381a8341715a8c81d97dec4c5f17bcc8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

381a8341715a8c81d97dec4c5f17bcc8_JaffaCakes118
Size

32KB
MD5

381a8341715a8c81d97dec4c5f17bcc8
SHA1

9ff0b2f4b784fbd290a0520c88eb20162b1b12d1
SHA256

c54d1a7d9eeefd191d32826fe78d956446eda7b6d0eee85549c8a7c35102e1df
SHA512

e697c2a77b63496961ff6fd5f9325bb5d345bf08816db82d1a1102c66e86c620ac89dc202d64a469f4a159cfa51c03a53a67b19773ce1b1f80ca91a4a69c4525
SSDEEP

768:fuPXnNMxeBnMLyZjWGiL+XjIXVAbDKZ+OWAp5dLwQjSegPT:2fnuxkbiYUXVA/KZ6AndLn/IT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
381a8341715a8c81d97dec4c5f17bcc8_JaffaCakes118

Files

381a8341715a8c81d97dec4c5f17bcc8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8643b5f0f242427e03a9fe2b23651a30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibOpen
ICDraw
DrawDibGetBuffer
ICRemove
GetSaveFileNamePreviewW
GetSaveFileNamePreviewA
StretchDIB
DrawDibEnd
DrawDibChangePalette
ICClose
DrawDibProfileDisplay
ICMThunk32
DrawDibRealize
DrawDibStop
ICSeqCompressFrameEnd
GetOpenFileNamePreviewA
DrawDibStart
GetOpenFileNamePreviewW
MCIWndCreateW
ICSeqCompressFrameStart
ICInfo
ICSeqCompressFrame
ICOpen
MCIWndCreateA
ICOpenFunction
GetOpenFileNamePreview
DrawDibTime
ICGetInfo
MCIWndCreate
ICLocate
ICDecompress
DrawDibSetPalette
ICDrawBegin
ICSendMessage
ICImageCompress
ICCompressorChoose
ICCompress
DrawDibBegin
MCIWndRegisterClass
VideoForWindowsVersion
ICGetDisplayFormat

kernel32

GetConsoleAliasesLengthA
RemoveVectoredExceptionHandler
UpdateResourceA
ReadDirectoryChangesW
WaitForDebugEvent
ConvertDefaultLocale
LocalCompact
InterlockedDecrement
WriteTapemark
GetConsoleTitleA
GetConsoleAliasesA
ReadConsoleOutputCharacterW
WriteProfileStringW
lstrcmpW
SetLocalTime
SetTimerQueueTimer
ReplaceFileW
TlsGetValue
GetDateFormatA
ExpandEnvironmentStringsW
InvalidateConsoleDIBits
SetProcessShutdownParameters
OpenSemaphoreA
CompareFileTime
GetCommProperties
GetWriteWatch
GetConsoleFontInfo
EnumCalendarInfoW
VerLanguageNameW
SetConsoleTitleW
GetStringTypeExA
ReadConsoleOutputAttribute
GlobalAddAtomA
GetFileAttributesA
EnterCriticalSection
CreateThread
WriteConsoleW
GetProcessHeaps
_lopen
lstrcmp
SetThreadIdealProcessor
GetLocaleInfoW
SetMailslotInfo
ExpandEnvironmentStringsA
LZCreateFileW
CreateTimerQueueTimer
VirtualAlloc
CompareStringW
GetFileAttributesExW
WaitNamedPipeW
IsBadHugeWritePtr
QueryMemoryResourceNotification
GetConsoleInputWaitHandle
EnumDateFormatsA
EnumResourceLanguagesA
CreateFileA
ReadConsoleOutputCharacterA
CreateWaitableTimerA
GlobalMemoryStatusEx
GetConsoleAliasExesLengthW
GetTempPathW
_lwrite
SetConsoleTextAttribute
InterlockedFlushSList
GetNumaHighestNodeNumber
GlobalAddAtomW
OpenProcess
SetThreadPriorityBoost
FindFirstVolumeMountPointW
QueueUserWorkItem
RtlMoveMemory
CreateToolhelp32Snapshot
VerSetConditionMask
AttachConsole
DeleteFiber
GetVersionExA
GetNumberFormatW
GetEnvironmentVariableW
FindFirstVolumeA

