1a5489ecda004b6070cbd1f8878a5b6f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1a5489ecda004b6070cbd1f8878a5b6f_JaffaCakes118
Size

52KB
MD5

1a5489ecda004b6070cbd1f8878a5b6f
SHA1

969d1b3899739bb03d6c739ea5d5d0fec014e4a5
SHA256

9a1d61d2c1694b2b8ff99f2400f5d80db9b319ebcd3a48612001bd47d05d5229
SHA512

466e1d557a34ae637a660173b48534792bbcb50b14c9c2af5263cd11a094f0fbc3e07f8fb48174aaf994ced3d744a7092f4f190ecf378591c0ff6026c72f3d96
SSDEEP

768:Qq6s1VjvSNpF+IfAMvahkwa5l+MwgwRxkBRi5VEAr7+fOZ9:QqV1BqXVIhI5gtgwwi5Vr7NZ9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a5489ecda004b6070cbd1f8878a5b6f_JaffaCakes118

Files

1a5489ecda004b6070cbd1f8878a5b6f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

00915366d96e5ac4ce4b4ee6ed544243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathMatchSpecW
StrRChrW
StrRChrIW
SHQueryInfoKeyW
ColorRGBToHLS
PathUnmakeSystemFolderA
UrlGetPartW
wnsprintfW
SHSetValueA
SHRegOpenUSKeyW
UrlUnescapeA
PathSetDlgItemPathA
SHDeleteOrphanKeyW
PathStripPathA
UrlIsOpaqueA
DelayLoadFailureHook
PathRemoveArgsA
StrNCatA
SHCreateStreamOnFileEx
HashData
StrCatChainW
UrlGetLocationA
PathFindExtensionW
SHRegQueryUSValueA
StrStrIW
SHOpenRegStreamA
PathFindFileNameW
AssocCreate
UrlApplySchemeA
ChrCmpIA
PathIsRootW
StrDupA
PathAddExtensionW
PathIsUNCServerW
StrCpyW
PathIsDirectoryA

security

ImportSecurityContextA
AcquireCredentialsHandleA
QuerySecurityContextToken
EnumerateSecurityPackagesA
MakeSignature
QueryContextAttributesW
AcquireCredentialsHandleW
SealMessage
DeleteSecurityPackageW
DeleteSecurityPackageA
VerifySignature
InitializeSecurityContextW
EnumerateSecurityPackagesW
FreeCredentialsHandle
RevertSecurityContext
InitSecurityInterfaceW
QueryContextAttributesA
InitSecurityInterfaceA
ImpersonateSecurityContext
FreeContextBuffer
AcceptSecurityContext
QueryCredentialsAttributesW
DecryptMessage
QuerySecurityPackageInfoW
AddSecurityPackageW
ExportSecurityContext
UnsealMessage
ApplyControlToken
EncryptMessage
InitializeSecurityContextA
QuerySecurityPackageInfoA
CompleteAuthToken
AddSecurityPackageA
DeleteSecurityContext
ImportSecurityContextW
QueryCredentialsAttributesA

kernel32

GetDiskFreeSpaceW
ReadProcessMemory
GetSystemDefaultLangID
FileTimeToDosDateTime
GetConsoleCommandHistoryW
GetTickCount
GetProfileStringW
GetStartupInfoA
SetFileApisToANSI
SetFileValidData
OpenFile
CreateEventA
BaseFlushAppcompatCache
IsBadHugeWritePtr
MapUserPhysicalPages
GetNumberOfConsoleMouseButtons
GetProcessWorkingSetSize
GetSystemDefaultLCID
DeleteVolumeMountPointA
SetFileAttributesW
Process32NextW
GetFirmwareEnvironmentVariableW
LocalUnlock
VerifyConsoleIoHandle
CreatePipe
FindClose
SuspendThread
EndUpdateResourceA
CreateIoCompletionPort
SetCommTimeouts
GetDriveTypeW
GetUserGeoID
GetVersionExW
LoadResource
EnumDateFormatsW
EnumSystemGeoID
FileTimeToLocalFileTime
EnumSystemLocalesW
GetVDMCurrentDirectories
SetCurrentDirectoryW
WaitForMultipleObjects
GetMailslotInfo
GetConsoleAliasesW
CancelIo
_lcreat
ConsoleMenuControl
GetUserDefaultLCID
GlobalAddAtomA
SetComputerNameExA
DosPathToSessionPathA
SleepEx
EnumCalendarInfoA
MulDiv
VirtualUnlock
ReadConsoleOutputW
GetCPInfoExW
VerifyVersionInfoA
GetStartupInfoW
WriteFileEx
GetCurrentThread
FindAtomW
OutputDebugStringA
IsDBCSLeadByteEx
GetComPlusPackageInstallStatus
GetConsoleAliasesLengthW
LoadLibraryA
GetConsoleCommandHistoryLengthW
CreateFileW
VirtualAlloc
ScrollConsoleScreenBufferA
RegisterConsoleIME
CloseConsoleHandle
EnumLanguageGroupLocalesA
VirtualAllocEx

cryptdll

CDRegisterCheckSum
CDLocateCSystem
CDBuildIntegrityVect
MD5Final
CDFindCommonCSystemWithKey
CDLocateCheckSum
CDLocateRng
MD5Init
CDFindCommonCSystem
CDGenerateRandomBits
CDRegisterRng
MD5Update
CDRegisterCSystem
CDBuildVect

