1bad966dcea62531056cbd482dc2a9ee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1bad966dcea62531056cbd482dc2a9ee_JaffaCakes118
Size

172KB
MD5

1bad966dcea62531056cbd482dc2a9ee
SHA1

c7717d92e0bd645e8db9cc3bc95a979d327261f0
SHA256

fd7cdc5c19eaaa0522191243758d658e97c5b8f28d662b0979c09824d354f33d
SHA512

b9418eccb2edbf2d092ac79daddd9419302fb6bf9b17317a3da21a2b4f616bd44da14c75bd40d21b3d85a7f33b25138666564f495c480ca7b7dc2dc9df713e44
SSDEEP

3072:dMsBagAHfJn1wIRRV0DHr2L9e5g8Y5k/w4K5kGfa0DLQxgnw9WwkdCF88UU:50gAHEARejqe5IlkGi0XQqwQzC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bad966dcea62531056cbd482dc2a9ee_JaffaCakes118

Files

1bad966dcea62531056cbd482dc2a9ee_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f0c5f49fcc2a3c985680a79d6af0ef2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

IncrementUrlCacheHeaderData
InternetTimeToSystemTime
FtpPutFileA
InternetWriteFile
HttpAddRequestHeadersW
HttpEndRequestA
CreateUrlCacheContainerW
InternetShowSecurityInfoByURLW
InternetErrorDlg
GetUrlCacheConfigInfoW
InternetTimeToSystemTimeW
DllInstall
InternetOpenA
FtpCreateDirectoryA
FindNextUrlCacheGroup
SetUrlCacheEntryInfoW
FtpDeleteFileA
InternetOpenUrlA
UpdateUrlCacheContentPath
InternetSetStatusCallbackW
InternetQueryOptionA
CreateUrlCacheEntryA
CommitUrlCacheEntryA
InternetConfirmZoneCrossing
InternetCombineUrlA
GopherCreateLocatorW
GopherOpenFileA
FindNextUrlCacheContainerW
DetectAutoProxyUrl
HttpEndRequestW
InternetConfirmZoneCrossingA
RetrieveUrlCacheEntryStreamA

kernel32

GetConsoleInputWaitHandle
LZCopy
WriteConsoleA
GetOEMCP
DosDateTimeToFileTime
LockFile
SystemTimeToFileTime
GetLogicalDrives
SetCommBreak
LocalAlloc
GetLastError
GlobalAddAtomW
SetConsolePalette
VirtualQuery
TryEnterCriticalSection
GetLogicalDriveStringsW
MapUserPhysicalPages
IsValidLocale
GetNamedPipeInfo
SetConsoleMode
GlobalHandle
GetCompressedFileSizeA
RtlCaptureStackBackTrace
SetConsoleFont
ReadConsoleInputW
IsSystemResumeAutomatic
VirtualAlloc
GetCurrentThreadId
GetNextVDMCommand
DefineDosDeviceA
EnumTimeFormatsW
GetVolumePathNamesForVolumeNameW
AllocConsole
LoadLibraryA
SetConsoleHardwareState
Process32FirstW
DnsHostnameToComputerNameA
DosPathToSessionPathW
GetTimeZoneInformation
SetVolumeLabelA
EnumDateFormatsW
SetEndOfFile
GetACP
AddVectoredExceptionHandler

