4355ea208c7d94a90d0cdc3b6b9a3214_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4355ea208c7d94a90d0cdc3b6b9a3214_JaffaCakes118
Size

576KB
MD5

4355ea208c7d94a90d0cdc3b6b9a3214
SHA1

619fdbaf7b2375d28c52c8659ab601acb2d4a0c3
SHA256

18a4593783de458fdca6f3e0cbf476a0634d34e18ccbc34bdca1ddd86707959b
SHA512

3e707a509541e69444821df5ec572c0f674a9920c7e05b0e774de7be87595a7f86a10bfa0899ffef74aaa01671d229e3fd35bf788ef86520965b4cb6bcb591ca
SSDEEP

12288:9HPaQVfXD7pRrVcnVFCMqoImqAZBIIkPNOPEx:9PvVfgan1AQhNWEx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4355ea208c7d94a90d0cdc3b6b9a3214_JaffaCakes118

Files

4355ea208c7d94a90d0cdc3b6b9a3214_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1e6b62fc64408c2fe045e8c4e6bd1e7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

BaseQueryModuleData
WideCharToMultiByte
GetVolumeNameForVolumeMountPointW
GetDllDirectoryW
LZCopy
GenerateConsoleCtrlEvent
ReleaseMutex
SetTimeZoneInformation
RegisterConsoleIME
SetErrorMode
GetEnvironmentVariableA
VerifyVersionInfoW
GetCPInfoExA
AddVectoredExceptionHandler
WritePrivateProfileStringA
GetPrivateProfileIntW
MoveFileWithProgressW
CreateProcessInternalA
SetLocaleInfoA
lstrcmpiW
IsDebuggerPresent
Sleep
SleepEx
MapViewOfFileEx
EnumUILanguagesW
PrepareTape
DebugBreak
TermsrvAppInstallMode
CloseHandle
GetVolumePathNameW
GetDiskFreeSpaceA
IsSystemResumeAutomatic
GetCommProperties
GetSystemTimes
LockFile
GetComputerNameA
TransmitCommChar
GetConsoleAliasExesA
SetConsoleCursorInfo
_llseek
VirtualAlloc
AddLocalAlternateComputerNameA
FindFirstVolumeA
Thread32Next
GetConsoleCharType
GetProcAddress

user32

CountClipboardFormats
GetAltTabInfoW
DestroyMenu
ShowWindow
DeregisterShellHookWindow
TrackPopupMenuEx
DdeGetLastError
GetWindowPlacement
UserRealizePalette
GetCursor
DdeAbandonTransaction
CopyIcon
DlgDirListA
SetRect
SetClassWord
DestroyIcon
LoadMenuIndirectA
GetWindowModuleFileNameA
GetDoubleClickTime
GetScrollRange
CreateMenu
GetClipboardFormatNameA
MessageBoxExA
LoadImageA
DdeQueryStringA
CharPrevW
MessageBeep
SendDlgItemMessageA
ReasonCodeNeedsComment
UnpackDDElParam
IsCharAlphaA
OpenDesktopA
ChildWindowFromPoint
EditWndProc
wsprintfA
GetWindowThreadProcessId
DefDlgProcA
GetProgmanWindow
AppendMenuW
GetMenuState
LoadIconA
ScrollChildren
LoadCursorW
BuildReasonArray
CalcMenuBar
SendMessageTimeoutW
HideCaret
EnterReaderModeHelper
CharUpperA
CallMsgFilterA
SetWindowsHookExW
GetLastInputInfo
TranslateAcceleratorW
InflateRect
SetInternalWindowPos
PaintMenuBar
DefMDIChildProcA
GetUserObjectInformationA
SwitchToThisWindow
RecordShutdownReason
LockWindowStation
MonitorFromRect

winscard

SCardGetAttrib
SCardReleaseNewReaderEvent
SCardBeginTransaction
SCardAddReaderToGroupW
SCardForgetReaderGroupW
SCardListReaderGroupsA
SCardGetCardTypeProviderNameA
SCardConnectW
SCardSetCardTypeProviderNameA
SCardSetCardTypeProviderNameW
SCardIsValidContext
SCardFreeMemory
SCardForgetCardTypeW
g_rgSCardRawPci
SCardStatusA
SCardRemoveReaderFromGroupW
SCardAccessNewReaderEvent
SCardCancel
SCardForgetReaderGroupA
SCardListInterfacesW
SCardStatusW
SCardGetStatusChangeA
SCardSetAttrib
SCardAddReaderToGroupA
SCardLocateCardsA
SCardGetProviderIdW

