101bbe019a8b896c3cb36b8f25647ae7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

101bbe019a8b896c3cb36b8f25647ae7_JaffaCakes118
Size

827KB
MD5

101bbe019a8b896c3cb36b8f25647ae7
SHA1

691b4b60905e3eb37e169a42642bea03be6867e0
SHA256

20029ee7315d2305d15e2090c2344aad4b8a077bb97d9ed4044fe0411e81d21d
SHA512

4ff2d4833847027a0a8bd96f0c9798ca65926a8cf5186e7d2a5622e2f7626fc6842edbe0c346a9d7312a4eac1a9909f91bca907c92b5457207ab4a6986174a35
SSDEEP

12288:p1dYYTtWLUKILWdVdN1HDJ/1vLIOZ4J8ZmPjd3z9JyX/xX3l:RxsLUGD1N/iJ8ZmPj99JyX/xF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
101bbe019a8b896c3cb36b8f25647ae7_JaffaCakes118

Files

101bbe019a8b896c3cb36b8f25647ae7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5efc9d78296db514815d7b7a080af59d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt20

?attach@ifstream@@QAEXH@Z
_mbscspn
_gcvt
modf
_HUGE
__p__wenviron
_expand
_open_osfhandle
??0ofstream@@QAE@PBDHH@Z
_adj_fdiv_m16i
_popen
_tclen
?seekp@ostream@@QAEAAV1@J@Z
_mbcjistojms
?ipfx@istream@@QAEHH@Z
?binary@filebuf@@2HB
?setbuf@strstreambuf@@UAEPAVstreambuf@@PADH@Z
_adj_fdivr_m32
wcsncpy
??0ostream_withassign@@QAE@PAVstreambuf@@@Z
strncat
??4ostream_withassign@@QAEAAVostream@@ABV1@@Z
_tcsncicmp
?close@ifstream@@QAEXXZ
_mbsspn
_fstat
??_Gistream_withassign@@UAEPAXI@Z
?xsputn@streambuf@@UAEHPBDH@Z
?setf@ios@@QAEJJJ@Z
?setp@streambuf@@IAEXPAD0@Z
??0ios@@IAE@XZ
_wfindnext
strcat
vfprintf
?ebuf@streambuf@@IBEPADXZ

query

?Close@CPropSetMap@COLEPropManager@@QAEXXZ
?MinPageInUse@CBufferCache@@QAEHAAK@Z
??0CFilterDaemon@@QAE@AAVCiProxy@@AAVCCiFrameworkParams@@AAVCLangList@@PAEKPAUICiCFilterClient@@@Z
?ClearList@CCombinedPropertyList@@QAEXXZ
LoadIFilter
??0CFullPath@@QAE@PBGI@Z
?QueryScopeList@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
?GetScodeError@@YGJAAVCException@@@Z
?Serialize@CDbQueryResults@@QBEXAAVPSerStream@@@Z
??1CPidRemapper@@QAE@XZ
?SetColumn@CCatState@@QAEXPBGI@Z
??1CScopeEnum@@QAE@XZ
?ResetBuffer@CQueryScanner@@QAEXPBG@Z
?_dwLastCheckMoment@CGlobalPropFileRefresher@@0KA
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KPAUtagPROPVARIANT@@PAI@Z
?Commit@CRcovStrmMDTrans@@QAEXXZ
?Close@CPhysStorage@@QAEXXZ
??1CQueryUnknown@@QAE@XZ
?GetVPathAccess@CMetaDataMgr@@QAEKPBG@Z
?EnableVPathNotify@CMetaDataMgr@@QAEXPAVCMetaDataVPathChangeCallBack@@@Z
?Next@CCombinedPropertyList@@UAEPBVCPropEntry@@XZ
?QueryPidLookupTable@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
??1CNatLanguageRestriction@@QAE@XZ
?Clone@CEnumString@@UAGJPAPAUIEnumString@@@Z
??1CContentRestriction@@QAE@XZ
?WritePrimaryProperty@CPropStoreManager@@QAEJKKABVCStorageVariant@@@Z
?UnMarshall@CDbParameter@@QAEHAAVPDeSerStream@@@Z
??1CCatalogAdmin@@QAE@XZ
?Cleanup@CDbProp@@QAEXXZ
?RequiresFlush@CPhysStorage@@QAEHK@Z
SetupCacheEx
?AddRefWorkThreads@CWorkQueue@@QAEXXZ
?SetPath@CScopeAdmin@@QAEXPBG@Z
?SetStartKey@CRangeRestriction@@QAEXABVCKeyBuf@@@Z
?BuildRegistryScopesKey@@YGXAAV?$XArray@G@@PBG@Z
?StartCI@CMachineAdmin@@QAEHXZ
?ReadProperty@CPropStoreManager@@QAEHKKPAUtagPROPVARIANT@@PAI@Z
?GetLong@CMemDeSerStream@@UAEJXZ
?AcqWord@CQueryScanner@@QAEPAGXZ
?GetCategory@CCatState@@QBEPBGI@Z
?AddToWorkList@CWorkManager@@QAEXPAVCFwAsyncWorkItem@@@Z
?ReadProperty@CPropertyStore@@QAEHKKAAUtagPROPVARIANT@@@Z
?GetCommandChar@CQueryScanner@@QAEGXZ
?GetStackTrace@@YGXPADK@Z
?GetPropInfo@CEmptyPropertyList@@QAEHPBGPAPAVCDbColId@@PAGPAI@Z

