4135118ba7ded1f49cd7fcbd2fbc4804_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4135118ba7ded1f49cd7fcbd2fbc4804_JaffaCakes118
Size

867KB
MD5

4135118ba7ded1f49cd7fcbd2fbc4804
SHA1

648e8e821e61f10198c3b727a4fc6a6d81e3fb07
SHA256

5701c81bc38b6e1f6887e8fadfd9941469f7b439260e536f0a81462ef11d227b
SHA512

15a1cfaf449a5ce23fd2f850a9314e1f0d2289fcecd3d1a532c0cdfe7f0b7a1c35292820eda4a1be701379c71c5b78a8e811270d935185a84965dc04e3c891ef
SSDEEP

24576:XA4/oklrUTzDSnMXr6nYAUjte3Iauve0le:Xr1rUL5GajQBPc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4135118ba7ded1f49cd7fcbd2fbc4804_JaffaCakes118

Files

4135118ba7ded1f49cd7fcbd2fbc4804_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0212b726e6ac7447afe9898ea2b3e4cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msdart

?sm_dblDfltSpinAdjFctr@CSmallSpinLock@@1NA
?TryWriteLock@CReaderWriterLock3@@QAE_NXZ
?ReadOrWriteUnlock@CSpinLock@@QAEX_N@Z
?SetSpinCount@CSpinLock@@QAE_NG@Z
MPInitializeCriticalSectionAndSpinCount
?ReadUnlock@CLKRHashTable@@QBEXXZ
?IsReadUnlocked@CReaderWriterLock2@@QBE_NXZ
?sm_pfnTryEnterCriticalSection@CCriticalSection@@0P6GHPAU_RTL_CRITICAL_SECTION@@@ZA
?_TryWriteLock@CReaderWriterLock@@AAE_NXZ
?NumSubTables@CLKRLinearHashTable@@QBEHXZ
?SetSpinCount@CReaderWriterLock@@QAE_NG@Z
?InitializeVersionInfo@CMdVersionInfo@@CAHXZ
?_EqualKeys@CLKRLinearHashTable@@ABE_NKK@Z
?SetDefaultSpinCount@CFakeLock@@SGXG@Z
?IsWriteUnlocked@CReaderWriterLock2@@QBE_NXZ
?IsEmpty@CLockedDoubleList@@QBE_NXZ
?RemoveEntry@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?IsWriteUnlocked@CSmallSpinLock@@QBE_NXZ
?sm_dblDfltSpinAdjFctr@CSpinLock@@1NA
?IsEmpty@CSingleList@@QBE_NXZ
?IsReadLocked@CReaderWriterLock@@QBE_NXZ
?_TryReadLock@CReaderWriterLock2@@AAE_NXZ
?ReleaseVersionInfo@CMdVersionInfo@@SAXXZ
?IsReadLocked@CLKRHashTable@@QBE_NXZ
??4CSmallSpinLock@@QAEAAV0@ABV0@@Z
??4CLockedDoubleList@@QAEAAV0@ABV0@@Z
?IsWriteLocked@CReaderWriterLock@@QBE_NXZ
?ReadLock@CReaderWriterLock3@@QAEXXZ
?sm_wDefaultSpinCount@CCritSec@@1GA
?SetDefaultSpinCount@CReaderWriterLock3@@SGXG@Z
?IsReadUnlocked@CSmallSpinLock@@QBE_NXZ

msoert2

GetHtmlCharset
UlStripWhitespace
PVGetCertificateParam
CrackNotificationPackage
HrCheckTridentMenu
ReplaceCharsW
FIsSpaceA
AppendTempFileList
CenterDialog
PszMonthFromIndex
GetDllMajorVersion
CreateTempFile
HrLPSZCPToBSTR
PszToUnicode
FIsValidFileNameCharW
HrStreamToByte
FBuildTempPath
GenerateUniqueFileName
CreateSystemHandleName
PVDecodeObject
HrFillRasCombo
HrGetElementImpl
PszSkipWhiteW
WriteStreamToFile
HrDecodeObject
PszScanToCharA
PVGetMsgParam
CreateEnumFormatEtc
HrGetCertKeyUsage
OpenFileStreamShare
HrIndexOfWeek
FBuildTempPathW

opengl32

glColor3uiv
glGetTexGeniv
glAlphaFunc
glRasterPos3sv
glRasterPos2dv
glColorMaterial
glListBase
glStencilOp
glMaterialfv
glTexCoord4dv
glRasterPos4f
glRectd
glTexCoord4s
GlmfEndGlsBlock
glPixelMapuiv
wglGetCurrentDC
glDisable
glTexCoord3d
glPushClientAttrib
glLoadMatrixf
glIndexiv
glVertex3sv
glPrioritizeTextures
glGetMapfv
glCopyTexImage2D
glColor4usv
glGetString
glMap1f
glRasterPos3iv
glPushAttrib
glPopName
glEdgeFlagv
glPopClientAttrib
glColor3f
glNormal3bv
glVertex2i
glTexCoord2fv
glGetMaterialfv
glNormal3dv
glDrawPixels