query

?UnMarshall@CDbProp@@QAEHAAVPDeSerStream@@@Z
?Marshall@CPropNameArray@@QBEXAAVPSerStream@@@Z
??0CAllocStorageVariant@@QAE@PBGAAVPMemoryAllocator@@@Z
?Copy@CDbPropSet@@QAEHABUtagDBPROPSET@@@Z
?GetR8@CAllocStorageVariant@@QBENI@Z
??1CRegNotify@@MAE@XZ
??0CNodeRestriction@@QAE@KI@Z
DoneFILTERPerformanceData
?GetFILETIME@CAllocStorageVariant@@QBE?AU_FILETIME@@I@Z
?Append@CEnumWorkid@@QAEXK@Z
CIGetGlobalPropertyList
?AcqRst@CRangeKeyRepository@@QAEPAVCRangeRestriction@@XZ
?DecodeHtmlNumeric@@YGXPAG@Z
??0CRcovStrmAppendTrans@@QAE@AAVPRcovStorageObj@@@Z
?DoUpdates@CFilterDaemon@@QAEJXZ
FsCiShutdown
?Find@CPropertyList@@UAEPBVCPropEntry@@ABVCDbColId@@@Z
?RequiresFlush@CPhysStorage@@QAEHK@Z
?Copy@CDbParameter@@QAEHABUtagDBPARAMETER@@@Z
??0CStandardPropMapper@@QAE@XZ
?MakeBackupCopy@CPidLookupTable@@QAEXAAVPRcovStorageObj@@AAVPSaveProgressTracker@@@Z
?GetR4@CAllocStorageVariant@@QBEMI@Z
?QueryPidLookupTable@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
??3CDbPropSet@@SGXPAX@Z
?GetPhysicalPath@CWebServer@@QAEKPBGPAGKK@Z
?SaComputeSize@@YGKGAAUtagSAFEARRAY@@@Z
??0CAllocStorageVariant@@QAE@PBU_GUID@@AAVPMemoryAllocator@@@Z
?DeleteRecord@CPropStoreManager@@QAEXK@Z
?Serialize@CDbQueryResults@@QBEXAAVPSerStream@@@Z
?HTMLEscapeW@@YGXPBGAAVCVirtualString@@K@Z
??1?$XPtr@VCDbProjectListElement@@@@QAE@XZ
??0CiStorage@@QAE@PBGAAUICiCAdviseStatus@@KKH@Z

ufat

?QueryFileStartingCluster@FAT_SA@@QAEKPBVWSTRING@@PAVHMEM@@PAPAVFATDIR@@PAEPAVFAT_DIRENT@@@Z
?QueryLastWriteTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?SearchForDirEntry@FATDIR@@QAEPAXPBVWSTRING@@@Z
??0ROOTDIR@@QAE@XZ
??1CLUSTER_CHAIN@@UAE@XZ
??0CLUSTER_CHAIN@@QAE@XZ
??1FILEDIR@@UAE@XZ
?QueryLastAccessTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
ChkdskEx
??0EA_HEADER@@QAE@XZ
?QueryAllocatedClusters@FAT@@QBEKXZ
?Initialize@REAL_FAT_SA@@UAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@E@Z
?Set12@FAT@@AAEXKK@Z
?QueryFreeSectors@REAL_FAT_SA@@QBEKXZ
?Read@EA_SET@@UAEEXZ
?IsValidCreationTime@FAT_DIRENT@@QBEEXZ
??0FILEDIR@@QAE@XZ
?IsValidLastWriteTime@FAT_DIRENT@@QBEEXZ
?QueryLengthOfChain@FAT@@QBEKKPAK@Z
?InitFATChkDirty@REAL_FAT_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@@Z
Recover
??0REAL_FAT_SA@@QAE@XZ
?QueryLongName@FATDIR@@QAEEJPAVWSTRING@@@Z
FormatEx
??1ROOTDIR@@UAE@XZ
?GetEa@EA_SET@@QAEPAU_EA@@KPAJPAE@Z
?QueryCensusAndRelocate@FAT_SA@@QAEEPAU_CENSUS_REPORT@@PAVINTSTACK@@PAE@Z
?Initialize@FILEDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@K@Z
??1FAT_SA@@UAE@XZ
?Read@REAL_FAT_SA@@UAEEPAVMESSAGE@@@Z
??1FAT_DIRENT@@UAE@XZ
?Initialize@EA_HEADER@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?AllocChain@FAT@@QAEKKPAK@Z
?Initialize@EA_SET@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
??1EA_HEADER@@UAE@XZ
?Initialize@ROOTDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KJ@Z
??0EA_SET@@QAE@XZ

