1041816a6f8914372b5ba132ddebe508_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1041816a6f8914372b5ba132ddebe508_JaffaCakes118
Size

864KB
MD5

1041816a6f8914372b5ba132ddebe508
SHA1

7e86efbaeb22fa520f25395b1a21ee7854bfa67f
SHA256

ae29260251a45c94616a836dc12e1f3381533dd3d81025f9e8a90c90f7e693ad
SHA512

7db68240483e3cf17162f4e316eae292430bffba96580a7da20da8b017ee00a66e125c6be456941db713852c90b8f48deba114af0319b1fcf101940886c06e58
SSDEEP

24576:L2SQVdjUQrxuI+p7ABd/A2mBSDZYf+MiHrgqd6:aSQVe2ip7Cdo5qZESHUq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1041816a6f8914372b5ba132ddebe508_JaffaCakes118

Files

1041816a6f8914372b5ba132ddebe508_JaffaCakes118
.exe windows:5 windows x86 arch:x86

51045e6f074558c8a4039075bf65ad1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasser

PortConnect
PortCompressionSetInfo
PortEnum
PortDisconnect
PortClearStatistics
PortInit
PortSetFraming
PortGetStatistics
PortClose
PortReceive
PortSetINetCfg
PortGetPortState
PortChangeCallback
PortReceiveComplete
PortTestSignalState
PortSetInfo
PortOpen
PortGetInfo
PortSend

user32

IsCharUpperW
GetClassWord
SwitchToThisWindow
IsCharAlphaNumericA
DdeQueryNextServer
GetKeyboardLayoutNameA
CreateIcon
GetDlgItemInt
GetMenuItemInfoW
GetRawInputDeviceInfoA
User32InitializeImmEntryTable
GetInternalWindowPos
AttachThreadInput
SendMessageW
FlashWindowEx
CreateDialogParamW
GetTaskmanWindow
InsertMenuItemA
FindWindowExW
CopyAcceleratorTableA
GetMenuContextHelpId
SetWindowsHookW
DdeQueryConvInfo
CloseWindowStation
GetGuiResources
MsgWaitForMultipleObjects
TranslateAcceleratorA
GetDlgItemTextA
ShowWindowAsync
DefWindowProcA
ArrangeIconicWindows

msvcrt40

??_Diostream@@QAEXXZ
??4streambuf@@QAEAAV0@ABV0@@Z
__p__commode
_adj_fdivr_m32
??4ostrstream@@QAEAAV0@ABV0@@Z
_mbslen
_y0
gmtime
_CIsin
_fileinfo
??1strstream@@UAE@XZ
??_Gstrstreambuf@@UAEPAXI@Z
?seekoff@filebuf@@UAEJJW4seek_dir@ios@@H@Z
tmpnam
_wremove
_jn
?unlockc@ios@@KAXXZ
??_Gostream_withassign@@UAEPAXI@Z
??_8ostrstream@@7B@
??0stdiostream@@QAE@PAU_iobuf@@@Z
?pcount@ostrstream@@QBEHXZ
??0ostream_withassign@@QAE@PAVstreambuf@@@Z
_wsystem
??6ostream@@QAEAAV0@K@Z
_vsnprintf
?attach@ifstream@@QAEXH@Z
_control87
??0bad_typeid@@QAE@PBD@Z
_rotl
vwprintf
?flags@ios@@QBEJXZ
_wchdir
_wexeclp

kernel32

GetSystemTimeAsFileTime
SetHandleInformation
SetConsoleOutputCP
GetVolumeNameForVolumeMountPointA
GetLocaleInfoW
GetTempFileNameW
GetDateFormatA
SetFileApisToANSI
SetConsoleFont
UpdateResourceA
GetExitCodeProcess
HeapReAlloc
SetThreadIdealProcessor
GetProcessShutdownParameters
SetConsoleDisplayMode
GetSystemWindowsDirectoryA
WriteConsoleA
RegisterWowBaseHandlers
GetShortPathNameA
ActivateActCtx
GetProcessPriorityBoost
CopyLZFile
PrivCopyFileExW
GetConsoleDisplayMode
SetConsoleTitleA
GetVolumePathNameW
GetDevicePowerState
WriteConsoleInputW
OpenMutexA
LoadLibraryA
GlobalGetAtomNameA
AreFileApisANSI
WritePrivateProfileStringA
GlobalFindAtomA
SetErrorMode
FindFirstFileExW
LZOpenFileA
AddConsoleAliasW
LZStart
VirtualAlloc
SetCommState
FindFirstVolumeA
GlobalCompact
GetPrivateProfileSectionW

