2af0bd57ab050a38ce11a6572f21b2af_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2af0bd57ab050a38ce11a6572f21b2af_JaffaCakes118
Size

862KB
MD5

2af0bd57ab050a38ce11a6572f21b2af
SHA1

5c94c1a4ebf9dc794dfb1ae48ec1fd8e9d75b80a
SHA256

f84677526568e6c4ecc30869da39baf2f47cf575f3a816b4f4af81b706372a6b
SHA512

2be42715b83a79198fb05b8ec9b0c17cbf00409494b456757c997c434e70616244743fcb544f2dcc9e303d42b81881caba2c0edec0ff4a25e81a590d84368ecc
SSDEEP

24576:sl71rcWyeH8TI8GS1otlZ0rBfqEPKrv+ZEtIlr5a:sZ1rcTI8Gcot0O2ZEtIlg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2af0bd57ab050a38ce11a6572f21b2af_JaffaCakes118

Files

2af0bd57ab050a38ce11a6572f21b2af_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b64941ca089d7b875a1b395bc03f3ca1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlFillMemoryUlong
NtSetThreadExecutionState
ZwAssignProcessToJobObject
ZwImpersonateAnonymousToken
ZwPlugPlayControl
NtQueryValueKey
_CIsqrt
RtlConvertLongToLargeInteger
NtImpersonateAnonymousToken
RtlSetLastWin32Error
NtDeleteValueKey
RtlGetDaclSecurityDescriptor
ZwQueryBootOptions
NtStopProfile
ZwSetQuotaInformationFile
NtSetInformationToken
ZwPrivilegedServiceAuditAlarm
NtRenameKey
ZwDeleteFile
RtlEnlargedIntegerMultiply
RtlZombifyActivationContext
NtSetSystemEnvironmentValue
RtlCreateBootStatusDataFile
ZwAdjustGroupsToken
NtOpenIoCompletion
RtlDeleteSecurityObject
NtCloseObjectAuditAlarm
ZwCreateKeyedEvent
_wcsicmp
RtlQuerySecurityObject
RtlDestroyHandleTable
RtlCheckForOrphanedCriticalSections

kernel32

GetFileAttributesExW
DeleteTimerQueueEx
GetFileInformationByHandle
WriteConsoleInputVDMA
IsDBCSLeadByte
DeleteFiber
lstrcmpW
LZStart
DuplicateHandle
VirtualAlloc
SetStdHandle
CloseConsoleHandle
BeginUpdateResourceW
SetThreadLocale
IsValidCodePage
IsValidLocale
NlsGetCacheUpdateCount
lstrcatA
LoadLibraryA
GetNamedPipeHandleStateW
SetThreadPriority
SetConsoleNumberOfCommandsA
UTRegister
GetModuleHandleA
GetTimeZoneInformation
GetUserDefaultLCID
EnterCriticalSection
IsDebuggerPresent
ExitVDM
SetInformationJobObject
LocalFileTimeToFileTime
GetFileAttributesW
BackupWrite
ReadConsoleOutputCharacterW
HeapReAlloc
GlobalAlloc
LeaveCriticalSection
SetConsolePalette
GetComputerNameExA
BaseDumpAppcompatCache
QueryInformationJobObject
LCMapStringA
lstrcat
HeapUnlock
GetProcessAffinityMask
GetSystemDefaultLCID
GetCalendarInfoW
SetConsoleTitleA

wintrust

CryptCATAdminReleaseContext
CryptCATPutCatAttrInfo
CryptSIPPutSignedDataMsg
CryptCATCDFEnumAttributes
WVTAsn1SpcSpAgencyInfoDecode
WVTAsn1CatNameValueEncode
WVTAsn1SpcSpOpusInfoEncode
CryptSIPGetSignedDataMsg
WVTAsn1SpcMinimalCriteriaInfoEncode
WintrustGetDefaultForUsage
CryptCATHandleFromStore
CatalogCompactHashDatabase
SoftpubDllUnregisterServer
SoftpubLoadSignature
WVTAsn1SpcSigInfoEncode
WVTAsn1CatNameValueDecode
WTHelperGetFileName
WVTAsn1SpcLinkEncode
CryptSIPGetInfo
WintrustGetRegPolicyFlags
SoftpubInitialize
SoftpubCleanup
OpenPersonalTrustDBDialogEx
SoftpubFreeDefUsageCallData
SoftpubAuthenticode
CryptCATAdminEnumCatalogFromHash
TrustDecode
WintrustCertificateTrust
CryptCATAdminResolveCatalogPath
FindCertsByIssuer
WVTAsn1SpcStatementTypeDecode
WVTAsn1CatMemberInfoDecode
WTHelperGetProvCertFromChain
WintrustSetRegPolicyFlags
CryptCATAdminCalcHashFromFileHandle
WTHelperCheckCertUsage
WTHelperGetAgencyInfo

ws2_32

getservbyport
WSAAddressToStringW
connect
WSCGetProviderPath
freeaddrinfo
WSAAccept
WSAGetServiceClassNameByClassIdW
WSASetLastError
WSAConnect
WSACloseEvent
gethostbyaddr
WSAStringToAddressA
WSAResetEvent
htons
WSANtohl
WSAEnumNameSpaceProvidersW
WSASendDisconnect
WSCUnInstallNameSpace
WSCEnableNSProvider
WSAGetServiceClassInfoW
getsockname
__WSAFDIsSet
WSCInstallProvider
WSAHtons
getnameinfo

