2e3761f2523769ddb9203c432a0243d8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e3761f2523769ddb9203c432a0243d8_JaffaCakes118
Size

30KB
MD5

2e3761f2523769ddb9203c432a0243d8
SHA1

d1eaf47990e2bc4e49c9fc46d5b067d3cff7401e
SHA256

79df420a44318318f778df9e9da694c9c7443f4ca4d94f709629ba7462a62c16
SHA512

6c2b0a78abae50a4a4ffbe13d2912f7187ec2b996b575ee9233c7104462957098de2d7da944223e9cf73b84fdc403813e813600d19bfc860a5787752b3b8bccb
SSDEEP

384:B606I3p5cxZDjzjLKljPsjL18Aftl8hKyZd9PD/H3UYO039m5EAiB3PIW:o9RxBve1EiylEZdJTEYd39m53ilPT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e3761f2523769ddb9203c432a0243d8_JaffaCakes118

Files

2e3761f2523769ddb9203c432a0243d8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0a7fdd1d1412129060c61e7d641ce44f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DispatchMessageW
DdeUninitialize
LoadImageW
GetCapture
GetSysColorBrush
SetScrollPos
UnlockWindowStation
MenuItemFromPoint
MonitorFromPoint
CharPrevW
FlashWindow
PaintDesktop
UnhookWindowsHookEx
PrivateExtractIconsA
TranslateMessageEx
IsIconic
SetTimer
GetUpdateRect
DeviceEventWorker
RegisterHotKey
GetCursorPos
DestroyMenu
GetMenuDefaultItem
PrivateExtractIconsW
GetKeyboardLayoutNameA
EnumThreadWindows
IsWindowUnicode
GetMenuItemInfoW
MoveWindow
DefRawInputProc
SendIMEMessageExA
RegisterLogonProcess
FreeDDElParam
CreateCursor
SetDebugErrorLevel
EnableWindow
LoadMenuA
SetClassLongW
CharNextA
OpenWindowStationA
GetWindowLongW
GetOpenClipboardWindow
ChangeDisplaySettingsExA

userenv

RegisterGPNotification
DllCanUnloadNow
ProcessGroupPolicyCompleted
GetAppliedGPOListA
DllGetClassObject
DestroyEnvironmentBlock
WaitForUserPolicyForegroundProcessing
GetUserProfileDirectoryA
GetUserProfileDirectoryW
ForceSyncFgPolicy
ExpandEnvironmentStringsForUserA
ProcessGroupPolicyCompletedEx
WaitForMachinePolicyForegroundProcessing
DllUnregisterServer
ExpandEnvironmentStringsForUserW
GetAllUsersProfileDirectoryW
FreeGPOListW
UnregisterGPNotification
CreateEnvironmentBlock
GetAllUsersProfileDirectoryA
GetProfileType
GetProfilesDirectoryA
RefreshPolicy
GetDefaultUserProfileDirectoryA
LoadUserProfileA
GetPreviousFgPolicyRefreshInfo
RsopFileAccessCheck
RsopLoggingEnabled
GetNextFgPolicyRefreshInfo
EnterCriticalPolicySection
UnloadUserProfile
GetDefaultUserProfileDirectoryW
RsopResetPolicySettingStatus
DllRegisterServer
LoadUserProfileW
GetAppliedGPOListW
RefreshPolicyEx

netapi32

DsGetSiteNameA
I_NetLogonSamLogonWithFlags
NetWkstaUserSetInfo
NetGetJoinInformation
NetDfsRemoveFtRootForced
NetShareSetInfo
NetLocalGroupAddMembers
NetServerDiskEnum
NetpGetConfigValue
I_NetServerPasswordSet2
NetDfsManagerInitialize
NetDfsRemove
NetShareAdd
I_NetAccountSync
NetDfsSetInfo
NetReplExportDirAdd
I_NetDfsIsThisADomainName
NetJoinDomain
DsRoleGetDatabaseFacts
I_NetDatabaseSync2
NetUserAdd
NetDfsMove
NetReplExportDirEnum
I_NetLogonSamLogon
NetDfsRemoveStdRoot
I_NetLogonControl2
NetpwNameValidate
RxNetAccessGetInfo
NetServerTransportEnum
NetMessageNameGetInfo
NetScheduleJobAdd
NetUserGetInfo

gdi32

PlayMetaFileRecord
Chord
GdiGetPageCount
GetPixel
GdiEntry2
XLATEOBJ_piVector
EnumFontFamiliesExW
GdiEntry1
CreateEllipticRgnIndirect
AbortDoc
RectVisible
PATHOBJ_vEnumStartClipLines
GdiStartPageEMF
SetVirtualResolution
GetBitmapDimensionEx
Ellipse
PATHOBJ_vEnumStart
UpdateICMRegKeyW
SetMetaFileBitsEx
EqualRgn
GetAspectRatioFilterEx
PolyPatBlt
GdiPlayPrivatePageEMF
GetTextExtentPointA
GdiArtificialDecrementDriver
PolyTextOutA
GetRelAbs
GetEnhMetaFileBits
MoveToEx
CreateCompatibleDC
GetViewportExtEx
GetCharABCWidthsFloatA
DdEntry16
DdEntry11
XLATEOBJ_hGetColorTransform
DdEntry28
CreateICW

usp10

UspFreeMem
ScriptStringXtoCP
ScriptRecordDigitSubstitution
ScriptStringFree
ScriptCacheGetHeight
ScriptGetLogicalWidths
ScriptStringCPtoX
ScriptString_pSize
ScriptCPtoX
ScriptGetGlyphABCWidth
ScriptJustify
ScriptShape
ScriptBreak
ScriptIsComplex
UspAllocCache
ScriptXtoCP
ScriptPlace
ScriptStringOut
ScriptStringGetLogicalWidths
ScriptGetFontProperties
UspAllocTemp
ScriptLayout
ScriptGetCMap
ScriptApplyDigitSubstitution

opengl32

glEvalPoint1
wglUseFontOutlinesA
glIndexdv
glVertex2i
glColor3ui
glRasterPos2i
glTexCoord3iv
wglGetCurrentDC
glIndexsv
glNormal3d
glPushClientAttrib
glPopAttrib
glIndexPointer
glBindTexture
glDeleteTextures
glVertex3i
glColor4bv
glRasterPos3s
glScaled
glTexCoord3fv
glTexCoord3f
glFogi
glTexEnvfv
glTexGeniv
glTexGend
glColor3iv
glPrioritizeTextures
glColor4ub
glRectf
glLineWidth
glCullFace
glLoadName
glGetTexEnviv
glRectiv
glTexCoord2sv
glEdgeFlagPointer

ntdll

NtResetWriteWatch
ZwTerminateJobObject
ZwQueryQuotaInformationFile
ZwResetWriteWatch
NtCreateEventPair
NtSaveKeyEx
NtDisplayString
RtlFreeHeap
NtRestoreKey
RtlIpv4StringToAddressW
ZwYieldExecution
RtlxAnsiStringToUnicodeSize
NtCreateNamedPipeFile
NtAccessCheckByTypeAndAuditAlarm
LdrVerifyImageMatchesChecksum
NtIsSystemResumeAutomatic
RtlUlongByteSwap
RtlUshortByteSwap
RtlIsDosDeviceName_U
NtCreatePort
RtlLargeIntegerAdd
NtRequestWaitReplyPort
RtlGetLongestNtPathLength
RtlEnlargedUnsignedDivide
ZwSetEvent
NtTestAlert
NtTranslateFilePath
ZwRemoveProcessDebug
ZwQueryFullAttributesFile
NtQueryQuotaInformationFile
ZwLockFile
ZwOpenJobObject
NtSignalAndWaitForSingleObject
RtlQueryProcessBackTraceInformation
NtCreateProfile
RtlDebugPrintTimes
ZwSetSystemTime
RtlTraceDatabaseUnlock

msvcirt

?fd@ifstream@@QBEHXZ
?attach@ofstream@@QAEXH@Z
??_Dostream_withassign@@QAEXXZ
??_7strstreambuf@@6B@
??_Efstream@@UAEPAXI@Z
?lock@ios@@QAAXXZ
?sh_none@filebuf@@2HB
?endl@@YAAAVostream@@AAV1@@Z
??5istream@@QAEAAV0@AAD@Z
?is_open@fstream@@QBEHXZ
?out_waiting@streambuf@@QBEHXZ
?osfx@ostream@@QAEXXZ
?xsputn@streambuf@@UAEHPBDH@Z
??4iostream@@IAEAAV0@AAV0@@Z
??_8istrstream@@7B@
?setg@streambuf@@IAEXPAD00@Z
?fd@fstream@@QBEHXZ
?sbumpc@streambuf@@QAEHXZ
??4logic_error@@QAEAAV0@ABV0@@Z
??_7ofstream@@6B@
?fail@ios@@QBEHXZ
??0strstreambuf@@QAE@PADH0@Z
??_Gstdiostream@@UAEPAXI@Z
??0stdiostream@@QAE@ABV0@@Z
?sync@stdiobuf@@UAEHXZ
??0ostream_withassign@@QAE@ABV0@@Z
?get@istream@@QAEAAV1@PADHD@Z
?eback@streambuf@@IBEPADXZ
?get@istream@@QAEAAV1@AAC@Z
??0fstream@@QAE@PBDHH@Z
??4fstream@@QAEAAV0@AAV0@@Z
??_Dostrstream@@QAEXXZ
??0stdiobuf@@QAE@PAU_iobuf@@@Z
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
??0istream@@IAE@ABV0@@Z

cmutil

CmParsePathW
?LoadSection@CIniW@@QBEPAGPBG@Z
?GPPS@CIniW@@QBEPAGPBG00@Z
SzToWzWithAlloc
?GetRegPath@CIniA@@QBEPBDXZ
??0CIniA@@QAE@PAUHINSTANCE__@@PBD111@Z
CmStrtokW
?Log@CmLogFile@@QAAXW4_CMLOG_ITEM@@ZZ
IsLogonAsSystem
?CIniW_DeleteEntryFromReg@CIniW@@IBEHPAUHKEY__@@PBG1@Z
?Generate@CRandom@@QAEHXZ
CmLoadSmallIconA
CmStrrchrA
?SetICSDataPath@CIniA@@QAEXPBD@Z
CmStrStrA
?CIni_SetFile@CIniW@@KGXPAPAGPBG@Z
CmBuildFullPathFromRelativeA
?Stop@CmLogFile@@QAEJXZ
?SetICSDataPath@CIniW@@QAEXPBG@Z
?WPPI@CIniW@@QAEXPBG0K@Z
?GetPrimaryRegPath@CIniW@@QBEPBGXZ
?GetPrimaryFile@CIniA@@QBEPBDXZ
?IsEnabled@CmLogFile@@QAEHXZ
?SetPrimaryRegPath@CIniA@@QAEXPBD@Z
?Clear@CmLogFile@@QAEXH@Z
CmBuildFullPathFromRelativeW
??_FCIniA@@QAEXXZ
CmStrStrW
?CloseFile@CmLogFile@@AAEJXZ
CmLoadStringW
?GPPB@CIniA@@QBEHPBD0H@Z
?WPPB@CIniA@@QAEXPBD0H@Z
?CIniA_GetEntryFromReg@CIniA@@IBEPAEPAUHKEY__@@PBD1KK@Z
CmStrchrA
?GPPS@CIniA@@QBEPADPBD00@Z
?GetFile@CIniW@@QBEPBGXZ
?Banner@CmLogFile@@QAEXXZ
??1CIniA@@QAE@XZ
?Clear@CIniA@@QAEXXZ
GetOSVersion
?CIniW_WriteEntryToReg@CIniW@@IBEHPAUHKEY__@@PBG1PBEKK@Z

kernel32

ReadConsoleA
CreateSemaphoreA
MapUserPhysicalPages
GetConsoleHardwareState
ReadConsoleOutputAttribute
WaitCommEvent
GetCurrencyFormatW
_lcreat
EnumSystemCodePagesA
SetConsoleInputExeNameW
SetConsoleScreenBufferSize
OpenSemaphoreA
EnumSystemGeoID
ReadConsoleInputExW
WritePrivateProfileStructA
GetSystemDirectoryW
FatalAppExitA
UnregisterWaitEx
ConvertThreadToFiber
LocalHandle
WriteConsoleInputW
GlobalUnWire
SetLastConsoleEventActive
GetSystemDefaultLangID
EnumResourceNamesW
GetTickCount
GetCurrentDirectoryW
GetExitCodeThread
EnumerateLocalComputerNamesW
GetThreadLocale
Thread32Next
IsValidLanguageGroup
Heap32Next
GetModuleFileNameW
GetConsoleAliasExesW
GetVolumeNameForVolumeMountPointA
CreateNamedPipeA
AddVectoredExceptionHandler
VirtualAllocEx
lstrcmpA
InvalidateConsoleDIBits
CreateEventA
GetBinaryTypeW
SetConsoleMode
SuspendThread
EnumCalendarInfoA
DebugBreak
SearchPathA
GetCurrentProcess
GetSystemTimeAdjustment
SetSystemTimeAdjustment
Module32Next
IsBadWritePtr
SetTimerQueueTimer
GetConsoleInputExeNameW
EnumSystemLocalesW
SetCommConfig
LockResource
VirtualAlloc

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a7fdd1d1412129060c61e7d641ce44f

Headers

DLL Characteristics

File Characteristics

Imports

user32

userenv

netapi32

gdi32

usp10

opengl32

ntdll

msvcirt

cmutil

kernel32

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 956B

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 956B