3dbf2fa57971a90571c0b7c678676895_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3dbf2fa57971a90571c0b7c678676895_JaffaCakes118
Size

867KB
MD5

3dbf2fa57971a90571c0b7c678676895
SHA1

e62959ce7a16921b045e6c7960a021d2d7086aef
SHA256

35227aeeda7a2f35c19b6436c07d9ea340b8770bdd8e628e59eb98aa3f2662fb
SHA512

74df9cad16aaad09a59ced905ecef8d3f002a1e426543c379254b2aaccf21a62f1f808fc4be9a7991d4f94618343e81ffadceea3ffcfd3fa8cd31d30b6539f62
SSDEEP

12288:ET8EUvB4StMJQz4ymu9K4w1/i/6tytI2WQXQ0hYhrjt/Jwr2eN0:ET8iiz4ymC2i/NfQL5R82

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3dbf2fa57971a90571c0b7c678676895_JaffaCakes118

Files

3dbf2fa57971a90571c0b7c678676895_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5c87e4a5400b72b7940cb486a33f2ea7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

_pipe
_CIacos
?fill@ios@@QAEDD@Z
_CItanh
?delbuf@ios@@QAEXH@Z
iswascii
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
??_8stdiostream@@7Bistream@@@
??_Gifstream@@UAEPAXI@Z
_adj_fptan
_hypot
__p__winver
_adj_fdiv_r
?rdbuf@fstream@@QBEPAVfilebuf@@XZ
asctime
_mbcjistojms
?get@istream@@IAEAAV1@PADHH@Z
_adjust_fdiv
strchr
_lseek
_wtol
??0stdiostream@@QAE@ABV0@@Z
_j0
?dec@@YAAAVios@@AAV1@@Z

kernel32

ReadConsoleOutputA
SetThreadPriority
RemoveLocalAlternateComputerNameA
_hread
FileTimeToDosDateTime
CommConfigDialogA
LocalUnlock
GetWriteWatch
GetTempPathW
TransmitCommChar
FreeLibraryAndExitThread
PurgeComm
SetFileAttributesA
DosPathToSessionPathW
ShowConsoleCursor
SetFileApisToANSI
SuspendThread
GlobalFindAtomW
QueryPerformanceCounter
CopyLZFile
Thread32First
CreateConsoleScreenBuffer
SetCalendarInfoW
Module32First
SetCommMask
ConvertDefaultLocale
LZOpenFileA
GetStartupInfoW
GetModuleHandleW
SetUnhandledExceptionFilter
IsWow64Process
RequestWakeupLatency
FindResourceW
OpenWaitableTimerA
Process32Next
ActivateActCtx
LoadLibraryA
GetCurrentDirectoryA
VirtualQueryEx
SetFilePointerEx
AddConsoleAliasA
ReadConsoleOutputW
FoldStringW
HeapCompact
GetPrivateProfileSectionNamesA
GetCurrentActCtx
WritePrivateProfileStringW
GetVolumeInformationA
TermsrvAppInstallMode
CreateJobObjectA
LocalFree
DeleteTimerQueueTimer
ChangeTimerQueueTimer
IsValidLocale
GetFirmwareEnvironmentVariableW
SetConsoleActiveScreenBuffer
FindFirstVolumeW
lstrcat
OpenProcess
VirtualAlloc
SetThreadPriorityBoost
CommConfigDialogW
SetUserGeoID
DisconnectNamedPipe
GetCommMask
EnumDateFormatsA
GetHandleInformation
DeleteAtom
GetAtomNameA
WaitNamedPipeA
GetCurrentProcess
CompareFileTime

d3d8thk

OsThunkDdColorControl
OsThunkDdCanCreateSurface
OsThunkDdQueryDirectDrawObject
OsThunkDdGetDxHandle
OsThunkDdUpdateOverlay
OsThunkDdCreateDirectDrawObject
OsThunkDdAddAttachedSurface
OsThunkDdUnattachSurface
OsThunkDdResetVisrgn
OsThunkDdBlt
OsThunkDdUnlockD3D
OsThunkDdDestroySurface
OsThunkDdGetFlipStatus
OsThunkDdLock
OsThunkDdDeleteDirectDrawObject
OsThunkDdSetOverlayPosition
OsThunkDdGetMoCompFormats
OsThunkDdSetColorKey
OsThunkDdGetInternalMoCompInfo
OsThunkDdRenderMoComp
OsThunkD3dDrawPrimitives2
OsThunkDdGetBltStatus
OsThunkDdFlipToGDISurface
OsThunkDdGetDC
OsThunkDdReleaseDC
OsThunkD3dContextCreate
OsThunkDdDestroyD3DBuffer
OsThunkDdGetMoCompGuids
OsThunkDdAlphaBlt
OsThunkDdCreateMoComp
OsThunkDdGetScanLine
OsThunkDdAttachSurface
OsThunkDdEndMoCompFrame
OsThunkDdCreateD3DBuffer
OsThunkDdBeginMoCompFrame
OsThunkDdDestroyMoComp
OsThunkDdUnlock
OsThunkDdDeleteSurfaceObject

