318f37996b4b7ae07d674048a0d53f16_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

318f37996b4b7ae07d674048a0d53f16_JaffaCakes118
Size

160KB
MD5

318f37996b4b7ae07d674048a0d53f16
SHA1

5b0517179e61f5a277ef44c0a9fc112911449db3
SHA256

9f4529b5f7db4a08c0e35d31d786ee272cf4b68e2a7622a95d5520e3bc03c513
SHA512

cb22e01622c6f1c03ea7c708f4a1ba30ecdc62693abf40f65c9603dbf06c993ca89ece127bdc0211fbe5ce5ac9ae9351d046c4ab787199885de0f8e83f771b9f
SSDEEP

3072:DCUWs4cqR+kKAbgcVURP7qBCwXFduhXQfGGBR89OfMpHfF5XPHF:Is4F+kJgcVcDACwXFuAGGk7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
318f37996b4b7ae07d674048a0d53f16_JaffaCakes118

Files

318f37996b4b7ae07d674048a0d53f16_JaffaCakes118
.exe windows:5 windows x86 arch:x86

65aa5890b097399f5ddd496505c862df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetAddConnection3A
WNetGetConnection3W
WNetUseConnectionA
WNetGetDirectoryTypeA
WNetSetLastErrorA
WNetDisconnectDialog
WNetGetPropertyTextW
I_MprSaveConn
WNetPasswordChangeNotify
WNetGetNetworkInformationA
WNetGetUserA
WNetDirectoryNotifyW
WNetPropertyDialogW
WNetDisconnectDialog1W
MultinetGetConnectionPerformanceA
WNetGetConnection3A
WNetFormatNetworkNameW
WNetOpenEnumW
WNetGetConnectionA
WNetGetProviderNameA
WNetAddConnectionA
WNetGetDirectoryTypeW
WNetUseConnectionW
WNetOpenEnumA
WNetLogonNotify
WNetGetResourceParentA
WNetCancelConnectionW
WNetDisconnectDialog2
WNetConnectionDialog1W
MultinetGetConnectionPerformanceW
WNetGetResourceInformationA
WNetCancelConnection2W
WNetGetProviderTypeA

kernel32

FileTimeToSystemTime
CreateConsoleScreenBuffer
SetFileAttributesW
SetSystemPowerState
CreateNamedPipeA
LoadLibraryA
WaitNamedPipeW
ReadConsoleOutputA
GetProfileSectionW
IsValidLocale
GetCurrentDirectoryW
GetNativeSystemInfo
GetHandleContext
NlsGetCacheUpdateCount
DeleteCriticalSection
ReadConsoleOutputAttribute
GetCPInfoExA
LeaveCriticalSection
VirtualAlloc
_lwrite
GetNextVDMCommand
EnterCriticalSection
ConvertThreadToFiber
GlobalMemoryStatusEx
WritePrivateProfileSectionW
SetVolumeMountPointA
_lclose
FindFirstChangeNotificationW
GetUserGeoID
SetUnhandledExceptionFilter
ReplaceFileA
ReadConsoleOutputW
FindFirstFileA

oleaut32

VarUI8FromI1
SafeArrayDestroyData
VarI8FromBool
VarBstrFromI2
VarCyMul
VarUI2FromBool
VarCyCmp
LoadRegTypeLib
SafeArrayCreate
VarInt
SafeArrayAccessData
VarR4FromDec
VarDecFromUI1
VarR8FromI1
VarDecFromStr
VarBoolFromCy
SafeArrayGetIID
RevokeActiveObject
VarBstrFromUI2
VarR4FromI4
VarUI4FromR4
VarUI1FromUI8
BSTR_UserMarshal
VarI2FromR8
SafeArrayCopy
VarI4FromR8
VarI1FromI4
VarR4FromUI2
VarUI8FromI8
SafeArrayAllocDescriptor
VarDecAdd
VarDateFromR4
VarDecFromUI4
VarI8FromUI8
VarR8FromI4

cscdll

CSCFindFirstFileForSidW
CSCQueryFileStatusW
CSCTransitionServerOnlineW
CSCIsServerOfflineW
CSCSetMaxSpace
CSCIsCSCEnabled
CSCDeleteW
CSCUnpinFileW
CSCEnumForStatsExW
CSCFindFirstFileW
CSCFindClose
CSCFindNextFileW
CSCPinFileW
CSCDoEnableDisable
CSCEnumForStatsW

setupapi

SetupDiGetClassImageListExA
SetupDiInstallClassExA
CM_Add_Empty_Log_Conf_Ex
SetupQuerySourceListW
SetupLogErrorA
SetupAddInstallSectionToDiskSpaceListW
CM_Set_DevNode_Registry_PropertyW
SetupDiGetHwProfileFriendlyNameExW
SetupDiInstallClassExW
SetupDiGetClassRegistryPropertyA
SetupRenameErrorA
CM_Get_Child
CM_Locate_DevNodeA
CM_Get_Device_Interface_List_SizeW
SetupFreeSourceListW
SetupDiInstallDevice
pSetupIsUserAdmin
SetupVerifyInfFileA
SetupDiGetActualSectionToInstallW
CM_Get_Device_IDA
SetupDiDeleteDeviceInterfaceRegKey
SetupDiGetClassDevsExA
CM_Merge_Range_List
SetupQueueDeleteW
SetupInstallServicesFromInfSectionA
pSetupOutOfMemory
SetupGetInfInformationA
SetupOpenMasterInf
SetupPromptForDiskA
CM_Set_DevNode_Problem
SetupGetSourceInfoW

lz32

LZCloseFile
LZOpenFileA
LZDone
LZRead
LZCreateFileW
LZOpenFileW
LZInit
GetExpandedNameA
CopyLZFile
LZSeek
LZClose
GetExpandedNameW
LZCopy
LZStart

msvcp60

?id@?$collate@D@std@@2V0locale@2@A
??Gstd@@YA?AV?$complex@N@0@ABNABV10@@Z
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
?sqrt@?$_Ctr@O@std@@SAOO@Z
?norm@std@@YANABV?$complex@N@1@@Z
_LSinh
?underflow@strstreambuf@std@@MAEHXZ
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PAG0PBG1@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??Kstd@@YA?AV?$complex@N@0@ABNABV10@@Z
?max@?$numeric_limits@C@std@@SACXZ
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
??Bid@locale@std@@QAEIXZ
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?denorm_min@?$numeric_limits@E@std@@SAEXZ
?max@?$numeric_limits@E@std@@SAEXZ
?setstate@ios_base@std@@QAEXF@Z
??X?$_Complex_base@O@std@@QAEAAV01@ABO@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIABV12@@Z
?curr_symbol@?$_Mpunct@D@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?denorm_min@?$numeric_limits@_N@std@@SA_NXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@@Z
??Nstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??Pstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??1?$collate@G@std@@UAE@XZ
?do_neg_format@?$_Mpunct@G@std@@MBE?AUpattern@money_base@2@XZ
?opfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE_NXZ
?open@?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXPBDH@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?_Isnan@?$_Ctr@N@std@@SA_NN@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAPAG0PAH001@Z

msvcrt

exit
__p__commode
__getmainargs
__set_app_type

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65aa5890b097399f5ddd496505c862df

Headers

DLL Characteristics

File Characteristics

Imports

mpr

kernel32

oleaut32

cscdll

setupapi

lz32

msvcp60

msvcrt

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 87KB - Virtual size: 87KB

.data Size: 14KB - Virtual size: 188KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 87KB - Virtual size: 87KB

.data
Size: 14KB - Virtual size: 188KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B