440abc3117be594c872e1cbe5a5a7cb0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

440abc3117be594c872e1cbe5a5a7cb0_JaffaCakes118
Size

865KB
MD5

440abc3117be594c872e1cbe5a5a7cb0
SHA1

63c4eac3213d361b3dddcabaf7cf1b86ff034ec4
SHA256

be947d7e306ab3e30641ceb11cd295a12440bcb3bc20f56fed0fc74bf6ac5258
SHA512

3cca14872f30630c43ead9ed61e2ae06a2ad8a8b88a1722081380ad32b5216d419b64789e4d6321db09c73a24794afcea8281ccadb76de16305749c372b88434
SSDEEP

12288:7tyc32EhzVD0S0XtABFzog48mVXC2Bcs7v5nlFcojQzviSk2Bv7MOZEJ2rgv4Z/s:7Qc9zVDZ2tABRq8V2B5be1kgMtkm9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
440abc3117be594c872e1cbe5a5a7cb0_JaffaCakes118

Files

440abc3117be594c872e1cbe5a5a7cb0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ec8ea65c891f85328a1c36d6de7fe9fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcirt

??4stdiostream@@QAEAAV0@AAV0@@Z
?fail@ios@@QBEHXZ
??_Gfstream@@UAEPAXI@Z
??5istream@@QAEAAV0@PAC@Z
??0strstreambuf@@QAE@P6APAXJ@ZP6AXPAX@Z@Z
?lockbuf@ios@@QAAXXZ
??_8ifstream@@7B@
?isfx@istream@@QAEXXZ
??_Gstdiostream@@UAEPAXI@Z
?setbuf@fstream@@QAEPAVstreambuf@@PADH@Z
??_7exception@@6B@
??0istrstream@@QAE@ABV0@@Z
??0istrstream@@QAE@PADH@Z
?overflow@strstreambuf@@UAEHH@Z
??1stdiostream@@UAE@XZ
??_Efstream@@UAEPAXI@Z
?fill@ios@@QBEDXZ
?writepad@ostream@@AAEAAV1@PBD0@Z
??1streambuf@@UAE@XZ
??_Efilebuf@@UAEPAXI@Z
??0strstreambuf@@QAE@ABV0@@Z
??_Eistrstream@@UAEPAXI@Z
?dec@@YAAAVios@@AAV1@@Z
??0ios@@IAE@ABV0@@Z
??5istream@@QAEAAV0@AAM@Z
??0ostrstream@@QAE@ABV0@@Z
??4strstreambuf@@QAEAAV0@ABV0@@Z
?clog@@3Vostream_withassign@@A
?setrwbuf@stdiobuf@@QAEHHH@Z
??_7fstream@@6B@
??1istream_withassign@@UAE@XZ
?setbuf@filebuf@@UAEPAVstreambuf@@PADH@Z
??_8ostream_withassign@@7B@
?rdbuf@strstream@@QBEPAVstrstreambuf@@XZ
??1stdiobuf@@UAE@XZ
??0filebuf@@QAE@ABV0@@Z

sqlunirl

_SearchPath_@24
_GetProfileInt_@12
_CreateWindowStation_@16
_EnumDesktops_@12
_GetFullPathName_@16
_GetCharWidthFloat_@16
_ShellExecute_@24
_DefDlgProc_@16
_RegSetValueEx_@24
_GetEnvironmentVariable_@12
_CreateProcessAsUser_@44
_RegSaveKey_@12
_SetFileSecurity_@12
_LoadLibraryEx_@12
_CreateWaitableTimer_@12
_NDdeShareEnum_@24
newWideCharFromMultiByte
_OpenEvent_@12
_RegDeleteValue_@8
_tsystem
_OpenFile_@12
_CreateMailslot_@16
_AddAtom_@4
newMultiByteFromWideCharEx
_DlgDirListComboBox_@20
_GetClipboardFormatName_@12
_CreateFont@56
_lstrcpyn_@12
_BuildCommDCBAndTimeouts_@12
_DeleteFile@4

advapi32

UnregisterIdleTask
ElfBackupEventLogFileA
IsTokenUntrusted
LsaNtStatusToWinError
OpenSCManagerA
WmiExecuteMethodA
InstallApplication
ObjectPrivilegeAuditAlarmW
CommandLineFromMsiDescriptor
DeregisterEventSource
MakeSelfRelativeSD
RegSetValueExA
BuildImpersonateExplicitAccessWithNameA
GetSecurityDescriptorRMControl
QueryUsersOnEncryptedFile
ElfBackupEventLogFileW
LsaQueryForestTrustInformation
GetSecurityDescriptorControl
LsaRemovePrivilegesFromAccount
AddAccessDeniedObjectAce
ReadEventLogA
WmiQueryAllDataMultipleW
SetPrivateObjectSecurity
LsaGetRemoteUserName
ConvertSecurityDescriptorToAccessNamedW
CryptGetHashParam
InitializeSid
EnumDependentServicesA