msdart

?_LockSpin@CSmallSpinLock@@AAEXXZ
?TryWriteLock@CReaderWriterLock@@QAE_NXZ
?IsWriteLocked@CLKRHashTable@@QBE_NXZ
?WriteUnlock@CReaderWriterLock2@@QAEXXZ
?GetDefaultSpinAdjustmentFactor@CFakeLock@@SGNXZ
?_Unlock@CSpinLock@@AAEXXZ
?IsUnlocked@CLockedSingleList@@QBE_NXZ
?IsWin98orLater@CMdVersionInfo@@SAHXZ
?_H1@CLKRLinearHashTable@@CGKKK@Z
?RemoveHead@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?FindKey@CLKRHashTable@@QBE?AW4LK_RETCODE@@KPAPBX@Z
??0CDoubleList@@QAE@XZ
_DllMain@12
?WriteLock@CReaderWriterLock2@@QAEXXZ
?SetDefaultSpinCount@CSmallSpinLock@@SGXG@Z
?GetDefaultSpinCount@CFakeLock@@SGGXZ
??4CFakeLock@@QAEAAV0@ABV0@@Z
?_LockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
?ConvertSharedToExclusive@CCritSec@@QAEXXZ
?InsertHead@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?_Contract@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?IsEmpty@CLockedDoubleList@@QBE_NXZ
?Size@CLKRHashTable@@QBEKXZ
?_DeleteKey@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@KK@Z
?_Expand@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?TryReadLock@CReaderWriterLock2@@QAE_NXZ
?IsUsable@CLKRLinearHashTable@@QBE_NXZ
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGNXZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock2@@1NA
?SetSpinCount@CSmallSpinLock@@QAE_NG@Z
?SetSpinCount@CReaderWriterLock3@@QAE_NG@Z
??1CReaderWriterLock3@@QAE@XZ
?SetSpinCount@CReaderWriterLock2@@QAE_NG@Z
?IsWriteLocked@CSmallSpinLock@@QBE_NXZ
?IsEmpty@CSingleList@@QBE_NXZ
?WriteLock@CSmallSpinLock@@QAEXXZ

esent

JetGetLS
JetRetrieveColumns
JetInit@4
JetReadFile
JetCommitTransaction
JetAttachDatabase2
JetGetInstanceInfo
JetRetrieveColumn
JetGotoPosition
JetOpenDatabase
JetSnapshotStop
JetTerm2
JetOpenFile
JetBackup
JetDeleteTable
JetGetBookmark
JetGrowDatabase
JetAddColumn
JetCommitTransaction@8
JetTruncateLogInstance
JetSetColumnDefaultValue
JetDupCursor
JetOpenFileInstance
JetEscrowUpdate
JetTerm
JetReadFileInstance
JetGetAttachInfoInstance
JetGotoBookmark
JetRenameTable
JetDefragment2
JetCreateTable
JetResetSessionContext
JetCreateTableColumnIndex
JetDBUtilities
JetGetTruncateLogInfoInstance
JetSetDatabaseSize
JetBeginExternalBackupInstance
JetOSSnapshotFreeze
JetGetCursorInfo
JetUnregisterCallback

glu32

gluGetTessProperty
gluTessCallback
gluGetString
gluGetNurbsProperty
gluBuild2DMipmaps
gluLoadSamplingMatrices
gluTessEndPolygon
gluPerspective
gluErrorUnicodeStringEXT
gluEndSurface
gluNewQuadric
gluNurbsProperty
gluEndTrim
gluEndCurve
gluBeginSurface
gluTessVertex
gluOrtho2D
gluTessProperty
gluLookAt
gluUnProject
gluScaleImage
gluDeleteQuadric
gluDeleteTess
gluSphere
gluNurbsSurface
gluNewNurbsRenderer

Sections

.text
Size: 359KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51045e6f074558c8a4039075bf65ad1a

Headers

DLL Characteristics

File Characteristics

Imports

rasser

user32

msvcrt40

kernel32

msdart

esent

glu32

Sections

.text Size: 359KB - Virtual size: 359KB

.rdata Size: 336KB - Virtual size: 336KB

.data Size: 165KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 359KB - Virtual size: 359KB

.rdata
Size: 336KB - Virtual size: 336KB

.data
Size: 165KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB