45e06a0c614398ba6bf71a3e9b30f92c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

45e06a0c614398ba6bf71a3e9b30f92c_JaffaCakes118
Size

32KB
MD5

45e06a0c614398ba6bf71a3e9b30f92c
SHA1

31ed5a48681b12920a96ab614a773f4b2f1e0a8f
SHA256

49d52ac7a72a1609566ce52b7acbee5572ea1869e69119a6c232804cad788269
SHA512

0a759504548306b8c6e7e87e9fbd70f44f905f8cbbecd1ce808a9ea3f80700d8593ffc073b80b5d3f84648ff6d349a0bba4fe720d7258a78d3d990985f08bd12
SSDEEP

384:MbCaQHk0QHY+redDvJUVXKEChVaesv0Mv6o51+0lv1PBr/xEWDQleQcKbtmD0AiC:MbD0kWICa0hU7Zj3+G5e1lebD0/DkfZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45e06a0c614398ba6bf71a3e9b30f92c_JaffaCakes118

Files

45e06a0c614398ba6bf71a3e9b30f92c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

dfa88b3d0b6791af31521a062a22956d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfcsubs

?MakeLower@CString@@QAEXXZ
??0CString@@QAE@PBE@Z
?RemoveAt@CStringArray@@QAEXHH@Z
?InsertAt@CStringArray@@QAEXHPBGH@Z
?Release@CString@@IAEXXZ
?Init@CString@@IAEXXZ
??0CString@@QAE@XZ
??1CSyncObject@@UAE@XZ
??_7CCriticalSection@@6B@
?Unlock@CSyncObject@@UAEHJPAJ@Z
?ConcatCopy@CString@@IAEXHPBGH0@Z
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
??0CObject@@IAE@XZ
?GetAssocAt@CMapStringToPtr@@IBEPAUCAssoc@1@PBGAAI@Z
??_7CObject@@6B@
?GetLength@CString@@QBEHXZ
?GetData@CStringArray@@QAEPAVCString@@XZ
??M@YG_NPBGABVCString@@@Z
??4CString@@QAEABV0@PBE@Z
?ReleaseBuffer@CString@@QAEXH@Z
?UnlockBuffer@CString@@QAEXXZ
??YCString@@QAEABV0@PBG@Z
??0CString@@QAE@GH@Z
??0CCriticalSection@@QAE@XZ
?Mid@CString@@QBE?AV1@HH@Z
?Copy@CStringArray@@QAEXABV1@@Z
??YCString@@QAEABV0@D@Z

lsasrv

LsaINotifyNetlogonParametersChangeW
LsaIKerberosRegisterTrustNotification
LsaIAuditAccountLogon
LsarOpenSecret
LsaIUnregisterAllPolicyChangeNotificationCallback
LsaISetLogonGuidInLogonSession
LsaIFreeHeap
LsaIFree_LSA_FOREST_TRUST_INFORMATION
LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER
LsaIFree_LSAPR_ACCOUNT_ENUM_BUFFER
LsaIGetNbAndDnsDomainNames
LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER_EX
LsarQueryDomainInformationPolicy
LsaISetupWasRun
LsapInitLsa
LsaICallPackage
LsaIQueryForestTrustInfo
LsarEnumerateTrustedDomainsEx
LsaIFree_LSAP_SITE_INFO
LsaIRegisterPolicyChangeNotificationCallback
LsaICryptProtectData
LsaIFreeReturnBuffer
LsarSetSecret
LsarQueryInformationPolicy

dbnmpntw

ConnectionStatus
ConnectionOpenW
ConnectionOpen
ConnectionServerEnumW
ConnectionVer
ConnectionServerEnum
ConnectionWrite
ConnectionMode
ConnectionTransact
ConnectionRead
ConnectionCheckForData
ConnectionObjectSize
ConnectionError
ConnectionWriteOOB
ConnectionErrorW
ConnectionClose

opengl32

glIndexs
glTexCoord1d
glPolygonMode
glFeedbackBuffer
glRasterPos3f
glPopAttrib
glLightModeli
glRectfv
glRectf
glPixelMapfv
glRasterPos2d
glGetString
wglSetLayerPaletteEntries
glVertex3iv
glColor4b
GlmfBeginGlsBlock
glEdgeFlag
glFogf
glTexEnvfv
glVertex2iv
glIndexsv
glRotatef
glRasterPos4f
glTexGenfv
glIndexPointer
glRasterPos4d

msdart

?IsReadLocked@CReaderWriterLock@@QBE_NXZ
?Push@CLockedSingleList@@QAEXQAVCSingleListEntry@@@Z
?Lock@CLockedDoubleList@@QAEXXZ
SetMemHook
_DllMain@12
?SetSpinCount@CReaderWriterLock@@QAE_NG@Z
?IsWinNT4@CMdVersionInfo@@SAHXZ
MpHeapCreate
?Clear@CLKRHashTable@@QAEXXZ
?IsWriteUnlocked@CCritSec@@QBE_NXZ
?ReadLock@CLKRLinearHashTable@@QBEXXZ
?TryReadLock@CSmallSpinLock@@QAE_NXZ
?HeadNode@CDoubleList@@QBEQBVCListEntry@@XZ
?TryReadLock@CReaderWriterLock3@@QAE_NXZ
?sm_dblDfltSpinAdjFctr@CFakeLock@@1NA
?sm_dblDfltSpinAdjFctr@CReaderWriterLock@@1NA
??0CLockedDoubleList@@QAE@XZ
??4CFakeLock@@QAEAAV0@ABV0@@Z
?WriteUnlock@CReaderWriterLock3@@QAEXXZ
?Unlock@CLockedDoubleList@@QAEXXZ
?CreateHolder@@YGJPAUIGPDispenser@@HIPAPAUIGPHolder@@@Z
?IsReadLocked@CLKRLinearHashTable@@QBE_NXZ
??0CLKRHashTableStats@@QAE@XZ
?GetSpinCount@CSpinLock@@QBEGXZ
?IsReadUnlocked@CReaderWriterLock2@@QBE_NXZ
?sm_lpOSVERSIONINFO@CMdVersionInfo@@0PAU_OSVERSIONINFOW@@A
?SetBucketLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
?SetSpinCount@CCritSec@@SGKPAPAVCCriticalSection@@K@Z