lsasrv

LsaIImpersonateClient
LsaIFreeReturnBuffer
LsaIHealthCheck
LsaIRegisterNotification
LsaIFree_LSA_FOREST_TRUST_INFORMATION
LsaIQuerySiteInfo
LsaIFree_LSAP_SUBNET_INFO
LsaILookupWellKnownName
LsarClose
LsaIAuditKerberosLogon
LsarQueryInformationPolicy
LsaIWriteAuditEvent
LsarQuerySecret
LsaIGetSiteName
LsaISafeMode
LsaIFree_LSAPR_SR_SECURITY_DESCRIPTOR
LsaIFreeHeap
LsaICryptProtectData
LsaIFree_LSAPR_POLICY_DOMAIN_INFORMATION
LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER
LsaIAuditAccountLogon
LsaIFree_LSA_FOREST_TRUST_COLLISION_INFORMATION
LsapAuOpenSam
LsaISetLogonGuidInLogonSession
LsaIFree_LSAPR_CR_CIPHER_VALUE
LsaIFree_LSAP_SITE_INFO
LsaIFree_LSAPR_TRUST_INFORMATION
ServiceInit
LsaIKerberosRegisterTrustNotification
LsaIAuditLogonUsingExplicitCreds
LsaIFree_LSAP_UPN_SUFFIXES

odbcbcp

bcp_batch
bcp_moretext
bcp_colptr
bcp_exec
bcp_readfmtA
SQLLinkedCatalogsA
SQLLinkedCatalogsW
bcp_colfmt
dbprtypeW
bcp_writefmtW
bcp_sendrow
bcp_setcolfmt
LibMain
bcp_initW
bcp_writefmtA
dbprtypeA
bcp_initA
bcp_readfmtW
SQLInitEnumServers
bcp_done
bcp_columns
bcp_bind
bcp_collen
SQLCloseEnumServers
bcp_getcolfmt
SQLLinkedServers
SQLGetNextEnumeration
bcp_control

msvcrt40

?sputc@streambuf@@QAEHH@Z
_fpieee_flt
_rmtmp
atoi
??_Gostream@@UAEPAXI@Z
?pbump@streambuf@@IAEXH@Z
??5istream@@QAEAAV0@AAF@Z
??_7ifstream@@6B@
?what@exception@@UBEPBDXZ
_fcloseall
__fpecode
_mbcjistojms
?peek@istream@@QAEHXZ
strspn
sprintf
??_Eistream@@UAEPAXI@Z
_mbsncmp
?_query_new_mode@@YAHXZ
_wcmdln
iswdigit
?get@istream@@QAEAAV1@AAC@Z
?flush@@YAAAVostream@@AAV1@@Z
_fmode
_fileinfo
ftell
_strncoll
??0istream@@QAE@PAVstreambuf@@@Z
__p__timezone
??_8istream_withassign@@7B@
??0ofstream@@QAE@XZ
_stricoll
_chdrive
??_7ofstream@@6B@
_ismbslead
_strnset
_heapset

msvcp60

??_7?$moneypunct@G$0A@@std@@6B@
??4_Timevec@std@@QAEAAV01@ABV01@@Z
?capacity@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??_F?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??_8?$basic_fstream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
?_Init@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
?_Getcat@?$collate@D@std@@SAIXZ
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?cosh@std@@YA?AV?$complex@N@1@ABV21@@Z
?_Init@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
?imag@std@@YAOABV?$complex@O@1@@Z
??0bad_cast@std@@QAE@ABV01@@Z
?setf@ios_base@std@@QAEHHH@Z
?ldexp@?$_Ctr@N@std@@SANNH@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
_Stold
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?grouping@?$numpunct@G@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDF@Z
??0locale@std@@QAE@ABV01@@Z

rpcrt4

RpcServerUseProtseqA
RpcServerUseProtseqEpExA
NdrByteCountPointerMarshall
RpcMgmtInqDefaultProtectLevel
RpcEpUnregister
NdrMapCommAndFaultStatus
RpcErrorResetEnumeration
RpcNsBindingInqEntryNameA
NdrConformantStringBufferSize
NdrComplexArrayMemorySize
NdrMesTypeDecode
I_RpcAsyncSetHandle
NdrServerInitialize
NdrStubCall
MesDecodeIncrementalHandleCreate
NdrFreeBuffer
I_RpcConnectionSetSockBuffSize
UuidToStringA
NdrServerInitializeMarshall
NdrConformantStructUnmarshall
NdrContextHandleInitialize
NdrOutInit
RpcBindingInqAuthInfoW
RpcServerUnregisterIfEx
NdrClientContextMarshall
RpcBindingVectorFree
UuidCreateNil
SimpleTypeAlignment
RpcSsSetClientAllocFree
I_RpcBindingCopy
data_from_ndr
RpcMgmtEpEltInqBegin

ntdll

RtlQueryAtomInAtomTable
VerSetConditionMask
RtlCreateTimer
ZwSetContextThread
RtlCheckForOrphanedCriticalSections
RtlDeleteAtomFromAtomTable
RtlDnsHostNameToComputerName
NtSetSecurityObject
RtlAddCompoundAce
NtSetInformationFile
ZwFlushKey
ZwWaitLowEventPair
NtRequestWaitReplyPort
wcscpy
DbgUiIssueRemoteBreakin
RtlCreateEnvironment
RtlInitializeContext
_allshr
RtlComputeImportTableHash
RtlGetLastWin32Error
atan
RtlTimeToSecondsSince1970
ZwResetWriteWatch
NtQueryInformationPort
RtlUnhandledExceptionFilter
ZwLockRegistryKey
NtReadVirtualMemory
NtQuerySecurityObject
RtlDestroyProcessParameters
NtSaveKey
RtlEnumerateGenericTableAvl
NtAccessCheckByTypeResultList
RtlConvertSharedToExclusive
RtlAddAttributeActionToRXact
RtlSetHeapInformation
NtFilterToken
RtlSubtreeSuccessor
RtlPinAtomInAtomTable
RtlSetIoCompletionCallback
RtlZeroMemory
RtlSetInformationAcl
LdrShutdownThread

cmdial32

CmReConnect
RasCustomDialDlg
RasCustomHangUp
_AutoDialFunc@16
CmCustomDialDlg
CmCustomHangUp
InetDialHandler
AutoDialFunc
RasCustomEntryDlg
RasCustomDeleteEntryNotify
RasCustomDial
_InetDialHandler@16

opengl32

glTexCoord1d
glNewList
glNormal3s
glColor3ub
glTexParameteri
glInterleavedArrays
glRasterPos2d
glColor4f
glColor3d
glLightModelfv
GlmfBeginGlsBlock
glTexSubImage1D
glFinish
glVertex2dv
glVertex2fv
glVertex3dv
glTexGendv
glColor3uiv
glTexCoord3sv
glIsList
glTexCoord3f
glPixelZoom
glNormal3d
glEvalCoord1fv
glColorPointer
glVertex3fv
glVertex2d
glLineStipple
glTexCoord3dv
glVertex4d
glNormal3iv
glEvalMesh1
glEdgeFlag
glBindTexture
glSelectBuffer
glLightiv
glColor3b
glMateriali
glTexCoord1s
glEndList
glLoadMatrixd
glLogicOp
glTexCoord3d
glColor4usv
glRotatef
glGetIntegerv

docprop

DllGetClassObject
DllCanUnloadNow

Sections

.text
Size: 342KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1e6b62fc64408c2fe045e8c4e6bd1e7d

Headers

File Characteristics

Imports

kernel32

user32

winscard

lsasrv

odbcbcp

msvcrt40

msvcp60

rpcrt4

ntdll

cmdial32

opengl32

docprop

Sections

.text Size: 342KB - Virtual size: 341KB

.rdata Size: 122KB - Virtual size: 121KB

.data Size: 111KB - Virtual size: 112KB

.text
Size: 342KB - Virtual size: 341KB

.rdata
Size: 122KB - Virtual size: 121KB

.data
Size: 111KB - Virtual size: 112KB