2c330c601ce08ad70be46d11188439e2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c330c601ce08ad70be46d11188439e2_JaffaCakes118
Size

393KB
MD5

2c330c601ce08ad70be46d11188439e2
SHA1

ffa49cac62e054dd1c8a883a7401ef8b22de1d0e
SHA256

71f88b8087d1dea72b0b44aa788b53a6a30f63d89e87a0fbd05eb57773dde4d5
SHA512

a88a66f4003fe2cc431d416268281095389ba1b8ae86335631ba116ed47a9bf4379d6df0347ab4ec80022d19f5dc5e5aa75f5a29fb304c3f6e44497a025b4da8
SSDEEP

12288:0r1kCoKycTIQZ6fNWGQIKoUJAfB6yg4HZQBCl:uGKnIi6UG1KjAfBm4HZQBCl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c330c601ce08ad70be46d11188439e2_JaffaCakes118

Files

2c330c601ce08ad70be46d11188439e2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

67e028ac2952dcd95c9a3a98c8c48ecc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFiber
LocalFree
GetSystemDefaultUILanguage
HeapDestroy
GetNamedPipeHandleStateA
GetUserDefaultLangID
ReplaceFile
WriteProfileSectionW
RegisterConsoleVDM
GlobalDeleteAtom
AllocConsole
GetConsoleAliasesA
FindResourceExW
SetConsoleCursorMode
GlobalFindAtomA
VirtualAlloc
OpenJobObjectA
EnumUILanguagesW
ReadProcessMemory
ContinueDebugEvent
ReadDirectoryChangesW
GetExpandedNameA
DosPathToSessionPathW
InitializeCriticalSection
IsValidLocale
GetDriveTypeW
BeginUpdateResourceA
Toolhelp32ReadProcessMemory
GetLastError
CreateFileA
PeekNamedPipe
SetClientTimeZoneInformation
DnsHostnameToComputerNameA
LoadLibraryA
GetNumaHighestNodeNumber
EnumSystemCodePagesA
AreFileApisANSI
GetExitCodeProcess
PurgeComm
EnumSystemCodePagesW
InitializeCriticalSectionAndSpinCount
FindAtomA
GetStringTypeW
GetConsoleOutputCP
CompareStringW
GetDriveTypeA
GetDiskFreeSpaceW

sqlunirl

_CreateStatusWindow_@16
_FindFirstFile_@8
_CopyAcceleratorTable_@12
_GetPrivateProfileSection_@16
_RemoveFontResource_@4
_IsCharAlpha_@4
_EnumDisplaySettings_@12
_GetFileAttributes_@4
_GetEnhMetaFileDescription_@12
_ChooseColor_@4
_AddAtom_@4
AllocConvertMultiSZNameToAEx
_GetFileAttributesEx_@12
_NDdeIsValidShareName_@4
_GetPrivateProfileInt_@16
_IsCharUpper_@4
_LogonUser_@24
_GetBinaryType_@8
_StartService_@12
_OpenDesktop_@16
_EnumResourceTypes_@12
_ExpandEnvironmentStrings_@12
_RegisterClipboardFormat_@4
_RegisterEventSource_@8
__hwrite_@12
_GetCharABCWidthsFloat_@16
_LoadMenuIndirect_@4
_trename
_TextOut@20
_GetProp@8
_GetEnvironmentVariable_@12
_CreateEnhMetaFile_@16
_SetDefaultCommConfig_@12
newMultiByteFromWideCharSize
_CompareString_@24
_GetAtomName_@12
_DlgDirList_@20
_NDdeShareEnum_@24
_EnumResourceLanguages_@20
_CreateFile@28
_NDdeTrustedShareEnum_@24
_OpenFileMapping_@12
_IsDialogMessage@8

cmutil

?SetPrimaryFile@CIniW@@QAEXPBG@Z
??1CIniW@@QAE@XZ
?CIniW_WriteEntryToReg@CIniW@@IBEHPAUHKEY__@@PBG1PBEKK@Z
?SetWriteICSData@CIniW@@QAEXH@Z
CmMalloc
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBD@Z
??_FCIniA@@QAEXXZ
CmStrrchrA
CmStrchrA
?GetFile@CIniA@@QBEPBDXZ
??0CmLogFile@@QAE@XZ
CmMoveMemory
?GPPB@CIniA@@QBEHPBD0H@Z
CmIsDigitW
SzToWzWithAlloc
CmLoadStringW
CmIsSpaceW
?WPPI@CIniW@@QAEXPBG0K@Z
?GetPrimaryFile@CIniA@@QBEPBDXZ
?SetEntry@CIniW@@QAEXPBG@Z
?GPPB@CIniW@@QBEHPBG0H@Z
?SetEntry@CIniA@@QAEXPBD@Z
?SetReadICSData@CIniA@@QAEXH@Z
CmEndOfStrW
?GetRegPath@CIniA@@QBEPBDXZ
?SetRegPath@CIniW@@QAEXPBG@Z
?SetReadICSData@CIniW@@QAEXH@Z
?Init@CRandom@@QAEXK@Z
CmParsePathW
?Stop@CmLogFile@@QAEJXZ
?CIniW_GetEntryFromReg@CIniW@@IBEPAEPAUHKEY__@@PBG1KK@Z
??1CmLogFile@@QAE@XZ
??0CIniW@@QAE@PAUHINSTANCE__@@PBG111@Z
??4CIniW@@QAEAAV0@ABV0@@Z
?Clear@CIniA@@QAEXXZ
CmFmtMsgW
?WPPB@CIniW@@QAEXPBG0H@Z
??4CIniA@@QAEAAV0@ABV0@@Z
?SetSection@CIniA@@QAEXPBD@Z
?WPPS@CIniA@@QAEXPBD00@Z
CmWinHelp
?Generate@CRandom@@QAEHXZ
?GetPrimaryFile@CIniW@@QBEPBGXZ
?Banner@CmLogFile@@QAEXXZ

