2a579ee00a37720f18784d8187a39440_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a579ee00a37720f18784d8187a39440_JaffaCakes118
Size

384KB
MD5

2a579ee00a37720f18784d8187a39440
SHA1

502ecae85ad852d21ea5dbf9727b95e5ef9392f8
SHA256

602481fcda2719ea76af7d7f80edcdbb818d8963e496d55008a22a9986a7988a
SHA512

e88ebb59440fe1f6e371fa98ae0ca4f7b17d286366a97ef61a013b4adf717d7eda93d266cb460979b5caa5b17d3a60bb826d6dd2388d4e5db6a88fefe16d9856
SSDEEP

6144:oZ8wWb9iUW7LxJMxoatxXrT8+mg3POfYttD+lTp5GTth8OXdESQmm:oZ4ZidLNIb42SYt3TtXdh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a579ee00a37720f18784d8187a39440_JaffaCakes118

Files

2a579ee00a37720f18784d8187a39440_JaffaCakes118
.exe windows:5 windows x86 arch:x86

480e9c12375c4c8cfaa91fb8c4b256cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msoert2

CreateStreamOnHFileW
HrCopyStream
HrCopyStreamToByte
strtrim
CreateTempFile
DeleteTempFileOnShutdownEx
CleanupFileNameInPlaceW
MessageBoxInstW
FIsEmptyW
CryptFreeFunc
DeleteTempFile
HrLPSZCPToBSTR
FMissingCert
HrIsStreamUnicode
MessageBoxInst
PVDecodeObject
PszSkipWhiteA
OpenFileStreamW
CreateSystemHandleName
OpenFileStreamWithFlagsW
CchFileTimeToDateTimeSz
HrIStreamToBSTR
HrStreamToByte
CreateLogFile
HrCheckTridentMenu
HrFillRasCombo
ChConvertFromHex
CchFileTimeToDateTimeW
CleanupGlobalTempFiles
PszDupA
GenerateUniqueFileName
CleanupFileNameInPlaceA
PszToUnicode
HrStreamSeekCur
PszSkipWhiteW
HrSafeGetStreamSize
IsDigit
HrGetStreamSize

kernel32

GenerateConsoleCtrlEvent
GetConsoleAliasExesLengthA
AddAtomA
IsValidCodePage
FillConsoleOutputCharacterW
LZRead
FoldStringA
CreateActCtxA
TransmitCommChar
ReleaseSemaphore
GlobalFindAtomA
BaseCleanupAppcompatCacheSupport
GetLocaleInfoA
GetDateFormatW
ActivateActCtx
GetCurrentProcessId
GetNativeSystemInfo
GetStartupInfoA
GetUserDefaultLangID
GetGeoInfoA
GetTapeStatus
SetCommState
GetOverlappedResult
GetSystemWow64DirectoryW
SetComPlusPackageInstallStatus
VirtualProtectEx
SetComputerNameA
InitializeCriticalSection
GetVersion
CreateProcessInternalW
VirtualAlloc
FatalAppExitW
GetEnvironmentStrings
GetTempFileNameW
ReadConsoleOutputAttribute
SetConsoleCtrlHandler
GetProcessHeaps
SetConsolePalette
LoadLibraryA
WriteProfileSectionA

msvcrt40

_wsetlocale
?overflow@stdiobuf@@UAEHH@Z
_mbsnbcmp
?is_open@ofstream@@QBEHXZ
_isctype
??4filebuf@@QAEAAV0@ABV0@@Z
sinh
?setb@streambuf@@IAEXPAD0H@Z
free
__p___initenv
wcscpy
??0ifstream@@QAE@H@Z
?fill@ios@@QBEDXZ
_chsize
?isfx@istream@@QAEXXZ
_set_error_mode
??6ostream@@QAEAAV0@PBX@Z
ldiv
_toupper
?gcount@istream@@QBEHXZ
??0ostrstream@@QAE@ABV0@@Z
ungetwc
wcstol
_ismbcdigit
?sh_none@filebuf@@2HB
??4logic_error@@QAEAAV0@ABV0@@Z
??0ostream_withassign@@QAE@XZ
_read
_fdopen
_cprintf
_exit
??_8istrstream@@7B@
_setsystime
?tellp@ostream@@QAEJXZ
??0iostream@@IAE@ABV0@@Z
_ismbclegal
_mkdir
??5istream@@QAEAAV0@AAM@Z
_ismbbalnum
??0ofstream@@QAE@ABV0@@Z
__fpecode
??6ostream@@QAEAAV0@O@Z
_getdrive
_setmaxstdio

polstore

IPSecUnassignPolicy
IPSecSetNegPolData
IPSecCopyNegPolData
IPSecFreePolStr
IPSecClosePolicyStore
IPSecCopyISAKMPData
IPSecDeleteISAKMPData
IPSecDeleteNegPolData
IPSecDeleteFilterData
IPSecCopyPolicyData
IPSecCreateNFAData
IPSecFreeMulNegPolData
IPSecFreeFilterData
IPSecFreeISAKMPData
IPSecEnumPolicyData
IPSecGetISAKMPData
IPSecEnumNegPolData
IPSecSetISAKMPData
IPSecAssignPolicy
IPSecFreeMulNFAData
IPSecIsDomainPolicyAssigned
IPSecAllocPolStr
IPSecCreateISAKMPData
IPSecCopyNFAData
IPSecCreatePolicyData
IPSecCreateNegPolData
IPSecDeleteNFAData
IPSecDeletePolicyData
IPSecFreeMulISAKMPData
IPSecCreateFilterData
IPSecFreeMulFilterData
IPSecFreeNFAData
IPSecOpenPolicyStore
IPSecFreeNegPolData
IPSecAllocPolMem

wsock32

AcceptEx
EnumProtocolsA
s_perror
WSAAsyncGetServByName
WSAUnhookBlockingHook
send
connect
WSAStartup
shutdown
NPLoadNameSpaces
WSACleanup
htonl
sendto
WSAAsyncGetProtoByNumber
__WSAFDIsSet
GetTypeByNameW
GetServiceA
GetAddressByNameA
GetNameByTypeW
gethostbyaddr
ntohs
getservbyname
WSAGetLastError
SetServiceA
MigrateWinsockConfiguration
htons
socket
gethostbyname
EnumProtocolsW
WSAIsBlocking
dn_expand
getpeername
ntohl
recvfrom
select
WSACancelBlockingCall

ntlanui2

DllGetClassObject

msrating

RatingCustomAddRatingSystem
RatingCustomSetUserOptions
VerifySupervisorPassword
RatingCustomAddRatingHelper
RatingCustomCrackData
RatingEnabledQuery
RatingInit
ClickedOnRAT
ClickedOnPRF
RatingCustomInit
RatingAccessDeniedDialog
RatingObtainCancel
RatingCustomRemoveRatingHelper
RatingAddPropertyPages
RatingCustomDeleteCrackedData
RatingCustomSetDefaultBureau
RatingSetupUI
RatingFreeDetails
RatingCheckUserAccess
RatingAccessDeniedDialog2
ChangeSupervisorPassword
RatingObtainQuery
RatingEnable

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 198KB - Virtual size: 655KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

480e9c12375c4c8cfaa91fb8c4b256cc

Headers

DLL Characteristics

File Characteristics

Imports

msoert2

kernel32

msvcrt40

polstore

wsock32

ntlanui2

msrating

Sections

.text Size: 93KB - Virtual size: 93KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 198KB - Virtual size: 655KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 198KB - Virtual size: 655KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 1024B - Virtual size: 1024B