14eb6822a7a425925d53ebfb26726143_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14eb6822a7a425925d53ebfb26726143_JaffaCakes118
Size

875KB
MD5

14eb6822a7a425925d53ebfb26726143
SHA1

da7747328bcb50bd7b644d5503dcd4afb44fd284
SHA256

220ba11acbdfa3cdc41a2ffc2611cc4e60ebac4910e84f5110aa0522043fe0eb
SHA512

43a225599ff035829d00589d12b6fa240df11135bc7200c9bd4e15e90a5f5811462347c4533c5d5d9414106a80130dcec1e6dbd3339c1d6a2a710fbd8dfe46a4
SSDEEP

12288:OnX9CY91+Ho8qzUFyBNgbYfXuKKQzZEDJhXTNFdlgelH8vnC0OQMM0Zmff0p6Iem:sCEiqAqdKVv3dybvC0t0ZPUIVTfXp3B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14eb6822a7a425925d53ebfb26726143_JaffaCakes118

Files

14eb6822a7a425925d53ebfb26726143_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f1cac818585fbe0c8f1f4ca5fddbf8a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WTSGetActiveConsoleSessionId
GetNumaNodeProcessorMask
GetTickCount
CreateDirectoryExW
_lcreat
WriteProfileStringW
GetUserDefaultLangID
BaseCleanupAppcompatCacheSupport
VirtualQueryEx
SystemTimeToTzSpecificLocalTime
GetGeoInfoW
GlobalDeleteAtom
RemoveDirectoryA
GetConsoleCommandHistoryLengthW
CloseHandle
FoldStringA
FindFirstFileExW
AddAtomW
GetBinaryTypeA
VirtualAlloc
GetSystemTimeAdjustment
HeapSetInformation
SetConsoleInputExeNameW
ClearCommBreak
CreateMutexA
FindActCtxSectionGuid
FindNextVolumeA
GetDiskFreeSpaceW
GetModuleHandleA
CreateTimerQueueTimer
GetStartupInfoW
GetModuleHandleW
TerminateJobObject
CreateWaitableTimerW
SetCommConfig
IsDBCSLeadByte
LoadLibraryA
WritePrivateProfileStructA

query

?AddMachine@CCatState@@QAEXAAV?$XPtrST@G@@@Z
?Open@CMmStream@@QAEXPBGKKKKH@Z
?IsCIStopped@CMachineAdmin@@QAEHXZ
?CheckHasIndexTable@CiStorage@@SGHPBG@Z
?Remove@CDbSortSet@@QAEXI@Z
?Marshall@CVectorRestriction@@QBEXAAVPSerStream@@@Z
??0CFullPropSpec@@QAE@ABV0@@Z
?Flush@CPhysStorage@@QAEXH@Z
CICreateCommand
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KAAUtagPROPVARIANT@@PAEPAI@Z
?Next@CEnumWorkid@@UAGJKPAK0@Z
?GetDouble@CMemDeSerStream@@UAENXZ
?GetFileName@CPathParser@@QBEHPAGAAK@Z
?SetExclude@CScopeAdmin@@QAEXH@Z
?BeginTransaction@CPropStoreManager@@QAEKXZ
??1CDbProp@@QAE@XZ
?InitializeForRead@CDynStream@@QAEXXZ
?Read@CDynStream@@QAEKPAXK@Z
?Append@CEnumString@@QAEXPBG@Z
?GetR4@CAllocStorageVariant@@QBEMI@Z
?GetColumn@CCatState@@QBEPBGI@Z
?SetPhrase@CContentRestriction@@QAEXPBG@Z
?Release@CQueryUnknown@@UAGKXZ
?GetVPathAuthorization@CMetaDataMgr@@QAEKPBG@Z
??1CPropStoreManager@@QAE@XZ
?SetStartKey@CRangeRestriction@@QAEXABVCKeyBuf@@@Z
?Init@CMmStreamConsecBuf@@QAEXPAVPMmStream@@@Z
??1CEventLog@@QAE@XZ
?GetStackTrace@@YGXPADK@Z
??0CFwAsyncWorkItem@@QAE@AAVCWorkManager@@AAVCWorkQueue@@@Z
?SkipFloat@CMemDeSerStream@@UAEXXZ
??0CTimeLimit@@QAE@KK@Z
?MakePath@CFullPath@@QAEXPBG@Z
?Release@CDbProperties@@UAGKXZ
??0CDbPropIDSet@@QAE@XZ
?GetProperties@CGetDbProps@@QAEXPAUIDBProperties@@K@Z
?_pGlobalPropListFile@CLocalGlobalPropertyList@@0PAVCPropListFile@@A
?CheckError@CPropListFile@@QAEJAAKPAPAG@Z
?Init@CPidLookupTable@@QAEHPAVPRcovStorageObj@@@Z
?WritePrimaryProperty@CPropStoreManager@@QAEJKKABVCStorageVariant@@@Z
?GetStringDbRestriction@@YGPAVCDbRestriction@@PBGKPAUIColumnMapper@@K@Z
?GetFileSystem@CDriveInfo@@QAE?AW4eFileSystem@1@H@Z
?SystemExceptionTranslator@@YAXIPAU_EXCEPTION_POINTERS@@@Z
?Marshall@CPropNameArray@@QBEXAAVPSerStream@@@Z