cryptnet

CryptCancelAsyncRetrieval
I_CryptNetGetUserDsStoreUrl
CryptInstallCancelRetrieval
LdapProvOpenStore
CertDllVerifyCTLUsage
CryptRetrieveObjectByUrlW
I_CryptNetGetHostNameFromUrl
CryptRetrieveObjectByUrlA
CertDllVerifyRevocation
CryptFlushTimeValidObject
CryptGetObjectUrl
DllUnregisterServer
DllRegisterServer
CryptUninstallCancelRetrieval
CryptGetTimeValidObject

mapi32

MNLS_IsBadStringPtrW@8
HrGetOneProp@12
DeinitMapiUtil@0
FDecodeID@12
HexFromBin@12
FtAddFt@16
MNLS_lstrcmpW@8
PRProviderInit
FGetComponentPath
FtMulDw@12
GetOutlookVersion@0
CreateTable@36
FBadSortOrderSet@4
HrAddColumnsEx@20
MNLS_WideCharToMultiByte@32
FBadEntryList@4
OpenStreamOnFile@24
OpenStreamOnFile
CreateIProp@24
UNKOBJ_COFree@8
CchOfEncoding@4
SetAttribIMsgOnIStg@16
GetAttribIMsgOnIStg@12
OpenTnefStreamEx@32
HrValidateIPMSubtree@20
WrapCompressedRTFStream@12
MAPIResolveName
SwapPword@8

msvcp60

??_F?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
?seekg@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
??_Fcodecvt_base@std@@QAEXXZ
?do_compare@?$collate@D@std@@MBEHPBD000@Z
??_7range_error@std@@6B@
??1?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
?widen@?$ctype@G@std@@QBEGD@Z
?pubseekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@JFF@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Stinit@?1??_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@23@@Z@4HA
??_7?$moneypunct@D$00@std@@6B@
?open@?$basic_fstream@GU?$char_traits@G@std@@@std@@QAEXPBDH@Z
??1?$basic_fstream@GU?$char_traits@G@std@@@std@@UAE@XZ
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
?max@?$numeric_limits@K@std@@SAKXZ
?norm@std@@YANABV?$complex@N@1@@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
??Pstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?opfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE_NXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?copy@?$char_traits@D@std@@SAPADPADPBDI@Z
?quiet_NaN@?$numeric_limits@D@std@@SADXZ
?_Getcat@?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIXZ
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??Xstd@@YAAAV?$complex@N@0@AAV10@ABV10@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@N@Z
??8locale@std@@QBE_NABV01@@Z
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?cos@?$_Ctr@N@std@@SANN@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??4_Num_base@std@@QAEAAU01@ABU01@@Z
?_Doraise@domain_error@std@@MBEXXZ
??1_Locinfo@std@@QAE@XZ
?imag@std@@YAOABV?$complex@O@1@@Z
?open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXPBDF@Z

msvcrt40

_adj_fdiv_r
_strnicmp
??1stdiobuf@@UAE@XZ
ldiv
_adj_fprem
_safe_fprem
_spawnl
?is_open@fstream@@QBEHXZ
??0exception@@QAE@ABV0@@Z
vprintf
_vsnwprintf
_CIcos
??6ostream@@QAEAAV0@PBD@Z
?getdouble@istream@@AAEHPADH@Z
??_Gistream_withassign@@UAEPAXI@Z
??0ostrstream@@QAE@XZ
?setbuf@streambuf@@UAEPAV1@PADH@Z
?oct@@YAAAVios@@AAV1@@Z
?fd@fstream@@QBEHXZ
?doallocate@strstreambuf@@MAEHXZ
_c_exit
_setmbcp
??_8ostrstream@@7B@
_setsystime
??_Dostream@@QAEXXZ
_mbctohira
?close@ifstream@@QAEXXZ
?lockbuf@ios@@QAAXXZ
??_7ifstream@@6B@
??0ostream@@IAE@ABV0@@Z
??_7logic_error@@6B@
?cerr@@3Vostream_withassign@@A
_CIatan
_strdup
__p___wargv
_mbsnbcnt
_beep
?underflow@filebuf@@UAEHXZ
_mbsspn
_wexecl
_fsopen
??0stdiobuf@@QAE@PAU_iobuf@@@Z
?get@istream@@QAEAAV1@AAD@Z
_kbhit