clusapi

CloseClusterNetInterface
ClusterGroupOpenEnum
GetClusterNetInterface
ClusterResourceCloseEnum
OpenClusterNode
DeleteClusterResourceType
ClusterNetworkControl
ClusterNodeOpenEnum
OpenClusterNetInterface
ClusterGroupControl
CloseClusterResource
ChangeClusterResourceGroup
ClusterRegEnumValue
ClusterNetworkGetEnumCount
ClusterResourceGetEnumCount
ClusterResourceOpenEnum
ClusterResourceTypeCloseEnum
GetClusterNetInterfaceKey
ClusterRegEnumKey
ClusterGroupEnum
OpenClusterNetwork
GetClusterGroupKey
GetClusterNetInterfaceState
GetClusterFromResource
CanResourceBeDependent
ClusterNetworkEnum
GetClusterFromNetwork
GetClusterNetworkState
PauseClusterNode
CloseClusterGroup
ClusterRegQueryInfoKey
ClusterResourceTypeControl

netapi32

NetGroupAddUser
NetDfsManagerSendSiteInfo
NetServiceInstall
DsRoleDemoteDc
DsRoleUpgradeDownlevelServer
NetApiBufferAllocate
I_BrowserQueryEmulatedDomains
NetReplImportDirGetInfo
I_BrowserResetStatistics
NetValidateName
NetShareAdd
NetApiBufferFree
I_NetServerAuthenticate2
NetGetJoinableOUs
RxRemoteApi
RxNetAccessGetInfo
NetReplImportDirDel
NetLocalGroupDelMember
NetpIsRemote
NetGroupEnum
NetAddAlternateComputerName
DsGetDcNextW
NetUserSetGroups
NetRemoteComputerSupports
NetScheduleJobGetInfo
DsGetDcNameWithAccountA
NlBindingRemoveServerFromCache
NetGroupSetUsers
NetpIsUncComputerNameValid
NetServiceEnum
NetErrorLogRead
NetAlertRaise
DsEnumerateDomainTrustsW
I_NetDatabaseSync2
NetDfsAddFtRoot
NetWkstaTransportAdd
NetAlertRaiseEx
I_NetServerPasswordGet
NetUserAdd
NetpwNameValidate
I_NetServerTrustPasswordsGet

kernel32

DeleteCriticalSection
CompareStringW
GetEnvironmentVariableW
GetQueuedCompletionStatus
SetConsoleCursorMode
GetSystemTime
GetEnvironmentStrings
SystemTimeToFileTime
CancelTimerQueueTimer
FindFirstChangeNotificationA
GetStringTypeA
GetCPInfoExA
RegisterWaitForInputIdle
GetModuleHandleW
GlobalFix
GetCommConfig
BaseDumpAppcompatCache
GetEnvironmentStringsA
LeaveCriticalSection
FindFirstFileW
SetThreadIdealProcessor
EnterCriticalSection
BackupSeek
ExitProcess
EnumerateLocalComputerNamesW
SetThreadPriorityBoost
InitializeCriticalSection
LoadLibraryA
GetProfileSectionW
CreateActCtxA
DnsHostnameToComputerNameA
GetCalendarInfoW
VirtualAlloc
IsWow64Process
GetNumberFormatW
CreateSemaphoreA
CreateTimerQueue
GetStartupInfoA
GetVersionExA
GetLargestConsoleWindowSize
Module32NextW
UnregisterWaitEx
SetSystemTime
SetTermsrvAppInstallMode
GetFileAttributesExW
FillConsoleOutputCharacterA