ntdll

RtlCompareMemory
isgraph
NtGetPlugPlayEvent
ZwGetContextThread
NtSetIoCompletion
swprintf
ZwResumeThread
RtlCheckRegistryKey
iswdigit
ZwMapViewOfSection
NtQueryVirtualMemory
_strupr
RtlVerifyVersionInfo
ZwNotifyChangeDirectoryFile
RtlIpv6AddressToStringW
RtlAreBitsSet
NtIsProcessInJob
NtCreateEventPair
RtlDestroyQueryDebugBuffer
ZwSystemDebugControl
ZwQueryInstallUILanguage
RtlOemStringToUnicodeString
iswspace
ZwQuerySymbolicLinkObject
NtReleaseSemaphore
ZwSetInformationToken
RtlUnicodeStringToAnsiSize
wcscspn
RtlpApplyLengthFunction
NtSetSystemInformation
ZwCreateTimer
RtlExpandEnvironmentStrings_U
_itoa
NtLockVirtualMemory
NtReadFile
RtlSetCurrentEnvironment
ZwAllocateUserPhysicalPages
RtlAnsiCharToUnicodeChar
VerSetConditionMask

user32

DdeConnect
mouse_event
DefMDIChildProcW
GetTopWindow
wsprintfA
CreateSystemThreads
MenuWindowProcA
NotifyWinEvent
SwitchDesktop
GetGUIThreadInfo
RemoveMenu
LoadCursorFromFileW
GetClipboardSequenceNumber
GrayStringA
SetTaskmanWindow
IsWindowVisible
DrawTextExW
FindWindowExA
GetDC
DdeSetQualityOfService
BroadcastSystemMessage
IMPSetIMEW
CreateCursor
GetMenuContextHelpId
IsDlgButtonChecked
UnlockWindowStation
IsWindow
RegisterClassExA
IsGUIThread
OpenInputDesktop
ScrollWindowEx
GetWindowModuleFileName
ToUnicode
User32InitializeImmEntryTable
SetScrollPos
InvalidateRect

mfcsubs

??BCString@@QBEPBGXZ
??1CString@@QAE@XZ
?Lock@CSyncObject@@UAEHK@Z
??0CObject@@IAE@XZ
?data@CPlex@@QAEPAXXZ
??0CSyncObject@@QAE@PBG@Z
?InsertAt@CStringArray@@QAEXHPAV1@@Z
??BCCriticalSection@@QAEPAU_RTL_CRITICAL_SECTION@@XZ
?LockBuffer@CString@@QAEPAGXZ
??ACStringArray@@QAEAAVCString@@H@Z
?MakeUpper@CString@@QAEXXZ
??9@YG_NABVCString@@0@Z
?CopyBeforeWrite@CString@@IAEXXZ
??4CString@@QAEABV0@G@Z
??0CString@@QAE@ABV0@@Z
??0CString@@QAE@PBG@Z
?LookupKey@CMapStringToPtr@@QBEHPBGAAPBG@Z
??H@YG?AVCString@@ABV0@D@Z
??H@YG?AVCString@@DABV0@@Z
?AfxW2AHelper@@YGPADPADPBGH@Z
??0CString@@QAE@PBGH@Z
?GetAssocAt@CMapStringToPtr@@IBEPAUCAssoc@1@PBGAAI@Z
?SafeStrlen@CString@@KGHPBG@Z
??H@YG?AVCString@@ABV0@0@Z
??_7CObject@@6B@
?GetUpperBound@CStringArray@@QBEHXZ
??1CStringArray@@UAE@XZ
?TrimLeft@CString@@QAEXXZ
?Mid@CString@@QBE?AV1@HH@Z
?GetAt@CStringArray@@QBE?AVCString@@H@Z
?FormatV@CString@@IAEXPBGPAD@Z
?AfxA2WHelper@@YGPAGPAGPBDH@Z
??H@YG?AVCString@@ABV0@G@Z
?SetAt@CString@@QAEXHG@Z

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 526KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67e028ac2952dcd95c9a3a98c8c48ecc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

sqlunirl

cmutil

ntdll

user32

mfcsubs

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 138KB - Virtual size: 138KB

.data Size: 75KB - Virtual size: 526KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 138KB - Virtual size: 138KB

.data
Size: 75KB - Virtual size: 526KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 1024B - Virtual size: 1024B