22cc624b6b45be4f14016080e4094661_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

22cc624b6b45be4f14016080e4094661_JaffaCakes118
Size

25KB
MD5

22cc624b6b45be4f14016080e4094661
SHA1

4ae71d99cd50c11c7cba52b64531c7c9667a20a5
SHA256

f8cabf00c68426bad9be89e7af7043ea46d79d896726ea64213b26ea2d08645f
SHA512

afeebd324aea39a40c9c13e91aee2d275df4053631c811d03bd73b4cfe570e02350826d5d9c075c1eb31f7c07973fece4b6c25f181f4b88bef0c0b8f61c52288
SSDEEP

768:2uQUxGBIieqhFDlCj/UkAEZQwWTbqRAkd:QUkBxZ5cMEqw6bqOy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22cc624b6b45be4f14016080e4094661_JaffaCakes118

Files

22cc624b6b45be4f14016080e4094661_JaffaCakes118
.exe windows:5 windows x86 arch:x86

add311e5102129fc2146665003c13bad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp60

??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBE@Z
??4?$numeric_limits@G@std@@QAEAAV01@ABV01@@Z
?write@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@PBGH@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??_7?$_Mpunct@G@std@@6B@
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??X?$_Complex_base@N@std@@QAEAAV01@ABN@Z
?_Getcat@?$_Mpunct@D@std@@SAIXZ
_LXbig
?scan_is@?$ctype@D@std@@QBEPBDFPBD0@Z
?id@?$messages@G@std@@2V0locale@2@A
?find_last_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?overflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGG@Z
?_Xlen@std@@YAXXZ
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBEHXZ
??Hstd@@YA?AV?$complex@O@0@ABOABV10@@Z
_Nan
?infinity@?$numeric_limits@C@std@@SACXZ
??Ystd@@YAAAV?$complex@O@0@AAV10@ABV10@@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIABV12@II@Z
?_Clocptr@_Locimp@locale@std@@0PAV123@A
?_Getcat@?$numpunct@G@std@@SAIXZ
?do_neg_format@?$_Mpunct@D@std@@MBE?AUpattern@money_base@2@XZ

opengl32

glGetTexLevelParameterfv
glMapGrid2f
glBindTexture
glClearColor
glRasterPos4fv
glMapGrid1f
glGetPixelMapuiv
glDrawArrays
glColor4dv
wglChoosePixelFormat
glVertex4f
glDepthRange
glTexGendv
glCopyPixels
glPopMatrix
glColor3i
glTexGenf
wglSwapLayerBuffers
glVertex3fv
glRasterPos4i
glPixelMapusv
glDeleteTextures
glTexCoord1d
glRasterPos3s
glVertex3d
glGetTexGeniv
glRasterPos4s
wglGetPixelFormat
glLightfv
glLoadName
wglRealizeLayerPalette
glColorPointer
glGetMapiv

ntdll

ZwReadRequestData
RtlIpv6AddressToStringW
NtMakeTemporaryObject
RtlUnhandledExceptionFilter
RtlxOemStringToUnicodeSize
RtlAddAccessAllowedObjectAce
ZwCreatePagingFile
_ui64toa
RtlDeactivateActivationContext
LdrSetAppCompatDllRedirectionCallback
RtlStringFromGUID
RtlDefaultNpAcl
ZwRestoreKey
NtSaveMergedKeys
wcscspn
RtlTimeToSecondsSince1970
_allrem
RtlpNtCreateKey
NtFlushWriteBuffer
NtOpenProcessToken
NtLockProductActivationKeys
NtCreateProfile
ZwSetInformationProcess
RtlIntegerToChar
RtlLargeIntegerToChar
RtlFreeOemString
_splitpath
RtlQueryProcessLockInformation
ZwQueryDebugFilterState
RtlIsGenericTableEmptyAvl
RtlStatMemoryStream