msdart

?SetDefaultSpinAdjustmentFactor@CSpinLock@@SGXN@Z
?Clear@CLKRHashTable@@QAEXXZ
?IsReadUnlocked@CSmallSpinLock@@QBE_NXZ
??4CDoubleList@@QAEAAV0@ABV0@@Z
?MaxSize@CLKRLinearHashTable@@QBEKXZ
?_H0@CLKRLinearHashTable@@ABEKK@Z
?ReleaseVersionInfo@CMdVersionInfo@@SAXXZ
?ReadOrWriteLock@CFakeLock@@QAE_NXZ
?IsWriteUnlocked@CReaderWriterLock3@@QBE_NXZ
?_RemoveThisFromGlobalList@CLKRHashTable@@AAEXXZ
?_CurrentThreadId@CSpinLock@@CGJXZ
?_AddRefRecord@CLKRLinearHashTable@@ABEXPBXH@Z
mpFree
MpHeapSize
?_CmpExch@CReaderWriterLock3@@AAE_NJJ@Z
?_H1@CLKRLinearHashTable@@CGKKK@Z
?IsValid@CLKRLinearHashTable@@QBE_NXZ
?_WriteLockSpin@CReaderWriterLock@@AAEXXZ
?ReadUnlock@CReaderWriterLock3@@QAEXXZ
?_TryLock@CSmallSpinLock@@AAE_NXZ
?GetDefaultSpinCount@CSmallSpinLock@@SGGXZ
??4CFakeLock@@QAEAAV0@ABV0@@Z
?WriteLock@CReaderWriterLock2@@QAEXXZ
?_DeleteRecord@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@PBXK@Z
??1CLKRHashTable@@QAE@XZ
?WriteUnlock@CLKRLinearHashTable@@QBEXXZ
?_H1@CLKRLinearHashTable@@ABEKK@Z
?GetDefaultSpinAdjustmentFactor@CCritSec@@SGNXZ
?_EqualKeys@CLKRLinearHashTable@@ABE_NKK@Z
?ConvertSharedToExclusive@CLKRHashTable@@QBEXXZ

msvcrt20

_wcsnicmp
_strrev
_mbsnbcmp
??0ifstream@@QAE@H@Z
??0ostream@@QAE@PAVstreambuf@@@Z
?put@ostream@@QAEAAV1@C@Z
_execve
fputws
?open@ofstream@@QAEXPBDHH@Z
_initterm
?in_avail@streambuf@@QBEHXZ
??4ostream_withassign@@QAEAAVostream@@ABV1@@Z
_popen
atol
??_7ostream@@6B@
tmpnam
_ismbcsymbol
putwc
_lseek
_wsetlocale
?delbuf@ios@@QBEHXZ
localtime
?oct@@YAAAVios@@AAV1@@Z
_fputwchar
free
_mbsnccnt
??_Gstdiobuf@@UAEPAXI@Z
??0istream@@IAE@ABV0@@Z
_creat
??4stdiostream@@QAEAAV0@AAV0@@Z
swscanf
qsort
_cexit
putwchar
??_8stdiostream@@7Bostream@@@
_ismbcspace
__p__wcmdln
?tie@ios@@QBEPAVostream@@XZ
_fcvt
??1ostrstream@@UAE@XZ
_wpopen

msvcp60

??1?$basic_fstream@DU?$char_traits@D@std@@@std@@UAE@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
??Kstd@@YA?AV?$complex@M@0@ABV10@ABM@Z
_Dnorm
?do_tolower@?$ctype@D@std@@MBEPBDPADPBD@Z
?_Doraise@length_error@std@@MBEXXZ
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?_Getcat@?$_Mpunct@G@std@@SAIXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
_LPoly
?do_date_order@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MBEHXZ
??4?$_Complex_base@O@std@@QAEAAV01@ABV01@@Z
??_7bad_cast@std@@6B@
_LInf
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??_Fmoney_base@std@@QAEXXZ
?copyfmt@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEAAV12@ABV12@@Z
?ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??Hstd@@YA?AV?$complex@N@0@ABNABV10@@Z
??4?$numeric_limits@E@std@@QAEAAV01@ABV01@@Z
?_Nanv@?$_Ctr@O@std@@SAOO@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@AAD@Z
?do_pos_format@?$_Mpunct@D@std@@MBE?AUpattern@money_base@2@XZ
??9std@@YA_NABV?$complex@M@0@0@Z
??Pstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?good@ios_base@std@@QBE_NXZ
_Wcrtomb

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 527KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec8ea65c891f85328a1c36d6de7fe9fc

Headers

DLL Characteristics

File Characteristics

Imports

msvcirt

sqlunirl

advapi32

clusapi

netapi32

kernel32

msdart

msvcrt20

msvcp60

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 286KB - Virtual size: 286KB

.data Size: 527KB - Virtual size: 1.9MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 988B

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 286KB - Virtual size: 286KB

.data
Size: 527KB - Virtual size: 1.9MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 988B