272e3b5ebca61c82185fcda799b16347_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

272e3b5ebca61c82185fcda799b16347_JaffaCakes118
Size

876KB
MD5

272e3b5ebca61c82185fcda799b16347
SHA1

0303cc9d680a402f29ec16ccf7baff24df791e69
SHA256

963631a19fad09827647e889ab89ce64de7d082348a7411537d52918d7697128
SHA512

9a6d4c40a7e4cd0e62908ecae1a5a422febd44cc7b50058132974109059eaa575afdaffb254bcc74d16523e2132c9a7813533cce0f34c5d47e454879f7993c97
SSDEEP

24576:j57mSsybibXDvbKtSKzg4Tisw1zgch/dZ79:F+ybibXyQKzg4Tistcz9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
272e3b5ebca61c82185fcda799b16347_JaffaCakes118

Files

272e3b5ebca61c82185fcda799b16347_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a30c5877e9cdc94a7415dbb9f1d66751

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wintrust

SoftpubDefCertInit
CryptCATAdminPauseServiceForBackup
WVTAsn1SpcSpOpusInfoDecode
WVTAsn1CatNameValueEncode
FindCertsByIssuer
SoftpubLoadMessage
CryptCATAdminAcquireContext
mssip32DllUnregisterServer
mscat32DllUnregisterServer
SoftpubCheckCert
CryptCATAdminEnumCatalogFromHash
WintrustGetRegPolicyFlags
WTHelperProvDataFromStateData
CryptCATAdminReleaseCatalogContext
WinVerifyTrustEx
CryptCATAdminAddCatalog
SoftpubInitialize
CryptCATCDFClose
SoftpubLoadDefUsageCallData
TrustIsCertificateSelfSigned
WVTAsn1CatMemberInfoEncode
CryptCATStoreFromHandle
CryptCATHandleFromStore
WTHelperCheckCertUsage
CryptCATAdminResolveCatalogPath
WinVerifyTrust
WVTAsn1SpcPeImageDataEncode
WTHelperGetAgencyInfo
WVTAsn1SpcFinancialCriteriaInfoEncode
CryptCATPersistStore
mssip32DllRegisterServer
CryptSIPGetRegWorkingFlags
DriverFinalPolicy
WVTAsn1SpcStatementTypeDecode
TrustFindIssuerCertificate
TrustDecode
HTTPSFinalProv
WVTAsn1CatMemberInfoDecode
CryptCATCatalogInfoFromContext
WTHelperGetProvSignerFromChain
IsCatalogFile
OpenPersonalTrustDBDialogEx
CryptCATCDFEnumCatAttributes

msvcrt

__set_app_type
_locking
_ui64toa
vswprintf
??0bad_cast@@QAE@PBD@Z
_setmbcp
_aligned_realloc
_read
_telli64
fgetpos
abort
_environ
_setjmp
_mbcasemap
_fileinfo
mktime
_wsearchenv
_ismbclower
_wcsicoll
_snprintf
_putwch
_strrev
fputc
_getwche
__p__acmdln
exit
_inpw
__getmainargs
_strdate
_Strftime
_aexit_rtn
wcsncat
_lsearch
__p__commode
_strtime
signal
_spawnlp
_tempnam
_strlwr
_control87
__p___winitenv

wininet

DeleteUrlCacheEntryA
UnlockUrlCacheEntryFileW
InternetCloseHandle
RetrieveUrlCacheEntryFileA
GopherFindFirstFileW
IsHostInProxyBypassList
SetUrlCacheEntryInfoW
CreateUrlCacheGroup
RunOnceUrlCache
InternetSetOptionExW
IncrementUrlCacheHeaderData
GetUrlCacheHeaderData
InternetSetCookieW
HttpSendRequestA
HttpSendRequestW
InternetGetCookieExW
SetUrlCacheGroupAttributeA
ReadUrlCacheEntryStream
RegisterUrlCacheNotification
FtpPutFileA
InternetGetConnectedStateExW
InternetOpenW
GetUrlCacheEntryInfoW
InternetSecurityProtocolToStringW
InternetCanonicalizeUrlW
GetUrlCacheConfigInfoW
InternetGetCookieA
InternetShowSecurityInfoByURL
CreateMD5SSOHash
FtpSetCurrentDirectoryA
InternetConnectA
ForceNexusLookup
FindNextUrlCacheEntryExA
InternetGetConnectedStateExA
FindFirstUrlCacheContainerA

