26082891ed6bed1795ae881e4770da7a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

26082891ed6bed1795ae881e4770da7a_JaffaCakes118
Size

161KB
MD5

26082891ed6bed1795ae881e4770da7a
SHA1

149bbf558e7a2fad5881a4549eb10bd3010e2bc4
SHA256

9ef4073e66799d895c96bcb9c6cc4f590586aab72a809209c852fd80cc740b67
SHA512

f8f6b75e7f36566701fb6f3a911e2487d942435c61f3df482597cc2852a2bd33aeaee397a399b7554028979f171b062cb345c76535b75220520f7e770ce4a11d
SSDEEP

3072:ZSJKKlLsQ15f1EkdHHO4eGdeu3amfNa4iPxh+uIiDnEcHrS6sAPf7UcwxN3:ZqvDf1ddnaGd6m9qDnVHdPf7U/N3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26082891ed6bed1795ae881e4770da7a_JaffaCakes118

Files

26082891ed6bed1795ae881e4770da7a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ce0b23e8e4c8b1023035a7f76db43253

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

glRasterPos4sv
glNormal3bv
glDepthRange
glRectdv
glTexCoord3sv
glPushClientAttrib
glVertex2dv
glTexGeni
GlmfEndGlsBlock
glTexCoord2fv
glGetPixelMapfv
glTexCoord2iv
glRasterPos3sv
glTexCoord3s
glPixelZoom
glVertex4d
glColor4fv
glVertex3d
glRasterPos2i
glTexCoord1f
glEnable
glNormal3fv
glIndexMask
wglChoosePixelFormat
glColorPointer
glColor4ub
glColor3ui
glPolygonMode
glRotatef

expsrv

__vbaVarIndexLoadRef
CopyRecord
__vbaR8Cy
__vbaSetSystemError
__vbaFpR4
rtcFixVar
__vbaCyFix
rtcInputCountVar
PutMemStr
rtcKillFiles
__vbaStrBool
rtBstrFromErrVar
rtcRemoveDir
VarPtr
rtcHexBstrFromVar
_CItan
__vbaCyErrVar
rtcInputCharCountVar
rtcInStrRev
__vbaUI1Cy
__vbaVargParmRef
__vbaAryConstruct
__vbaUI1Sgn

msvcirt

?out_waiting@streambuf@@QBEHXZ
?getint@istream@@AAEHPAD@Z
??_Gfilebuf@@UAEPAXI@Z
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
??5istream@@QAEAAV0@AAF@Z
?get@istream@@QAEAAV1@AAC@Z
??_7strstreambuf@@6B@
??4strstreambuf@@QAEAAV0@ABV0@@Z
??4streambuf@@QAEAAV0@ABV0@@Z
?underflow@strstreambuf@@UAEHXZ
??5istream@@QAEAAV0@AAO@Z
?fill@ios@@QBEDXZ
??0exception@@QAE@ABQBD@Z
?tellp@ostream@@QAEJXZ
??0istream@@IAE@ABV0@@Z
??_Gfstream@@UAEPAXI@Z
?rdbuf@ofstream@@QBEPAVfilebuf@@XZ
??0exception@@QAE@XZ
??_Gistream_withassign@@UAEPAXI@Z
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
??_7logic_error@@6B@
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
?precision@ios@@QBEHXZ
?stossc@streambuf@@QAEXXZ
??_8stdiostream@@7Bistream@@@
??_8istream_withassign@@7B@
?sync@istream@@QAEHXZ
?precision@ios@@QAEHH@Z
?open@fstream@@QAEXPBDHH@Z
?sputc@streambuf@@QAEHH@Z
?eatwhite@istream@@QAEXXZ
??_Efilebuf@@UAEPAXI@Z

msvcrt20

_safe_fdivr
??_Eostrstream@@UAEPAXI@Z
?basefield@ios@@2JB
getenv
_spawnvpe
_getw
setlocale
_fpieee_flt
isupper
_wcsicoll
_kbhit
??0filebuf@@QAE@HPADH@Z
_fputwchar
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
_wexecl
_mbbtombc
_mbsncpy
??0ofstream@@QAE@XZ
_isnan
raise
?overflow@filebuf@@UAEHH@Z
_putws
?close@ifstream@@QAEXXZ
wcsncmp
sscanf
_mbschr
wcsxfrm
?open@ifstream@@QAEXPBDHH@Z
_adj_fdiv_r
ungetc
_osver

