1c7498ec6c87883152e9e330cc4a13d7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1c7498ec6c87883152e9e330cc4a13d7_JaffaCakes118
Size

160KB
MD5

1c7498ec6c87883152e9e330cc4a13d7
SHA1

e6907384731d92a10e946af200a28b770feebe33
SHA256

75fb6541ed994f6a9a2ad9e18ce21bcd066bbf952e569501e97ccecd2019881c
SHA512

63b9cafe3026274186be2a04722baf600c6d6b4d6fa82eae7ca71cfea262df8df7839f5711d4b6f39cd528fe2ba9c8fa93c9a8cdf56f07cb585d7b38cf9589ce
SSDEEP

1536:vjJ+xw3u5Ml+gqbFIBie/mB6iyoKKeQpqpu5XmV3Pfn0+B:vj2w3udgq+B1/mB6iLeQpqpumfs+B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c7498ec6c87883152e9e330cc4a13d7_JaffaCakes118

Files

1c7498ec6c87883152e9e330cc4a13d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f536f28670eb589248a1c7d4067dfdc5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoRegisterClassObject
CreateStreamOnHGlobal
CoMarshalInterface
CoRevokeClassObject
CLSIDFromString
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoInitialize
StringFromGUID2
CoUninitialize
CoImpersonateClient
CoRevertToSelf

oleaut32

SysStringLen
SysFreeString
SysAllocString
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysAllocStringLen

nailog

_naimcomn_GetLogLevelFromRegistry@0
_naimcomn_SetSystem@4
_naimcomn_InitTracer@0
_naimcomn_SetLogToStdout@4
_naimcomn_StartFileLogging@4
_naimcomn_EndFileLogging@0

kernel32

GetVersion
EnterCriticalSection
lstrlenA
GetCurrentProcess
DebugBreak
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
GetCurrentProcessId
GetCurrentThread
ResetEvent
SetEvent
GetLastError
LeaveCriticalSection
FreeLibrary
InterlockedDecrement
Sleep
GetCurrentThreadId
SetProcessWorkingSetSize
GetModuleFileNameA
LoadResource
GetUserDefaultLangID
GetCommandLineW
InterlockedIncrement
OpenProcess
WaitForSingleObject
SizeofResource
SetLastError
InterlockedExchange
GetModuleHandleA
FlushInstructionCache
CompareStringA

user32

GetWindowThreadProcessId
DestroyWindow
ShowWindow

advapi32

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
DeleteService
CreateServiceW
RegCloseKey
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ControlService
ChangeServiceConfigW
OpenThreadToken
StartServiceW
CopySid
SetServiceStatus
SetSecurityDescriptorDacl
QueryServiceStatus
InitializeSecurityDescriptor
EqualSid
GetTokenInformation
OpenProcessToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid

naxml

?GetAttribute@Element@AdvXMLParser@@QAEAAVAttribute@2@PBG@Z
?GetChild@NodeContainer@AdvXMLParser@@IBEAAVNode@2@PBGIH@Z
?IsNull@Node@AdvXMLParser@@QBE_NXZ
?null@Attribute@AdvXMLParser@@2V12@A
?null@Comment@AdvXMLParser@@2V12@A
?null@Pi@AdvXMLParser@@2V12@A
?null@CData@AdvXMLParser@@2V12@A
??0Parser@AdvXMLParser@@QAE@XZ
?ReadBufferFromFile@AdvXMLParser@@YAXABV?$basic_string@GV?$char_traits@G@std@@V?$__malloc_alloc_template@$0A@@2@@std@@AAV23@AAW4UTF_ENCODINGS@1@H@Z
?Parse@Parser@AdvXMLParser@@QAEPAVDocument@2@PBGH@Z
?null@Element@AdvXMLParser@@2V12@A
??1Exception@AdvXMLParser@@UAE@XZ
??1ParsingException@AdvXMLParser@@UAE@XZ
??1Parser@AdvXMLParser@@UAE@XZ

