPISendDocuments
MAPILogonEx
MAPIOpenFormMgr
MAPISaveMail
OpenTnefStream@28
HrGetOmiProvidersFlags
MAPILogoff
PpropFindProp@12
FBadSortOrderSet@4
MAPIResolveName
FPropContainsProp@12
CbOfEncoded@4
HrSetOmiProvidersFlagsInvalid
HrComposeEID@28
FreeProws@4
BMAPIResolveName
SetAttribIMsgOnIStg@16
MAPIAdminProfiles@8
cmc_logon
CchOfEncoding@4
UNKOBJ_ScAllocate@12
UNKOBJ_ScCOReallocate@12
BuildDisplayTable@40
HrThisThreadAdviseSink@8
FBadProp@4
__ValidateParameters@8
GetOutlookVersion@0
FtAddFt@16
FixMAPI@0
MAPIDeinitIdle@0
HrAddColumnsEx@20

hhsetup

?GetNextLocation@CLocation@@QAEPAV1@XZ
?AddLocationHistory@CTitle@@QAEKKPBD00PBVCLocation@@00H@Z
?SetVersion@CCollection@@QAEXK@Z
?Dirty@CCollection@@QAEXXZ
?GetTitleW@CLocation@@QAEPBGXZ
??1CFIFOString@@QAE@XZ
??1CPointerList@@QAE@XZ
?FindTitle@CCollection@@QAEPAVCTitle@@PBGG@Z
?FindTitle@CCollection@@QAEPAVCTitle@@PBDG@Z
?GetPath@CLocation@@QAEPADXZ
?GetRefTitleCount@CCollection@@QAEKXZ
?SetSampleLocation@CCollection@@QAEXPBG@Z
?SetOrder@CFolder@@QAEXK@Z
??4CLocation@@QAEAAV0@ABV0@@Z
??4CCollection@@QAEAAV0@ABV0@@Z
?SetFirstChildFolder@CFolder@@QAEXPAV1@@Z
?bIsVisable@CFolder@@QAEHXZ
?GetLanguage@CFolder@@QAEGXZ
?GetNextFolder@CFolder@@QAEPAV1@XZ
?DeleteChildren@CCollection@@AAEXPAPAVCFolder@@@Z
?SetNextTitle@CTitle@@QAEXPAV1@@Z
?AddCollection@CCollection@@QAEPAVCColList@@XZ
?AddLocationHistory@CTitle@@QAEKKPBG00PBVCLocation@@00H@Z
?SetTitle@CLocation@@QAEXPBG@Z
?AddTitle@CCollection@@QAEPAVCTitle@@PBD0000GIPAVCLocation@@PAKH0@Z

msvcrt

wcsftime
__fpecode
__set_app_type
_mbsset
_safe_fdiv
$I10_OUTPUT
exit
__getmainargs
wcscpy
__threadid
_statusfp
_mbsnbset
_j1
strtol
_heapadd
_mbctype
_CIasin
__CxxFrameHandler
_wspawnlp
isalpha
_sys_nerr
_y0
__p__commode
_adj_fdivr_m32i
_futime64
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_fsopen
_tell
_splitpath
_wexecle
_adj_fptan
_mbscoll
_nextafter
_umask
_fpclass
_ltoa
_mbslwr
_wtempnam
_wfindfirsti64
_wsystem
_dstbias
_mbsncmp
_msize
__pxcptinfoptrs
wprintf
??0bad_typeid@@QAE@PBD@Z

sqlunirl

_MoveFileEx_@12
_ChangeDisplaySettings_@8
_PageSetupDlg_@4
_TranslateAccelerator@12
_NDdeGetErrorString_@12
_RegisterClipboardFormat_@4
_WaitNamedPipe_@8
_LoadAccelerators_@8
newMultiByteFromWideChar
_GetTempFileName_@16
_GetVersionEx@4
_ReplaceText_@4
_NDdeSetTrustedShare_@12
_SetMenuItemInfo_@16
_ObjectDeleteAuditAlarm_@12
_CreateNamedPipe_@32
_SetWindowsHookEx_@16
_EnumDesktops_@12
_IsCharLower_@4
_DeviceCapabilities_@20
_NDdeTrustedShareEnum_@24
_LoadLibraryEx_@12
_MoveFile@8
_PeekMessage@20
_LookupAccountSid_@28
_GetFullPathName_@16
_tfopen
_DefFrameProc_@20
_AccessCheckAndAuditAlarm_@44
_SetWindowLong@12
_StartServiceCtrlDispatcher_@4

user32

EndDialog

Sections

.text
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6687907c7c9fab6f717ba203bf5ed44e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

duser

rtm

query

advapi32

mapistub

hhsetup

msvcrt

sqlunirl

user32

Sections

.text Size: 360KB - Virtual size: 360KB

.rdata Size: 217KB - Virtual size: 217KB

.data Size: 280KB - Virtual size: 1.7MB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 360KB - Virtual size: 360KB

.rdata
Size: 217KB - Virtual size: 217KB

.data
Size: 280KB - Virtual size: 1.7MB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B