wintrust

DriverCleanupPolicy
WVTAsn1SpcIndirectDataContentDecode
CryptCATStoreFromHandle
WVTAsn1SpcLinkEncode
AddPersonalTrustDBPages
CryptCATAdminResolveCatalogPath
CryptCATAdminCalcHashFromFileHandle
WintrustCertificateTrust
CryptCATCDFOpen
WTHelperProvDataFromStateData
WVTAsn1SpcSpOpusInfoEncode
FindCertsByIssuer
CryptCATEnumerateMember
WintrustAddActionID
TrustOpenStores
mssip32DllUnregisterServer
SoftpubCheckCert
TrustFreeDecode
CryptCATCDFClose
WVTAsn1SpcSigInfoDecode
WVTAsn1SpcIndirectDataContentEncode
CryptCATPutMemberInfo
WVTAsn1SpcPeImageDataDecode
WVTAsn1SpcFinancialCriteriaInfoDecode
SoftpubLoadMessage
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAddCatalog
WintrustAddDefaultForUsage
WVTAsn1SpcMinimalCriteriaInfoEncode
CryptCATCDFEnumAttributes
WVTAsn1SpcPeImageDataEncode
CryptCATCDFEnumCatAttributes
MsCatFreeHashTag
WVTAsn1CatMemberInfoEncode
mscat32DllRegisterServer
WintrustLoadFunctionPointers
WTHelperCertFindIssuerCertificate
CryptSIPPutSignedDataMsg
CryptCATVerifyMember
CryptCATCDFEnumMembersByCDFTag
SoftpubLoadSignature
WVTAsn1SpcStatementTypeDecode
CryptCATAdminPauseServiceForBackup
WintrustSetRegPolicyFlags

dhcpsapi

DhcpScanDatabase
DhcpGetAllOptionValues
DhcpDeleteSubnet
DhcpServerQueryAttributes
DhcpSetOptionValueV5
DhcpRemoveOptionValue
DhcpGetMCastMibInfo
DhcpRpcFreeMemory
DhcpEnumOptions
DhcpCreateSubnet
DhcpDeleteClass
DhcpEnumSubnetElementsV5
DhcpGetClientInfo
DhcpSetThreadOptions
DhcpAddMScopeElement
DhcpDeleteClientInfo
DhcpGetMibInfo
DhcpGetOptionInfo
DhcpServerBackupDatabase
DhcpScanMDatabase
DhcpRemoveSubnetElement
DhcpEnumOptionsV5
DhcpDeleteMScope
DhcpEnumClasses
DhcpAddServer
DhcpSetServerBindingInfo
DhcpRemoveSubnetElementV4
DhcpSetClientInfoV4
DhcpEnumServers
DhcpSetClientInfo
DhcpDsClearHostServerEntries
DhcpEnumSubnetClients
DhcpEnumMScopeElements
DhcpGetOptionValue
DhcpSetMScopeInfo
DhcpEnumOptionValues
DhcpSetOptionInfoV5
DhcpEnumMScopes
DhcpCreateOptionV5
DhcpAuditLogGetParams
DhcpEnumSubnets
DhcpEnumSubnetClientsV4
DhcpRemoveOptionValueV5
DhcpCreateClass
DhcpDeleteSuperScopeV4

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 388KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c87e4a5400b72b7940cb486a33f2ea7

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

kernel32

d3d8thk

wintrust

dhcpsapi

Sections

.text Size: 139KB - Virtual size: 139KB

.rdata Size: 335KB - Virtual size: 335KB

.data Size: 388KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 139KB - Virtual size: 139KB

.rdata
Size: 335KB - Virtual size: 335KB

.data
Size: 388KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B