1a5b2cb7595876dfde23041544263f6a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1a5b2cb7595876dfde23041544263f6a_JaffaCakes118
Size

385KB
MD5

1a5b2cb7595876dfde23041544263f6a
SHA1

1a922b2231b3c8def554211e0f09726236e8f30a
SHA256

db6859834fc57f61b82fb44ea3af8127a8f98cfcb3d425616f39711a060fcae9
SHA512

805fadd9d7609ee638b3e5f4ebab3dc5ee0a5415d1080f73f82d4b391e42a2894ee5ca0a1286ca5bb209b550f259bb356d8cd85c84fc507ea16a8222cad9fe75
SSDEEP

6144:SrZ0dEtL4fVQykeZ1fJ1zONN6gXmKSV91EzbZnyQ1Nogt9Im:gZ0CtL4fGAZ1DCN8Br1sbZnbft9I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a5b2cb7595876dfde23041544263f6a_JaffaCakes118

Files

1a5b2cb7595876dfde23041544263f6a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f59a4a0f74c80dbac6ae4f4e68648e0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcirt

?attach@ofstream@@QAEXH@Z
?close@ifstream@@QAEXXZ
?getline@istream@@QAEAAV1@PACHD@Z
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
??4ostrstream@@QAEAAV0@ABV0@@Z
?setrwbuf@stdiobuf@@QAEHHH@Z
??_7stdiobuf@@6B@
?seekoff@filebuf@@UAEJJW4seek_dir@ios@@H@Z
?fill@ios@@QAEDD@Z
??_8ofstream@@7B@
??5istream@@QAEAAV0@AAC@Z
?precision@ios@@QAEHH@Z
??1fstream@@UAE@XZ
??_Efilebuf@@UAEPAXI@Z
?write@ostream@@QAEAAV1@PBCH@Z
??0Iostream_init@@QAE@XZ
??6ostream@@QAEAAV0@G@Z
?str@strstreambuf@@QAEPADXZ
??4streambuf@@QAEAAV0@ABV0@@Z
??6ostream@@QAEAAV0@N@Z
??5istream@@QAEAAV0@PAE@Z
?get@istream@@QAEAAV1@PADHD@Z
??0ifstream@@QAE@HPADH@Z
??0exception@@QAE@XZ
??_8fstream@@7Bistream@@@
?attach@filebuf@@QAEPAV1@H@Z
?is_open@ifstream@@QBEHXZ
??_Eostream_withassign@@UAEPAXI@Z
?rdbuf@fstream@@QBEPAVfilebuf@@XZ
?allocate@streambuf@@IAEHXZ
??_7iostream@@6B@

kernel32

GetProcessAffinityMask
SetProcessWorkingSetSize
GetSystemWindowsDirectoryA
WriteConsoleW
VerLanguageNameW
FreeEnvironmentStringsW
FatalExit
HeapCreate
SetSystemPowerState
InterlockedPushEntrySList
LoadLibraryA
GetLogicalDrives
CreateMailslotA
ReleaseSemaphore
GlobalFindAtomA
HeapCompact
SetConsoleCursorMode
VirtualAlloc
Process32NextW
IsBadStringPtrW
SetConsoleInputExeNameA
CreateMutexA
SetConsoleWindowInfo
FindFirstFileExA
BuildCommDCBW
GlobalGetAtomNameA
SetConsoleMode
CreateActCtxW
OpenFileMappingW
GetPrivateProfileIntW
SetThreadPriority
QueryPerformanceCounter
SizeofResource
OpenWaitableTimerA
VerifyVersionInfoA
ConsoleMenuControl
FindFirstVolumeW
PrepareTape
FlushViewOfFile
GetCommandLineW
lstrcpyn
OpenWaitableTimerW
GetStartupInfoA
GetConsoleAliasesLengthA
EraseTape
GetProfileSectionW
DeleteTimerQueueEx

ntdll

NtRaiseHardError
RtlUnicodeToCustomCPN
RtlNtPathNameToDosPathName
ZwCreateKey
RtlSetCurrentEnvironment
RtlFirstFreeAce
RtlNewSecurityObjectEx
NtQueryInformationProcess
NtSetSystemInformation
NtSetInformationDebugObject
RtlFillMemory
RtlNumberGenericTableElementsAvl
NtOpenFile
ZwSetHighWaitLowEventPair
ZwQuerySemaphore
NtSetLowWaitHighEventPair
NtUnlockFile
RtlDeleteAce
RtlSetUserValueHeap
NtLockRegistryKey
NtProtectVirtualMemory
DbgUiStopDebugging
NtPowerInformation
NtSetEvent
__isascii
NtDuplicateToken
ZwOpenTimer
RtlSetUserFlagsHeap
ZwCompleteConnectPort
RtlpNtSetValueKey
RtlQueryHeapInformation
RtlCreateAtomTable
RtlDnsHostNameToComputerName
RtlCompareUnicodeString
ZwWriteRequestData
ZwRestoreKey

catsrvut

??4CComPlusInterface@@QAEAAV0@ABV0@@Z
?GetITypeLib@CComPlusTypelib@@QAEPAUITypeLib@@XZ
ManagedRequestW
QueryUserDllW
??1CComPlusInterface@@UAE@XZ
SysprepComplus2
??0CComPlusMethod@@QAE@ABV0@@Z
RunMTSToCom
??_7CComPlusMethod@@6B@
FindAssemblyModulesW
??4CComPlusComponent@@QAEAAV0@ABV0@@Z
??1CComPlusComponent@@UAE@XZ
RegDBRestore
??4CComPlusMethod@@QAEAAV0@ABV0@@Z
??_7CComPlusObject@@6B@
SysprepComplus
DllGetClassObject
??_7CComPlusInterface@@6B@
RegDBBackup
??4CComPlusTypelib@@QAEAAV0@ABV0@@Z
??_7CComPlusComponent@@6B@
CGMIsAdministrator
COMPlusUninstallActionW
??0CComPlusObject@@QAE@ABV0@@Z
??0CComPlusComponent@@QAE@ABV0@@Z
??4CComPlusObject@@QAEAAV0@ABV0@@Z
??0CComPlusInterface@@QAE@ABV0@@Z
WinlogonHandlePendingInfOperations
StartMTSTOCOM

odbctrac

TraceSQLSetStmtAttrW
TraceOpenLogFile
TraceVersion
TraceSQLPutData
TraceSQLSpecialColumns
TraceSQLDisconnect
TraceSQLTables
TraceSQLNumResultCols
TraceSQLColAttribute
TraceSQLNativeSql
TraceSQLSetPos
TraceSQLProcedureColumns
TraceSQLFreeStmt
TraceSQLCloseCursor
TraceSQLDescribeColW
TraceSQLGetConnectOptionW
TraceReturn
TraceSQLFreeHandle
TraceSQLSetConnectAttr
TraceSQLPrimaryKeysW
TraceSQLParamData
TraceSQLCopyDesc
TraceSQLTablePrivileges
TraceSQLStatistics
TraceSQLExecDirectW
TraceSQLSpecialColumnsW
TraceSQLBindParam
TraceSQLParamOptions
TraceSQLGetDescField
TraceSQLFetchScroll
TraceSQLGetStmtOption
TraceSQLExtendedFetch
TraceSQLSetConnectAttrW
TraceSQLDrivers
TraceSQLSetDescFieldW
TraceSQLTransact
TraceSQLColumnPrivileges
TraceSQLSetCursorName
TraceCloseLogFile

msvcrt40

_adj_fdiv_r
div
?setp@streambuf@@IAEXPAD0@Z
??0istream@@IAE@ABV0@@Z
_getmbcp
_assert
??_7filebuf@@6B@
_ismbcspace
__p__environ
iswgraph
??1bad_cast@@UAE@XZ
??6ostream@@QAEAAV0@H@Z
fscanf
??_Gistream_withassign@@UAEPAXI@Z
__iscsym
??_Dofstream@@QAEXXZ
memchr
?iword@ios@@QBEAAJH@Z
_mbsrchr
??_Eios@@UAEPAXI@Z
_HUGE
iswdigit
_ftime
_wstat
_mbsdup
wcscat
strtod
?opfx@ostream@@QAEHXZ
??0strstreambuf@@QAE@H@Z
scanf
??0ifstream@@QAE@ABV0@@Z
_errno
_ismbbgraph
?sync@streambuf@@UAEHXZ
??0ios@@IAE@XZ
memmove
_hypot
?setrwbuf@stdiobuf@@QAEHHH@Z
_fpreset
?open@filebuf@@QAEPAV1@PBDHH@Z

cmutil

??4CRandom@@QAEAAV0@ABV0@@Z
CmStripFileNameW
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBD@Z
?CIni_SetFile@CIniA@@KGXPAPADPBD@Z
CmLoadSmallIconA
?SetICSDataPath@CIniW@@QAEXPBG@Z
?CIniA_DeleteEntryFromReg@CIniA@@IBEHPAUHKEY__@@PBD1@Z
?CIniW_DeleteEntryFromReg@CIniW@@IBEHPAUHKEY__@@PBG1@Z
?Log@CmLogFile@@QAAXW4_CMLOG_ITEM@@ZZ
?SetHInst@CIniW@@QAEXPAUHINSTANCE__@@@Z
WzToSzWithAlloc
?SetWriteICSData@CIniW@@QAEXH@Z
CmLoadImageW
?SetPrimaryRegPath@CIniA@@QAEXPBD@Z
?SetFile@CIniW@@QAEXPBG@Z
?LoadEntry@CIniA@@IBEPADPBD@Z
??1CIniW@@QAE@XZ
?GPPS@CIniA@@QBEPADPBD00@Z
??0CmLogFile@@QAE@XZ
??_FCIniW@@QAEXXZ
?GetHInst@CIniW@@QBEPAUHINSTANCE__@@XZ
?GetSection@CIniA@@QBEPBDXZ
?WPPB@CIniA@@QAEXPBD0H@Z
?Generate@CRandom@@QAEHXZ
CmStrchrA
?SetPrimaryRegPath@CIniW@@QAEXPBG@Z
CmBuildFullPathFromRelativeA
CmLoadStringW
??4CIniA@@QAEAAV0@ABV0@@Z
?GetPrimaryRegPath@CIniA@@QBEPBDXZ
??0CRandom@@QAE@I@Z
??0CIniA@@QAE@PAUHINSTANCE__@@PBD111@Z
?Write@CmLogFile@@AAEJPAG@Z
?Init@CRandom@@QAEXK@Z
?CIniA_GetEntryFromReg@CIniA@@IBEPAEPAUHKEY__@@PBD1KK@Z
?Stop@CmLogFile@@QAEJXZ
?CIni_SetFile@CIniW@@KGXPAPAGPBG@Z
?GetPrimaryRegPath@CIniW@@QBEPBGXZ
?GPPI@CIniW@@QBEKPBG0K@Z
MakeBold

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f59a4a0f74c80dbac6ae4f4e68648e0a

Headers

DLL Characteristics

File Characteristics

Imports

msvcirt

kernel32

ntdll

catsrvut

odbctrac

msvcrt40

cmutil

Sections

.text Size: 103KB - Virtual size: 103KB

.rdata Size: 244KB - Virtual size: 244KB

.data Size: 20KB - Virtual size: 443KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 103KB - Virtual size: 103KB

.rdata
Size: 244KB - Virtual size: 244KB

.data
Size: 20KB - Virtual size: 443KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 1024B - Virtual size: 1024B