certcli

CACertTypeQuery
CAEnumNextCertType
CASetCertTypeKeySpec
CASetCertTypeExtension
CAFreeCAProperty
DllGetClassObject
DllUnregisterServer
CACreateCertType
CAFreeCertTypeProperty
CASetCertTypeFlags
CASetCASecurity
CASetCertTypeFlagsEx
CACertTypeAccessCheck
CASetCertTypeExpiration
CAGetCACertificate
CAEnumCertTypes
CAGetDN
CADeleteCertType
CAGetCAProperty
CAEnumCertTypesEx
CAUpdateCertType
CAGetCAExpiration
CAGetCertTypeExpiration
CACertTypeSetSecurity
CAAccessCheck
CAOIDFreeProperty
CAFreeCertTypeExtensions
CAOIDCreateNew
CAOIDGetProperty
CAGetCertTypeExtensionsEx
CARemoveCACertificateType
CAFindCertTypeByName
CAAccessCheckEx
CAGetCertTypeFlagsEx
CACertTypeUnregisterQuery
CAEnumCertTypesForCA
CAGetCertTypeProperty
CACloseCertType
CACreateLocalAutoEnrollmentObject

kernel32

ReplaceFile
GetProcessPriorityBoost
SetFilePointerEx
GetCurrencyFormatW
Process32Next
ChangeTimerQueueTimer
GetSystemDefaultLCID
BuildCommDCBW
VerLanguageNameW
OpenEventA
VirtualAlloc
GetProcessHeap
FindNextVolumeMountPointW
HeapWalk
SetEvent
SwitchToThread
WriteTapemark
GetFileAttributesW
GetModuleFileNameA
QueryDosDeviceW
FindFirstChangeNotificationA
EraseTape
GetNamedPipeHandleStateA
GetVolumeInformationW
CreateFileMappingW
OpenWaitableTimerA
GetQueuedCompletionStatus
GetSystemDirectoryA
GetComputerNameExW
GetGeoInfoA
VirtualFree
EnumDateFormatsW
OpenConsoleW
LocalLock
GetSystemPowerStatus
GetLogicalDriveStringsW
FatalAppExitA
LoadLibraryA
CmdBatNotification
Heap32First

untfs

??1NTFS_BAD_CLUSTER_FILE@@UAE@XZ
?Initialize@NTFS_CLUSTER_RUN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@VBIG_INT@@KK@Z
Format
?Initialize@NTFS_BAD_CLUSTER_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
??0NTFS_BAD_CLUSTER_FILE@@QAE@XZ
Chkdsk
?QueryExtent@NTFS_EXTENT_LIST@@QBEEKPAVBIG_INT@@00@Z
??0NTFS_ATTRIBUTE_RECORD@@QAE@XZ
?Initialize@NTFS_UPCASE_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?CompareFileName@NTFS_MFT_INFO@@SGEPAXKPAU_FILE_NAME@@PAG@Z
??0NTFS_BITMAP_FILE@@QAE@XZ
??1NTFS_BOOT_FILE@@UAE@XZ
??0NTFS_SA@@QAE@XZ
?Extend@NTFS_MASTER_FILE_TABLE@@QAEEK@Z
?TakeCensus@NTFS_SA@@QAEEPAVNTFS_MASTER_FILE_TABLE@@KPAUNTFS_CENSUS_INFO@@@Z
?ReadNext@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
??1NTFS_LOG_FILE@@UAE@XZ
?WriteRemainingBootCode@NTFS_SA@@QAEEXZ
?CreateDataAttribute@NTFS_LOG_FILE@@QAEEVBIG_INT@@KPAVNTFS_BITMAP@@@Z
??0NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAE@XZ
?Initialize@NTFS_MFT_INFO@@QAEEVBIG_INT@@PAVNTFS_UPCASE_TABLE@@EE_K@Z
Recover
??0NTFS_ATTRIBUTE_LIST@@QAE@XZ
?AddExtent@NTFS_EXTENT_LIST@@QAEEVBIG_INT@@00@Z
??1NTFS_INDEX_TREE@@UAE@XZ
?QueryAttributeList@NTFS_FRS_STRUCTURE@@QAEEPAVNTFS_ATTRIBUTE_LIST@@@Z
?QueryFileSizes@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVBIG_INT@@0PAE@Z
?QueryFileReference@NTFS_INDEX_TREE@@QAEEKPAXKPAU_MFT_SEGMENT_REFERENCE@@PAE@Z
??0NTFS_UPCASE_FILE@@QAE@XZ
??1NTFS_BITMAP_FILE@@UAE@XZ
?Initialize@NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@E@Z
?Save@NTFS_INDEX_TREE@@QAEEPAVNTFS_FILE_RECORD_SEGMENT@@@Z
??1NTFS_SA@@UAE@XZ