ntdll

NtWriteFile
NtReplyWaitReceivePort
ZwCreateFile
__toascii
NtQueryDefaultLocale
wcstol
NtCloseObjectAuditAlarm
ZwQueryMutant
LdrHotPatchRoutine
NtSaveKey
isgraph
NtImpersonateClientOfPort
RtlInitializeBitMap
RtlMultiAppendUnicodeStringBuffer
_CIpow
_wtol
RtlDnsHostNameToComputerName
vDbgPrintExWithPrefix
labs
NtCreateWaitablePort
ZwSetIntervalProfile
ZwDeleteObjectAuditAlarm
ZwPrivilegeObjectAuditAlarm
RtlUnlockMemoryStreamRegion
RtlFindMessage
RtlSubAuthorityCountSid
NtDuplicateToken
RtlUnicodeStringToOemString
RtlEnableEarlyCriticalSectionEventCreation
RtlFirstEntrySList
_CIsqrt
RtlResetRtlTranslations
RtlSetInformationAcl
_strnicmp
RtlAddAccessDeniedObjectAce

mtxclu

MtxCluSetSecurityRegValue
MtxCluIsNetworkNameInLocalClusterW
MtxCluIsSameClusterW
MtxCluIsClusterPresent
MtxCluIsSameNodeW
MtxCluGetDTCStatusW
MtxCluBringOnlineDTCW
MtxCluTakeOfflineDTCW
MtxCluGetComputerNameW
MtxCluGetSecurityRegValue
MtxCluIsClusterPresentExW
MtxCluGetDTCVirtualServerNameW
Startup

shlwapi

StrNCatW
PathCanonicalizeA
PathUnquoteSpacesA
wvnsprintfA
SHCreateStreamOnFileA
PathRenameExtensionW
UrlIsOpaqueA
UrlGetPartA
PathCreateFromUrlW
SHEnumValueW
SHAllocShared
StrStrIA
PathRemoveBlanksW
PathMakePrettyW
PathIsDirectoryW
SHRegDuplicateHKey
SHRegOpenUSKeyA
PathIsFileSpecW
PathSkipRootW
StrToIntW
SHRegGetPathW
UrlCanonicalizeW
StrFormatByteSize64A
PathGetArgsW
PathIsURLA

compstui

CommonPropertySheetUIA
GetCPSUIUserData
SetCPSUIUserData
CommonPropertySheetUIW

msvcrt40

??1stdiostream@@UAE@XZ
?gcount@istream@@QBEHXZ
_rotr
_flushall
strspn
??1logic_error@@UAE@XZ
_wutime
_logb
?sync@stdiobuf@@UAEHXZ
_mtlock
?ws@@YAAAVistream@@AAV1@@Z
?allocate@streambuf@@IAEHXZ
?sunk_with_stdio@ios@@0HA
??0istrstream@@QAE@ABV0@@Z
srand
??_Gistream@@UAEPAXI@Z
_wstati64
_strerror
_copysign
clock
__threadhandle
memcmp
??1ostream@@UAE@XZ
__p__timezone
_seterrormode
?setb@streambuf@@IAEXPAD0H@Z
?attach@ofstream@@QAEXH@Z
_waccess
fgets
_fpclass
??_7bad_cast@@6B@
?tie@ios@@QAEPAVostream@@PAV2@@Z
??6ostream@@QAEAAV0@O@Z
_wopen
_fputwchar
__p__daylight
??0logic_error@@QAE@ABQBD@Z
?underflow@stdiobuf@@UAEHXZ
?raw_name@type_info@@QBEPBDXZ
_ismbbprint
_wspawnlpe
isprint