crypt32

CryptCreateKeyIdentifierFromCSP
CryptAcquireCertificatePrivateKey
CryptEnumOIDFunction
CryptEncodeObject
CertDeleteCertificateFromStore
CryptDecryptAndVerifyMessageSignature
CryptSIPRemoveSignedDataMsg
CryptAcquireContextU
CertFreeCertificateContext
CryptFindCertificateKeyProvInfo
CryptUnregisterOIDFunction
CertCompareCertificateName
CryptUnprotectData
CertIsValidCRLForCertificate
CertSerializeCRLStoreElement
CryptEnumProvidersU
CertSetEnhancedKeyUsage
CertVerifyTimeValidity
CertFindSubjectInCTL
CertUnregisterSystemStore
CryptSIPVerifyIndirectData
CertUnregisterPhysicalStore
CertAddCRLLinkToStore
CryptUninstallDefaultContext
I_CryptGetAsn1Encoder
CryptRegisterOIDInfo
I_CryptEnableLruOfEntries
CryptEnumKeyIdentifierProperties
I_CryptRegisterSmartCardStore
CryptBinaryToStringW
CryptInitOIDFunctionSet
CryptInstallDefaultContext
I_CryptGetTls
CertEnumCertificatesInStore
CertResyncCertificateChainEngine
CertEnumCTLsInStore
I_CryptInsertLruEntry
CertVerifyCertificateChainPolicy
CryptVerifyCertificateSignatureEx
CryptSignCertificate
CryptMemFree

crtdll

_CIacos
_fstat
atol
__argv_dll
_mbsdec
_toupper
_strncnt
_CIatan2
_mbsnset
_ismbbkpunct
fprintf
_c_exit
strcoll
ungetwc
_execle
wcscspn
fseek
_assert
iswlower
clock
_getdiskfree
cosh
_global_unwind2
_getdcwd
_expand

advapi32

RegEnumKeyExW
GetTrusteeNameW
TreeResetNamedSecurityInfoA
QueryServiceLockStatusA
LogonUserExA
SystemFunction005
WmiQuerySingleInstanceA
OpenEncryptedFileRawA
ConvertSecurityDescriptorToAccessW
LsaQueryDomainInformationPolicy
SystemFunction018
UnregisterTraceGuids
CredGetSessionTypes
EnumerateTraceGuids
RegEnumKeyA
GetEventLogInformation
IsTokenRestricted
LsaCreateAccount
LogonUserExW
ElfReportEventA
AddAccessDeniedAceEx
CryptVerifySignatureA
CreatePrivateObjectSecurityEx
CryptSetHashParam
CryptSetKeyParam
GetUserNameA
SetEntriesInAccessListW
OpenThreadToken
LsaGetQuotasForAccount
AreAnyAccessesGranted
SystemFunction012
WmiSetSingleItemA

user32

UnhookWindowsHook
ImpersonateDdeClientWindow
CreatePopupMenu
DdeCreateStringHandleA
SwitchToThisWindow
LoadIconA
SetForegroundWindow
SetCursor
SetCaretBlinkTime
DdeConnect
GetWindowTextLengthW
GetThreadDesktop
GetLayeredWindowAttributes
EnableScrollBar
CloseDesktop
SetCursorPos
GetMenuItemInfoW
CloseWindowStation
SetWindowContextHelpId
LoadCursorW
GetTabbedTextExtentW
SystemParametersInfoW
UnregisterDeviceNotification
SetUserObjectInformationA
ExitWindowsEx
IsHungAppWindow
GetWindowLongW
GetDoubleClickTime
InvertRect
CallWindowProcA
EnumPropsW
GetSubMenu
SetScrollPos
GetReasonTitleFromReasonCode
CallNextHookEx
MessageBoxExA
MessageBeep
DeleteMenu
GetMenuItemID
DrawTextW
CheckDlgButton
EnumWindowStationsW
UnpackDDElParam
SendIMEMessageExA

msvcrt40

??0iostream@@IAE@XZ
__p___winitenv
?getline@istream@@QAEAAV1@PAEHD@Z
??1strstream@@UAE@XZ
_beginthread
scanf
_mbsnextc
??_8istream@@7B@
_mbsset
??1ifstream@@UAE@XZ
memcmp
_mbsnbset
_ismbcspace
__p___argv
_getche
??4exception@@QAEAAV0@ABV0@@Z
_wputenv
??0streambuf@@IAE@PADH@Z
??_Gstreambuf@@UAEPAXI@Z
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
_CIsinh
rename
tmpfile
_ismbbkprint
fseek
_heapadd
_finite
_getw
_mbctohira
??_Gostream_withassign@@UAEPAXI@Z
_mbsnbcoll
??0strstreambuf@@QAE@P6APAXJ@ZP6AXPAX@Z@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
?clear@ios@@QAEXH@Z
_wexecvpe
?stdiofile@stdiobuf@@QAEPAU_iobuf@@XZ
??5istream@@QAEAAV0@PAD@Z
?write@ostream@@QAEAAV1@PBCH@Z
_fpreset
?seekoff@streambuf@@UAEJJW4seek_dir@ios@@H@Z

Sections

.text
Size: 541KB - Virtual size: 541KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 322KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1cac818585fbe0c8f1f4ca5fddbf8a7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

query

crypt32

crtdll

advapi32

user32

msvcrt40

Sections

.text Size: 541KB - Virtual size: 541KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 322KB - Virtual size: 1.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 541KB - Virtual size: 541KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 322KB - Virtual size: 1.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B