oleaut32

VarI1FromR4
SysReAllocString
SafeArrayUnaccessData
VarBoolFromI2
VarI8FromR8
VarI4FromUI1
VarUI2FromBool
DispCallFunc
SafeArrayGetVartype
VarI2FromDisp
VarCat
VarCyFromDisp
VarDecFromI1
VarR4FromDec
VarI2FromI8
VarDateFromStr
VarR8FromI2
SafeArrayGetElemsize
VariantChangeTypeEx
VarUI4FromUI1
VariantChangeType
VarI1FromDisp
VarUI1FromDec
VarR8FromUI4
VarI1FromUI1
VarBstrFromR8
VarUI8FromUI1
VarAbs
VarNumFromParseNum
VarCyFromUI8
VarEqv
GetVarConversionLocaleSetting
BSTR_UserUnmarshal
VarUI8FromStr
VarDecAdd
SysAllocStringByteLen
RevokeActiveObject
VarCySub
VarBoolFromDec
VarBstrFromI4
OACreateTypeLib2
VarR4FromDisp
VarI8FromDisp

ntdsapi

DsGetSpnW
DsMakePasswordCredentialsA
DsReplicaGetInfo2W
DsFreeDomainControllerInfoA
DsaopUnBind
DsListDomainsInSiteW
DsUnBindA
DsListInfoForServerA
DsBindWithCredW
DsClientMakeSpnForTargetServerW
DsCrackSpnA
DsReplicaSyncAllA
DsBindWithSpnW
DsQuoteRdnValueW
DsReplicaSyncA
DsCrackSpn2W
DsaopPrepareScript
DsCrackSpn3W
DsReplicaUpdateRefsW
DsMakeSpnA
DsCrackNamesW
DsCrackSpnW
DsaopBindWithCred
DsUnquoteRdnValueW
DsFreeNameResultA
DsRemoveDsDomainW
DsWriteAccountSpnA
DsReplicaSyncW
DsCrackNamesA
DsReplicaModifyW
DsReplicaAddA
DsRemoveDsServerA
DsListServersInSiteW
DsIsMangledRdnValueA
DsMakeSpnW
DsaopBind
DsBindW

d3d8thk

OsThunkDdReleaseDC
OsThunkDdEndMoCompFrame
OsThunkDdDeleteDirectDrawObject
OsThunkDdAddAttachedSurface
OsThunkDdSetExclusiveMode
OsThunkDdColorControl
OsThunkD3dContextDestroy
OsThunkD3dContextCreate
OsThunkD3dDrawPrimitives2
OsThunkDdGetMoCompBuffInfo
OsThunkDdCreateD3DBuffer
OsThunkDdRenderMoComp
OsThunkDdFlipToGDISurface
OsThunkDdUpdateOverlay
OsThunkDdGetDriverState
OsThunkDdCreateSurfaceEx
OsThunkDdQueryMoCompStatus
OsThunkDdGetFlipStatus
OsThunkDdSetOverlayPosition
OsThunkDdUnattachSurface
OsThunkDdLock
OsThunkDdGetMoCompFormats
OsThunkDdAttachSurface
OsThunkDdCanCreateD3DBuffer
OsThunkD3dValidateTextureStageState
OsThunkDdSetColorKey
OsThunkDdLockD3D
OsThunkDdDestroyD3DBuffer
OsThunkDdGetMoCompGuids
OsThunkDdSetGammaRamp
OsThunkDdAlphaBlt
OsThunkDdDestroySurface
OsThunkDdFlip
OsThunkDdBeginMoCompFrame
OsThunkDdCreateDirectDrawObject
OsThunkDdGetDC
OsThunkDdQueryDirectDrawObject
OsThunkDdReenableDirectDrawObject
OsThunkDdUnlock
OsThunkD3dContextDestroyAll
OsThunkDdGetDriverInfo
OsThunkDdWaitForVerticalBlank
OsThunkDdGetScanLine
OsThunkDdDestroyMoComp
OsThunkDdCreateSurface

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0c5f49fcc2a3c985680a79d6af0ef2d

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

query

ufat

oleaut32

ntdsapi

d3d8thk

Sections

.text Size: 81KB - Virtual size: 81KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 45KB - Virtual size: 240KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 81KB - Virtual size: 81KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 45KB - Virtual size: 240KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B