kernel32

GetFileTime
FormatMessageA
CreateToolhelp32Snapshot
CreateSemaphoreA
GetSystemDefaultLCID
VirtualAllocEx
GetConsoleCursorMode
GetEnvironmentStringsW
LoadLibraryA
WriteConsoleOutputCharacterW
EnumLanguageGroupLocalesA
FreeConsole
GetNumaAvailableMemoryNode
GetNumaProcessorNode
WritePrivateProfileSectionW
GetProcAddress
AddRefActCtx
FindActCtxSectionStringW
GetNumberFormatA
OpenWaitableTimerA
GetProcessAffinityMask
SetTapeParameters
DnsHostnameToComputerNameW
WriteConsoleInputA
DeleteFileW
AttachConsole
SetConsoleTitleW
GetOEMCP
ReadConsoleInputW
AddAtomA
RegisterWowExec
GetModuleHandleExA
SetProcessAffinityMask
CreateJobObjectA
GlobalGetAtomNameW
GetSystemWindowsDirectoryA
TryEnterCriticalSection
GetPrivateProfileStringA
CreateMailslotW
DuplicateHandle
FillConsoleOutputCharacterW
SetInformationJobObject
ScrollConsoleScreenBufferW
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
GetExitCodeThread
ResumeThread
WaitNamedPipeA
FindNextFileW
SwitchToFiber
GetStartupInfoW
LockFileEx
QueryActCtxW
CopyLZFile
LocalShrink
ClearCommBreak
SetTermsrvAppInstallMode
SetFileApisToOEM
FreeUserPhysicalPages
CreateWaitableTimerW
GetVolumeInformationW
RequestDeviceWakeup
HeapSetInformation
GetCalendarInfoW
lstrcpyA
FreeResource
SetLocalPrimaryComputerNameA
LCMapStringW
SetCalendarInfoW
GetSystemDirectoryW
FindFirstFileA
GetModuleHandleExW
GetLastError
ReadConsoleInputA
SetUnhandledExceptionFilter
SetConsoleMaximumWindowSize
HeapCompact
ReleaseActCtx
GetSystemWow64DirectoryA
VirtualAlloc
Heap32ListFirst
GetSystemTimeAdjustment
GetConsoleKeyboardLayoutNameW
EnumSystemLanguageGroupsA
CompareStringW
GetConsoleCommandHistoryA
SetMessageWaitingIndicator
HeapWalk
WriteProfileStringW
LZClose

crtdll

tmpnam
remove
_errno
_popen
_getdiskfree
_environ_dll
log10
frexp
_CIexp
wcstombs
_lrotr
_swab
_fileinfo_dll
_cscanf
wcsncmp
_spawnv
_ismbchira
_exit
sin
_findnext
_ltoa
_purecall
_CIasin
strcmp
raise
cosh

rtutils

RouterLogEventA
TracePutsExW
RouterGetErrorStringA
RouterLogDeregisterW
TraceDumpExA
RouterLogEventExW
TracePrintfA
RouterLogEventStringA
RouterLogEventDataW
TraceRegisterExW
RouterLogRegisterW
TraceDumpExW
RouterLogEventStringW
RouterLogEventValistExW
LogEventW
RouterLogRegisterA
TraceDeregisterExW
RouterAssert
TraceVprintfExA
LogErrorA
LogErrorW
TracePutsExA
TracePrintfW
RouterGetErrorStringW
RouterLogDeregisterA
RouterLogEventDataA
TraceGetConsoleW
MprSetupProtocolFree
TraceDeregisterW
TracePrintfExW
TraceGetConsoleA
TraceVprintfExW

ntdll

ZwCreateIoCompletion
RtlNumberGenericTableElementsAvl
ZwRenameKey
RtlProtectHeap
NtDuplicateToken
ZwPowerInformation
ZwCreateDebugObject
NtResetWriteWatch
ZwSetSystemEnvironmentValueEx
NtPrivilegeObjectAuditAlarm
RtlUnwind
RtlInitializeBitMap
strstr
ZwUnlockVirtualMemory
RtlValidateProcessHeaps
RtlSplay
RtlDestroyEnvironment
RtlValidAcl
ZwOpenObjectAuditAlarm
_snwprintf
NtDebugContinue
RtlOemStringToUnicodeSize
NtReleaseMutant
ZwFindAtom
RtlConvertToAutoInheritSecurityObject
NtAllocateUuids
_itow
RtlIsDosDeviceName_U
atan
RtlCaptureContext
RtlxUnicodeStringToOemSize