nacmnlib

?cmnlib_MonitorRegistryLogLevel@@YAXXZ
?cmnlib_ValidateProductSuite@@YAHPBG@Z
?cmnlib_QueryRegValue@@YA?AV?$basic_string@GV?$char_traits@G@std@@V?$__malloc_alloc_template@$0A@@2@@std@@AAPAUHKEY__@@PBGPAJ@Z
?cmnlib_AppendFilePath@@YA?AV?$basic_string@GV?$char_traits@G@std@@V?$__malloc_alloc_template@$0A@@2@@std@@ABV12@0@Z
?cmnlib_SetActivityLogName@@YAXPBG@Z
?cmnlib_StartActivityLogging@@YAXXZ
?cmnlib_SetLogLevel@@YAXW4naimcomn_LogLevel@@@Z
?IsWinNT@@YAHXZ
?cmnlib_ContinueActivityLogging@@YAXXZ
?cmnlib_GetFrameworkDataDir@@YA?AV?$basic_string@GV?$char_traits@G@std@@V?$__malloc_alloc_template@$0A@@2@@std@@XZ
?cmnlib_SetActivityMaxMessageCount@@YAXJ@Z
?install@CSEException@@SAXXZ
?cmnlib_NormalExit@@YAXXZ
LoadResourceDLLW
?cmnlib_CreateGlobalObjectName@@YA?AV?$basic_string@GV?$char_traits@G@std@@V?$__malloc_alloc_template@$0A@@2@@std@@ABV12@@Z
?cmnlib_CreateGlobalSecurityAttrib@@YAXPAU_SECURITY_DESCRIPTOR@@PAU_SECURITY_ATTRIBUTES@@@Z
?AddMessageW@CnaLogger@@SAJW4ESUBSYSTEM@@W4naimcomn_LogLevel@@PBGZZ
GetResString
?cmnlib_StopMonitoringRegistryLogLevel@@YAXXZ
?cmnlib_StopActivityLogging@@YAXXZ
?cmnlib_PauseActivityLogging@@YAXXZ

applib

??1AnSd@@QAE@XZ
??1ASid@@QAE@XZ
??0ARegKey@@QAE@XZ
?open@ARegKey@@AAE_N_NPAUHKEY__@@PBGK@Z
??0AnInfoTrace@@QAE@PBG0@Z
?initializeThreadTraceStacks@@YAXXZ
??1AnInfoTrace@@QAE@XZ
??0AnAcl@@QAE@XZ
?setByAuthorities@ASid@@QAE_NPAU_SID_IDENTIFIER_AUTHORITY@@KKKKKKKK@Z
?remove@ARegKey@@QAE_NPBG@Z
?add@AnAcl@@QAE_NPAX_NKK@Z
?setToProcessUser@ASid@@QAE_NXZ
?authority@?1??getNtAuthority@ASid@@SAPAU_SID_IDENTIFIER_AUTHORITY@@XZ@4U3@A
?create@AnSd@@QAE_NPAU_ACL@@PAX@Z
?set@ARegKey@@QAE_NPBGPAVABuffer@@@Z
??0ABuffer@@QAE@XZ
?get@ARegKey@@AAE_N_NPBGPAK@Z
??1ARegKey@@QAE@XZ
??1AnAcl@@QAE@XZ
??1ATrace@@QAE@XZ
?set@ARegKey@@QAE_NPBG0@Z
??1ABuffer@@QAE@XZ

msvcrt

wcscpy
memcmp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_wtoi
_snwprintf
realloc
memset
_except_handler3
__dllonexit
_onexit
_exit
_XcptFilter
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
vswprintf
wcslen
__CxxFrameHandler
??2@YAPAXI@Z
_controlfp
wcschr
_EH_prolog
_CxxThrowException
memmove
free
malloc
exit
fprintf
memcpy
_putws
strncpy
_iob
strlen

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.erdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f536f28670eb589248a1c7d4067dfdc5

Headers

File Characteristics

Imports

ole32

oleaut32

nailog

kernel32

user32

advapi32

naxml

nacmnlib

applib

msvcrt

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 12KB - Virtual size: 9KB

.erdata Size: 60KB - Virtual size: 60KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 9KB

.erdata
Size: 60KB - Virtual size: 60KB