msdart

??1CReaderWriterLock3@@QAE@XZ
?_Lock@CSpinLock@@AAEXXZ
?IsWriteLocked@CReaderWriterLock3@@QBE_NXZ
?ConvertExclusiveToShared@CReaderWriterLock3@@QAEXXZ
MPDeleteCriticalSection
?RemoveHead@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?IsWriteUnlocked@CLKRHashTable@@QBE_NXZ
IrtlTrace
?IsReadLocked@CCritSec@@QBE_NXZ
?_CalcKeyHash@CLKRHashTable@@ABEKK@Z
?GetDefaultSpinCount@CReaderWriterLock2@@SGGXZ
?ConvertExclusiveToShared@CReaderWriterLock@@QAEXXZ
?sm_llGlobalList@CLKRLinearHashTable@@0VCLockedDoubleList@@A
??1CSmallSpinLock@@QAE@XZ
?InsertHead@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?sm_wDefaultSpinCount@CReaderWriterLock2@@1GA
?_InsertThisIntoGlobalList@CLKRLinearHashTable@@AAEXXZ
?IsWin2k@CMdVersionInfo@@SAHXZ
?_Apply@CLKRLinearHashTable@@AAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@AAW4LK_PREDICATE@@@Z
?GetSpinCount@CSmallSpinLock@@QBEGXZ
?ConvertExclusiveToShared@CCritSec@@QAEXXZ
?ValidSignature@CLKRLinearHashTable@@QBE_NXZ
??4CFakeLock@@QAEAAV0@ABV0@@Z
?SetSpinCount@CReaderWriterLock3@@QAE_NG@Z
?ReadUnlock@CLKRHashTable@@QBEXXZ
??0CFakeLock@@QAE@XZ
?WriteUnlock@CFakeLock@@QAEXXZ
?_ReadLockSpin@CReaderWriterLock2@@AAEXXZ
?MaxSize@CLKRLinearHashTable@@QBEKXZ
?MpHeapCompact@@YAKPAX@Z
?WriteUnlock@CSmallSpinLock@@QAEXXZ
?SetDefaultSpinCount@CSmallSpinLock@@SGXG@Z
?_ReadLockSpin@CReaderWriterLock@@AAEXXZ
??4CDoubleList@@QAEAAV0@ABV0@@Z
?IsReadUnlocked@CLKRLinearHashTable@@QBE_NXZ
?sm_wDefaultSpinCount@CReaderWriterLock3@@1GA
?IsEmpty@CSingleList@@QBE_NXZ
?BucketSize@CLKRHashTableStats@@SGJJ@Z
?_LockSpin@CReaderWriterLock2@@AAEX_N@Z
??4CReaderWriterLock2@@QAEAAV0@ABV0@@Z
?IsWriteLocked@CLKRLinearHashTable@@QBE_NXZ
?IsUnlocked@CLockedDoubleList@@QBE_NXZ
?_H1@CLKRLinearHashTable@@CGKKK@Z
?IsWriteLocked@CSmallSpinLock@@QBE_NXZ
?CheckTable@CLKRHashTable@@QBEHXZ

lz32

LZDone
CopyLZFile
LZInit
LZRead
LZClose
LZCloseFile
LZCopy
LZStart
LZOpenFileW
LZOpenFileA
GetExpandedNameA
LZCreateFileW
LZSeek

msvcp60

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??1?$_Mpunct@D@std@@UAE@XZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?positive_sign@?$_Mpunct@D@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??1?$moneypunct@D$0A@@std@@UAE@XZ
??0?$complex@N@std@@QAE@ABV?$complex@M@1@@Z
?copyfmt@ios_base@std@@QAEAAV12@ABV12@@Z
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
?infinity@?$numeric_limits@I@std@@SAIXZ
?overflow@strstreambuf@std@@MAEHH@Z
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
?do_thousands_sep@?$numpunct@D@std@@MBEDXZ
??0locale@std@@QAE@PBDH@Z
??Xstd@@YAAAV?$complex@O@0@AAV10@ABV10@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPAD@Z
??Rlocale@std@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@0@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIXZ
?narrow@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDDD@Z
??4?$numeric_limits@I@std@@QAEAAV01@ABV01@@Z
?_Getcat@?$moneypunct@G$0A@@std@@SAIXZ
_Strcoll
??1?$moneypunct@D$00@std@@UAE@XZ
?quiet_NaN@?$numeric_limits@M@std@@SAMXZ
_LDscale
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@N@0@@Z
?sputbackc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 453KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b64941ca089d7b875a1b395bc03f3ca1

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

wintrust

ws2_32

msdart

lz32

msvcp60

Sections

.text Size: 184KB - Virtual size: 184KB

.rdata Size: 222KB - Virtual size: 222KB

.data Size: 453KB - Virtual size: 1.9MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 184KB - Virtual size: 184KB

.rdata
Size: 222KB - Virtual size: 222KB

.data
Size: 453KB - Virtual size: 1.9MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B