cmutil

?SetParams@CmLogFile@@QAEJHKPBD@Z
?GetHInst@CIniA@@QBEPAUHINSTANCE__@@XZ
CmStrchrA
CmMoveMemory
?GPPI@CIniA@@QBEKPBD0K@Z
?SetSection@CIniW@@QAEXPBG@Z
??_FCIniW@@QAEXXZ
?GetRegPath@CIniW@@QBEPBGXZ
?SetICSDataPath@CIniA@@QAEXPBD@Z
??1CIniW@@QAE@XZ
?SetRegPath@CIniA@@QAEXPBD@Z
SzToWzWithAlloc
WzToSzWithAlloc
CmLoadImageW
??1CmLogFile@@QAE@XZ
?GetRegPath@CIniA@@QBEPBDXZ
?Stop@CmLogFile@@QAEJXZ
??0CIniA@@QAE@PAUHINSTANCE__@@PBD111@Z
?SetSection@CIniA@@QAEXPBD@Z
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBD@Z
?CIniA_GetEntryFromReg@CIniA@@IBEPAEPAUHKEY__@@PBD1KK@Z
CmStrStrW
GetOSMajorVersion
WzToSz
?SetParams@CmLogFile@@QAEJHKPBG@Z
?CIni_SetFile@CIniW@@KGXPAPAGPBG@Z
?SetFile@CIniA@@QAEXPBD@Z
?SetReadICSData@CIniW@@QAEXH@Z
CmWinHelp

msvcrt40

??0bad_typeid@@QAE@ABV0@@Z
__unDName
?rdbuf@ios@@QBEPAVstreambuf@@XZ
putwchar
_wcsupr
_safe_fdiv
??0exception@@QAE@ABV0@@Z
??_8istrstream@@7B@
??0istream@@IAE@ABV0@@Z
??0ifstream@@QAE@PBDHH@Z
_mbsspnp
_mbsncat
?setb@streambuf@@IAEXPAD0H@Z
_getdiskfree
?close@filebuf@@QAEPAV1@XZ
_vsnprintf
__iscsymf
_CIasin
?cerr@@3Vostream_withassign@@A
bsearch
??_Estdiostream@@UAEPAXI@Z
_adjust_fdiv
__argv
??6ostream@@QAEAAV0@F@Z
_mbsset

utildll

NetworkDeviceEnumerate
TestUserForAdmin
ParseDecoratedAsyncDeviceName
StandardErrorMessage
HaveAnonymousUsersChanged
RegGetNetworkServiceName
GetSystemMessageA
StrSystemWaitReason
CtxGetAnyDCName
IsPartOfDomain
GetUnknownString
SetupAsyncCdConfig
QueryCurrentWinStation
StrAsyncConnectState
FormDecoratedAsyncDeviceName
StrSdClass
WinEnumerateDevices
GetAssociatedPortName
ElapsedTimeString
CurrentDateTimeString
CalculateElapsedTime
StrConnectState
InstallModem
CalculateDiffTime
StrProcessState
InitializeAnonymousUserCompareList
GetUserFromSid
GetSystemMessageW
CompareElapsedTime
RegGetNetworkDeviceName
CachedGetUserFromSid
DateTimeString
ConfigureModem
EnumerateMultiUserServers
NetBIOSDeviceEnumerate
AsyncDeviceEnumerate

odbctrac

FireVSDebugEvent
TraceSQLNativeSqlW
TraceSQLColumnPrivilegesW
TraceSQLDriverConnect
TraceSQLFreeHandle
TraceSQLSetConnectOption
TraceOpenLogFile
TraceSQLBrowseConnect
TraceSQLProcedures
TraceSQLColumnsW
TraceSQLDataSourcesW
TraceVersion
TraceSQLSetCursorNameW
TraceSQLSetConnectOptionW
TraceSQLGetTypeInfo
TraceSQLParamOptions
TraceSQLGetCursorName
TraceSQLCancel
TraceSQLGetStmtAttrW
TraceSQLCopyDesc
TraceSQLAllocConnect
TraceSQLGetDiagField
TraceSQLDriverConnectW
TraceSQLGetTypeInfoW
TraceSQLSetCursorName
TraceSQLGetDiagRec
TraceSQLAllocEnv
TraceSQLNumParams
TraceSQLGetConnectOptionW
TraceSQLAllocHandleStdW
TraceCloseLogFile
TraceSQLDataSources
TraceSQLGetCursorNameW
TraceSQLColAttributesW
TraceSQLColAttribute
TraceSQLGetDiagFieldW

iashlpr

MemReallocIas
InitializeIas
MemAllocIas
FreeAttributes
DllGetClassObject
ConfigureIas
DoRequest
AllocateAttributes
ShutdownIas
MemFreeIas

Sections

.tixt
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00915366d96e5ac4ce4b4ee6ed544243

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

security

kernel32

cryptdll

cmutil

msvcrt40

utildll

odbctrac

iashlpr

Sections

.tixt Size: 35KB - Virtual size: 35KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 40KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.tixt
Size: 35KB - Virtual size: 35KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 40KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B