winipsec

OpenTransportFilterHandle
CloseTunnelFilterHandle
OpenTunnelFilterHandle
CloseMMFilterHandle
GetQMPolicyByID
GetTransportFilter
EnumTunnelFilters
GetMMPolicy
QueryIPSecStatistics
GetMMAuthMethods
EnumIPSecInterfaces
SPDApiBufferAllocate
AddQMPolicy
EnumTransportFilters
CloseTransportFilterHandle
GetMMPolicyByID
AddTransportFilter
AddMMPolicy
MatchMMFilter
EnumQMPolicies
EnumQMSAs
MatchTransportFilter
DeleteTransportFilter
DeleteMMAuthMethods
SetTunnelFilter
SetMMAuthMethods
GetQMPolicy
OpenMMFilterHandle
AddMMFilter
EnumMMPolicies
SetQMPolicy
DeleteQMPolicy
DeleteMMFilter
GetTunnelFilter
AddTunnelFilter
GetMMFilter
EnumMMAuthMethods

dbghelp

SymGetLineNext
DbgHelpCreateUserDumpW
MakeSureDirectoryPathExists
DbgHelpCreateUserDump
SymGetModuleInfoW64
WinDbgExtensionDllInit
StackWalk64
SymGetSymPrev
SymEnumSymbols
SymGetLinePrev64
SymLoadModule64
SymGetLineFromAddr
FindDebugInfoFileEx
SearchTreeForFile
FindFileInSearchPath
SymUnDName
SymUnloadModule64
SymEnumerateModules64
srcfiles
ImageRvaToSection
SymFromAddr
SymGetSymNext64
UnDecorateSymbolName
SymGetLineNext64
FindExecutableImageEx
ImageRvaToVa

kernel32

GetComPlusPackageInstallStatus
SetProcessShutdownParameters
SetThreadAffinityMask
LZClose
CreateSocketHandle
ReadConsoleInputExW
RemoveVectoredExceptionHandler
FindNextFileA
FreeResource
ResumeThread
OpenWaitableTimerW
GetModuleHandleW
GetConsoleNlsMode
lstrlenW
IsBadHugeWritePtr
WriteProcessMemory
Beep
SetConsoleDisplayMode
_hwrite
FindFirstFileExA
GetVersion
FindVolumeMountPointClose
SetVolumeLabelW
WriteProfileSectionA
InitAtomTable
VirtualAlloc
CreateConsoleScreenBuffer
SetConsoleOutputCP
GetCurrencyFormatW
EnumTimeFormatsA
UnmapViewOfFile
Sleep
DebugSetProcessKillOnExit
WriteConsoleOutputW
SetLocaleInfoW
GetSystemWow64DirectoryA

advapi32

RegQueryValueW
CreateRestrictedToken
CredWriteW
RegQueryInfoKeyW
GetExplicitEntriesFromAclW
GetMultipleTrusteeA
ElfBackupEventLogFileW
QueryTraceW
CryptDuplicateKey
LsaICLookupNames
SaferCloseLevel
ReportEventA
DestroyPrivateObjectSecurity
SaferGetLevelInformation
NotifyChangeEventLog
RegisterServiceCtrlHandlerExW
RegLoadKeyW
ImpersonateLoggedOnUser
RegNotifyChangeKeyValue
GetServiceDisplayNameA
SaferRecordEventLogEntry
LsaSetSecret
ElfRegisterEventSourceA
ControlTraceA
RegConnectRegistryA
UnregisterIdleTask
SaferiRecordEventLogEntry
CredRenameA
ObjectOpenAuditAlarmW
CryptGenKey
BackupEventLogW
SetUserFileEncryptionKey
CryptDestroyKey
LsaEnumerateTrustedDomainsEx
RegisterTraceGuidsW
LookupAccountNameA
SystemFunction007
FlushTraceA
CryptHashData

wavemsp

DllUnregisterServer
DllRegisterServer
DllCanUnloadNow
DllGetClassObject

user32

PostMessageA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

add311e5102129fc2146665003c13bad

Headers

DLL Characteristics

File Characteristics

Imports

msvcp60

opengl32

ntdll

winipsec

dbghelp

kernel32

advapi32

wavemsp

user32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 2KB