localspl

SplDeletePort
SplDeletePrinterDriverEx
SplEnumPorts
SplEnumForms
SplXcvData
SplReenumeratePorts
SplDriverEvent
SplEnumPrinterDataEx
SplCreateSpooler
SplAddForm
PrintDocumentOnPrintProcessor
SplDeletePrintProcessor
LclPromptUIPerSessionUser
SplDeleteMonitor
ControlPrintProcessor
SplDeleteForm
SplClosePrinter
SplAddPort
GetPrintProcessorCapabilities
LclIsSessionZero
SplAddPrinterDriverEx
SplSetForm
ClosePrintProcessor
SplDeletePrinter
InitializePrintProvidor
DllMain
SplSetPrinterDataEx
EnumPrintProcessorDatatypesW
SplAddPrinter

samsrv

SamIResetBadPwdCountOnPdc
SampInvalidateRidRange
SamrOpenUser
SamrCreateUser2InDomain
SamIIsSetupInProgress
SamIDemoteUndo
SamrQueryInformationUser
SampProcessSingleLoopbackTask
SamINetLogonPing
SamIReplaceDownlevelDatabase
SamrCloseHandle
SamIGetUserLogonInformation2
SamIUpdateLogonStatistics
SamIFree_SAMPR_DISPLAY_INFO_BUFFER
SamIPromoteUndo
SamIFree_SAMPR_ENUMERATION_BUFFER
SamIStorePrimaryCredentials
SamIImpersonateNullSession
SamIMixedDomain2
SamIAccountRestrictions
SamIFree_SAMPR_ULONG_ARRAY
SamIFreeSidArray
SamIRetrievePrimaryCredentials
SampAcquireSamLockExclusive
SamINT4UpgradeInProgress

winscard

SCardDisconnect
SCardLocateCardsByATRA
SCardIntroduceCardTypeA
SCardReleaseNewReaderEvent
SCardSetCardTypeProviderNameA
SCardIntroduceReaderW
SCardState
SCardGetStatusChangeW
SCardListInterfacesA
SCardGetStatusChangeA
SCardGetAttrib
SCardReleaseContext
SCardListReaderGroupsA
SCardIsValidContext
SCardForgetReaderGroupA
SCardGetProviderIdW
SCardForgetCardTypeA
SCardForgetCardTypeW
SCardGetProviderIdA
SCardGetCardTypeProviderNameW
SCardListInterfacesW
ClassInstall32
SCardConnectA
SCardListCardsW
SCardReleaseStartedEvent

opengl32

glIndexubv
glListBase
glIndexd
wglCreateContext
glPixelMapfv
glColor4us
glBindTexture
glTexParameterf
glOrtho
glColor4f
glClear
glNormal3sv
glTexImage2D
glVertex2fv
glIndexsv
glDebugEntry
glPopName
wglSetPixelFormat
glShadeModel
glGetTexEnviv
glRasterPos3f
glTexCoord2f
glEvalCoord2fv
glStencilFunc
glLighti
glIndexf
glIndexPointer
glLineWidth
glGetTexLevelParameterfv
glDepthMask
glColor3bv
glClearIndex
glCopyTexSubImage1D
glVertex2f
glTexCoord4fv

user32

SetScrollPos
IsIconic
MoveWindow

gdi32

RectVisible

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 726B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8643b5f0f242427e03a9fe2b23651a30

Headers

DLL Characteristics

File Characteristics

Imports

msvfw32

kernel32

cryptnet

mapi32

msvcp60

msvcrt40

localspl

samsrv

winscard

opengl32

user32

gdi32

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 726B

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 726B