advapi32

CryptSetProviderExA
SystemFunction007
AllocateAndInitializeSid
GetSecurityInfo
EncryptedFileKeyInfo
WmiExecuteMethodW
RegReplaceKeyA
CredFree
ElfDeregisterEventSource
OpenSCManagerA
WmiDevInstToInstanceNameW
BuildImpersonateTrusteeW
SaferGetLevelInformation
ElfReportEventW
BuildImpersonateExplicitAccessWithNameA
GetUserNameA
A_SHAFinal
MakeAbsoluteSD2
BuildTrusteeWithNameW
CredGetTargetInfoA
RegQueryMultipleValuesA
ElfOldestRecord
WmiExecuteMethodA
SetNamedSecurityInfoA
SetSecurityDescriptorDacl
ChangeServiceConfig2W
CreateProcessWithLogonW
RegQueryInfoKeyW
RegSaveKeyExW
I_ScIsSecurityProcess
FileEncryptionStatusA
LsaSetSystemAccessAccount
RegOpenUserClassesRoot
SystemFunction006
LsaGetUserName
SetEntriesInAccessListA
ConvertSidToStringSidA
MakeSelfRelativeSD

oleaut32

VarUI4FromUI8
BstrFromVector
VarBstrFromBool
LPSAFEARRAY_UserFree
VarTokenizeFormatString
OleLoadPictureFileEx
VarUdateFromDate
VarDecFromCy
VarI4FromStr
VarI2FromUI4
VarUI4FromI4
VarR4FromUI4
VarUI4FromDec
VarI2FromI1
VarUI2FromI8
VarI4FromCy
GetRecordInfoFromTypeInfo
SafeArrayCreateVector
VarDecNeg
VarI4FromI2
VarI2FromI8
VarUI2FromStr
VarDecFromUI4
SysReAllocString
VarCmp
VarBstrFromUI4
VarEqv

kernel32

OpenEventA
SetConsoleCursor
GetModuleHandleExW
VirtualQuery
GetCurrentThread
DebugBreakProcess
VirtualAlloc
GlobalMemoryStatusEx
InvalidateConsoleDIBits
Module32First
GetEnvironmentStringsA
SetTapePosition
FlushFileBuffers
IsBadStringPtrW
ActivateActCtx
CreateHardLinkW
GetTempPathW
GlobalAlloc
SetLastError
Thread32First
DeleteTimerQueueEx
IsDBCSLeadByte
GetNamedPipeHandleStateA
EnumUILanguagesW
GetProfileStringW
InterlockedIncrement
LZRead
OpenFile
GetVolumePathNamesForVolumeNameA
ConnectNamedPipe
GetLastError
OpenFileMappingA
FindCloseChangeNotification
LocalReAlloc
OpenWaitableTimerA
LoadLibraryA
GetVolumePathNameA
GetCommModemStatus
Heap32ListFirst
GetConsoleCommandHistoryLengthA

rasman

RasIsTrustedCustomDll
IsRasmanProcess
RasActivateRoute
RasPortGetBundledPort
RasSetCalledIdInfo
RasActivateRouteEx
RasGetHConnFromEntry
RasPortOpen
RasDeviceGetInfo
RasConnectionGetStatistics
RasBundleGetStatistics
RasGetBuffer
RasSendNotification
RasPortSetFraming
RasConnectionEnum
RasSetKey
RasSecurityDialogReceive
RasSetDeviceConfigInfo
RasRpcGetUserPreferences
RasDeviceEnum
RasRpcEnumConnections
RasRpcGetErrorString
RasPortSetInfo
RasGetNumPortOpen
RasPortGetProtocolCompression
RasStartRasAutoIfRequired
RasFreeBuffer
RasPortEnumProtocols
RasPortBundle
RasPortReceiveEx
RasPortGetStatisticsEx
RasmanUninitialize
RasGetHportFromConnection
RasPortOpenEx

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 419KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 257KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0212b726e6ac7447afe9898ea2b3e4cb

Headers

DLL Characteristics

File Characteristics

Imports

msdart

msoert2

opengl32

advapi32

oleaut32

kernel32

rasman

Sections

.text Size: 188KB - Virtual size: 188KB

.rdata Size: 419KB - Virtual size: 420KB

.data Size: 512B - Virtual size: 1.7MB

.rsrc Size: 257KB - Virtual size: 260KB

.reloc Size: 1KB - Virtual size: 4KB

.text
Size: 188KB - Virtual size: 188KB

.rdata
Size: 419KB - Virtual size: 420KB

.data
Size: 512B - Virtual size: 1.7MB

.rsrc
Size: 257KB - Virtual size: 260KB

.reloc
Size: 1KB - Virtual size: 4KB