vssapi

?Uninitialize@CVssJetWriter@@QAGXXZ
??0CVssJetWriter@@QAE@XZ
IsVolumeSnapshotted
?GetCurrentVolumeArray@CVssWriter@@IBGPAPBGXZ
?OnVSSShutdown@CVssWriter@@UAG_NXZ
?OnPrepareBackup@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnPreRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareBackupBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnAbortBegin@CVssJetWriter@@UAGXXZ
?OnPrepareSnapshotEnd@CVssJetWriter@@UAG_N_N@Z
?OnBackOffIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?AreComponentsSelected@CVssWriter@@IBG_NXZ
?SetWriterFailure@CVssWriter@@IAGJJ@Z
?OnThawBegin@CVssJetWriter@@UAG_NXZ
VssFreeSnapshotProperties
?GetBackupType@CVssWriter@@IBG?AW4_VSS_BACKUP_TYPE@@XZ
?OnPostSnapshot@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnFreezeEnd@CVssJetWriter@@UAG_N_N@Z
?CreateVssExamineWriterMetadata@@YGJPAGPAPAVIVssExamineWriterMetadata@@@Z
?OnPostSnapshot@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnBackupCompleteEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnPreRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?GetCurrentVolumeCount@CVssWriter@@IBGIXZ
?OnPrepareBackupEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?IsPathAffected@CVssWriter@@IBG_NPBG@Z
?OnBackupCompleteBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?IsPartialFileSupportEnabled@CVssWriter@@IBG_NXZ
?OnPostRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareSnapshotBegin@CVssJetWriter@@UAG_NXZ
?OnPreRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnVSSApplicationStartup@CVssWriter@@UAG_NXZ
?OnPostRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
??1CVssJetWriter@@UAE@XZ

oleacc

DllUnregisterServer
AccessibleObjectFromEvent
ObjectFromLresult
LresultFromObject
CreateStdAccessibleObject
GetStateTextA
DllRegisterServer
AccessibleObjectFromPoint
GetRoleTextW
LIBID_Accessibility
DllGetClassObject
WindowFromAccessibleObject
IID_IAccessible
CreateStdAccessibleProxyA
GetRoleTextA
AccessibleChildren
GetOleaccVersionInfo
GetStateTextW
AccessibleObjectFromWindow
IID_IAccessibleHandler
CreateStdAccessibleProxyW
DllCanUnloadNow

kernel32

SetConsoleNlsMode
GetExitCodeThread
GetConsoleCursorMode
VirtualAlloc
LZOpenFileW
GetConsoleKeyboardLayoutNameW
GetDiskFreeSpaceW
ReadConsoleOutputA
CancelIo
AddLocalAlternateComputerNameA
GetSystemWow64DirectoryW
UnmapViewOfFile
SetComputerNameW
WriteTapemark
FindCloseChangeNotification
MulDiv
EnumCalendarInfoExW
IsDBCSLeadByteEx
UnhandledExceptionFilter
VerSetConditionMask
SetUserGeoID
SetFirmwareEnvironmentVariableW
GetConsoleCommandHistoryLengthA
DeleteCriticalSection
TransactNamedPipe
GetConsoleHardwareState
Sleep
SetConsoleDisplayMode

msdtcprx

DTC_XaPrepare
DllUnregisterServer
DllGetClassObject
ShutDownCM
ContactToNameObject
?CreateInstance@CTmProxyCore@@SGJPAPAV1@PAUIUnknown@@@Z
DllGetDTCConnectionManager
DTC_XaOpen
DTC_XaRollback
DllGetDTCUtilObject
?Create@CNameService@@SGJPAPAV1@@Z
DTC_XaRecover
DTC_XaClose
DTC_XaCommit
DllRegisterServer
?RemoveDtc@@YGJPAG00@Z
?InstallDtcClient@@YGJPAGKK@Z
DTC_XaComplete
DllGetDTCProxy
DTC_XaForget
DTC_XaStart
DllGetTransactionManagerCore
DTC_XaEnd
?GetDtcLogPath@@YGHKPAG@Z

rastapi

PortSetInfo
PortOpen
PortGetPortState
GetZeroDeviceInfo
PortReceiveComplete
PortChangeCallback
SetCommSettings
DeviceSetInfo
PortClose
DeviceWork
DeviceGetDevConfig
EnableDeviceForDialIn
RastapiSetCalledID
DeviceConnect
RemovePort
DeviceDone
GetConnectInfo
RastapiGetCalledID
PortInit
DeviceGetInfo
DeviceListen
PortSetIoCompletionPort
PortGetIOHandle
DeviceGetDevConfigEx
PortTestSignalState
PortCompressionSetInfo
PortClearStatistics
PortGetStatistics
PortDisconnect
UnloadRastapiDll
DeviceEnum
DeviceSetDevConfig
PortSend
PortReceive
AddPorts
PortSetFraming
PortGetInfo
PortEnum
PortConnect

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ce0b23e8e4c8b1023035a7f76db43253

Headers

DLL Characteristics

File Characteristics

Imports

opengl32

expsrv

msvcirt

msvcrt20

ntdll

mtxclu

shlwapi

compstui

msvcrt40

vssapi

oleacc

kernel32

msdtcprx

rastapi

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 28KB - Virtual size: 29KB

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 28KB - Virtual size: 29KB