mfcsubs

?SetAt@CStringArray@@QAEXHPBG@Z
??N@YG_NPBGABVCString@@@Z
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
??H@YG?AVCString@@ABV0@0@Z
?ReleaseBuffer@CString@@QAEXH@Z
??4CString@@QAEABV0@PBE@Z
??ACMapStringToPtr@@QAEAAPAXPBG@Z
??BCSyncObject@@QBEPAXXZ
?AllocBuffer@CString@@IAEXH@Z
?Copy@CStringArray@@QAEXABV1@@Z
??P@YG_NPBGABVCString@@@Z
?Compare@CString@@QBEHPBG@Z
?CompareNoCase@CString@@QBEHPBG@Z
?GetCount@CMapStringToPtr@@QBEHXZ
?GetData@CStringArray@@QAEPAVCString@@XZ
?FormatMessageW@CString@@QAAXPBGZZ
?MakeReverse@CString@@QAEXXZ
?ConcatCopy@CString@@IAEXHPBGH0@Z
?Lookup@CMapStringToPtr@@QBEHPBGAAPAX@Z
??YCString@@QAEABV0@D@Z
?AfxExtractSubString@@YGHAAVCString@@PBGHG@Z
?LookupKey@CMapStringToPtr@@QBEHPBGAAPBG@Z
??0CString@@QAE@PBG@Z
??4CString@@QAEABV0@PBG@Z
?LockBuffer@CString@@QAEPAGXZ
?SpanIncluding@CString@@QBE?AV1@PBG@Z
??ACStringArray@@QBE?AVCString@@H@Z
?SafeStrlen@CString@@KGHPBG@Z
?AfxLoadString@@YGHIPAGI@Z
?GetLength@CString@@QBEHXZ
?data@CPlex@@QAEPAXXZ
??BCString@@QBEPBGXZ

ureg

?DeleteValueEntry@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PBVWSTRING@@PAK@Z
??0REGISTRY_KEY_INFO@@QAE@XZ
?QueryKeyInfo@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@1PAVREGISTRY_KEY_INFO@@PAK@Z
?Initialize@REGISTRY_KEY_INFO@@QAEEPBVWSTRING@@0K0PAU_SECURITY_ATTRIBUTES@@@Z
?Initialize@REGISTRY@@QAEEPBVWSTRING@@PAK@Z
??0REGISTRY@@QAE@XZ
?SetKeySecurity@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@KPAXPAKE@Z
?DoesKeyExist@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@1PAK@Z
?CreateKey@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@1PAKE@Z
?RestoreKeyFromFile@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PBVWSTRING@@EPAK@Z
?SaveKeyToFile@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PBVWSTRING@@PAK@Z
?UnLoadHive@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PAK@Z
?QuerySubKeysInfo@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@1PAVARRAY@@PAK@Z
?Initialize@REGISTRY_VALUE_ENTRY@@QAEEPBVWSTRING@@KW4_REG_TYPE@@PBEK@Z
?UpdateKeyInfo@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PAK@Z
??0REGISTRY_VALUE_ENTRY@@QAE@XZ
?EnableRootNotification@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAXKE@Z
?QueryValues@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@1PAVARRAY@@PAK@Z
?DeleteKey@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PBVWSTRING@@PAK@Z
?IsAccessAllowed@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@KPAK@Z
?QueryKeySecurity@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVREGISTRY_KEY_INFO@@KPAPAXPAK@Z
?LoadHive@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PBVWSTRING@@PAK@Z
?DoesValueExist@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@11PAK@Z
??1REGISTRY@@UAE@XZ

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 714KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5efc9d78296db514815d7b7a080af59d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt20

query

certcli

kernel32

untfs

mfcsubs

ureg

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 82KB - Virtual size: 81KB

.data Size: 714KB - Virtual size: 2.1MB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 376B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 714KB - Virtual size: 2.1MB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 376B