esent

JetBackup
JetRetrieveColumn@32
JetCreateTable
JetTerm@4
JetDupSession
JetDefragment2
JetStopBackup
JetSetCurrentIndex3
JetRenameTable
JetGetLogInfoInstance2
JetCloseFile
JetSetCurrentIndex4
JetGetRecordPosition
JetGetCurrentIndex
JetInit2
JetRegisterCallback
JetDetachDatabase2
JetGetTableIndexInfo
JetGetTableColumnInfo
JetEndSession@8
JetReadFile
JetDefragment
JetUnregisterCallback
JetGetCounter
JetGetLogInfoInstance
JetCreateInstance2
JetGetLogInfo
JetDetachDatabase
JetEnumerateColumns
JetSeek
JetResetSessionContext
JetSetColumn@28
JetSetTableSequential
JetGotoBookmark
JetGrowDatabase
JetGetTruncateLogInfoInstance

query

?Marshall@CDbColId@@QBEXAAVPSerStream@@@Z
?ReadProperty@CPropertyStore@@QAEHAAVCPropRecordNoLock@@KPAUtagPROPVARIANT@@PAI@Z
?GetEntryBuffer@CGenericCiProxy@@QAEPAEAAK@Z
?AddError@CEventItem@@QAEXK@Z
?fgetsw@CFileBuffer@@QAEKAAV?$XGrowable@G$0BAE@@@@Z
?SetDWORDParam@CCatalogAdmin@@QAEXPBGK@Z
?SetMappedCacheSize@CPropStoreManager@@QAEXKK@Z
??1COccRestriction@@QAE@XZ
?Next@CCombinedPropertyList@@UAEPBVCPropEntry@@XZ
??0CFullPropSpec@@QAE@ABV0@@Z
?Marshall@CDbParameter@@QBEXAAVPSerStream@@@Z
?SetValue@CPropertyRestriction@@QAEXPAU_GUID@@@Z
?QueryPidLookupTable@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
?AddKey@CSynRestriction@@QAEXABVCKeyBuf@@@Z
?SetProperty@CDbColId@@QAEHPBG@Z
?ReadPrimaryProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@@Z
?GetSortProp@CCatState@@QBEXIPAPBGPAW4SORTDIR@@@Z
?Marshall@CRestriction@@QBEXAAVPSerStream@@@Z
?WriteProperty@CPropStoreManager@@QAEJAAVCCompositePropRecordForWrites@@KABVCStorageVariant@@@Z
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KPAUtagPROPVARIANT@@PAI@Z
?AddToWorkQueue@CFwAsyncWorkItem@@QAEXXZ
?Skip@CEnumString@@UAGJK@Z
??8CDbColId@@QBEHABV0@@Z
SvcEntry_CiSvc
?Write@CRcovStrmTrans@@IAEXPBXK@Z
?QueryInterface@CEmptyPropertyList@@UAGJABU_GUID@@PAPAX@Z
?GetProperties@CDbProperties@@UAGJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPSET@@@Z

msls31

LssbGetNumberDnodesInSubline
LsdnModifyParaEnding
LsdnFinishRegularAddAdvancePen
LsQueryLineDup
LssbGetDurTrailWithPensInSubline
LsFindNextBreakSubline
LssbFDonePresSubline
LsPointXYFromPointUV
LsdnSubmitSublines
LsdnQueryPenNode
LsQueryLinePointPcp
LsDisplayLine
LsSetModWidthPairs
LsModifyLineHeight
LssbFDoneDisplay
LsdnResolvePrevTab
LssbFIsSublineEmpty
LssbGetDupSubline
LsSetCompression
LssbGetPlsrunsFromSubline
LsFetchAppendToCurrentSubline
LsFinishCurrentSubline
LsSetDoc
LsSetBreakSubline
LsdnGetFormatDepth
LsCompressSubline
LsdnFinishRegular
LsEnumSubline
LsSetBreaking
LsQueryPointPcpSubline
LsGetSpecialEffectsSubline
LsFindPrevBreakSubline
LsdnFinishBySubline
LsPointUV2FromPointUV1
LsGetRubyLsimethods
LsEnumLine
LsdnFinishByPen
LsCreateSubline
LsGetReverseLsimethods
LsdnSetRigidDup
LsSqueezeSubline
LsDisplaySubline
LsdnFinishDeleteAll

user32

EndDialog

Sections

.text
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a30c5877e9cdc94a7415dbb9f1d66751

Headers

DLL Characteristics

File Characteristics

Imports

wintrust

msvcrt

wininet

kernel32

crtdll

rtutils

ntdll

esent

query

msls31

user32

Sections

.text Size: 373KB - Virtual size: 373KB

.rdata Size: 218KB - Virtual size: 218KB

.data Size: 280KB - Virtual size: 1.7MB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 373KB - Virtual size: 373KB

.rdata
Size: 218KB - Virtual size: 218KB

.data
Size: 280KB - Virtual size: 1.7MB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B