msi

MsiDatabaseExportA
MsiProvideComponentA
MsiGetPropertyA
MsiDatabaseCommit
MsiEnumClientsW
MsiGetProductCodeFromPackageCodeW
MsiGetActiveDatabase
MsiOpenPackageExW
MsiInstallProductW
MsiCreateTransformSummaryInfoA
MsiConfigureProductW
MsiFormatRecordW
MsiEnumComponentCostsA
DllCanUnloadNow
MsiLocateComponentA
MsiSummaryInfoGetPropertyA
MsiOpenProductW
MsiSourceListForceResolutionA
MsiOpenPackageW
MsiViewExecute
MsiEvaluateConditionW
MsiEnumFeaturesW
MsiEvaluateConditionA

kernel32

ClearCommError
VirtualAlloc
ConvertThreadToFiber
GetSystemDefaultLangID
FindCloseChangeNotification
RequestDeviceWakeup
VirtualProtectEx
WriteConsoleInputW
GetConsoleSelectionInfo
QueryDepthSList
OpenSemaphoreA
BaseFlushAppcompatCache
HeapSummary
GetNumberFormatW
FindNextFileA
GlobalHandle
DeleteFileA
SystemTimeToTzSpecificLocalTime
CreateProcessInternalW
CreateHardLinkA
ReleaseMutex
RegisterWaitForSingleObject
BackupSeek
RequestWakeupLatency
lstrcmpiA
GetConsoleOutputCP
SetSystemPowerState
DeviceIoControl

esent

JetGetLS
JetOpenTempTable
JetSetSystemParameter
JetTruncateLogInstance
JetConvertDDL
JetGetLogInfo
JetCloseDatabase@12
JetUpgradeDatabase
JetFreeBuffer
JetDupCursor
JetGetTableIndexInfo
JetOSSnapshotFreeze
JetEndSession@8
JetBeginTransaction@4
JetResetTableSequential
JetOpenDatabase
JetGetCursorInfo
JetMakeKey@20
JetDBUtilities
JetCreateIndex2
JetUpdate@20
JetRestore2
JetRestoreInstance
JetGetInstanceInfo
JetIdle
JetCommitTransaction@8
JetInit@4
JetRenameTable
JetCreateDatabaseWithStreaming
JetCloseFileInstance
JetSetCurrentIndex4
JetStopServiceInstance
JetEndExternalBackupInstance
JetGetVersion
JetStopBackupInstance
JetDeleteIndex
JetGetAttachInfo
JetEndExternalBackupInstance2
JetUpdate

msvcirt

??4istream_withassign@@QAEAAVistream@@ABV1@@Z
??_7ios@@6B@
?get@istream@@QAEAAV1@PAEHD@Z
??0strstreambuf@@QAE@PADH0@Z
?is_open@ofstream@@QBEHXZ
?adjustfield@ios@@2JB
?x_curindex@ios@@0HA
??_8ostream@@7B@
?ends@@YAAAVostream@@AAV1@@Z
??_8iostream@@7Bistream@@@
?read@istream@@QAEAAV1@PAEH@Z
?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
??4Iostream_init@@QAEAAV0@ABV0@@Z
??_7strstreambuf@@6B@
?seekoff@stdiobuf@@UAEJJW4seek_dir@ios@@H@Z
?openprot@filebuf@@2HB
??0ostream@@QAE@PAVstreambuf@@@Z
??_Gstreambuf@@UAEPAXI@Z
??1stdiostream@@UAE@XZ
?eback@streambuf@@IBEPADXZ
?dec@@YAAAVios@@AAV1@@Z
??0istream@@IAE@XZ
?setf@ios@@QAEJJ@Z
??_Dofstream@@QAEXXZ
??4ifstream@@QAEAAV0@ABV0@@Z
??5istream@@QAEAAV0@AAG@Z
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
?sbumpc@streambuf@@QAEHXZ
?rdstate@ios@@QBEHXZ
??_Giostream@@UAEPAXI@Z
?setbuf@fstream@@QAEPAVstreambuf@@PADH@Z
??_Gexception@@UAEPAXI@Z
??_8ifstream@@7B@
?pcount@ostrstream@@QBEHXZ
??4ostrstream@@QAEAAV0@ABV0@@Z
??6ostream@@QAEAAV0@PBC@Z
??_Eistrstream@@UAEPAXI@Z
??0exception@@QAE@XZ
??_Estdiobuf@@UAEPAXI@Z
??1exception@@UAE@XZ
??5istream@@QAEAAV0@AAC@Z
??_7ofstream@@6B@
?rdbuf@ios@@QBEPAVstreambuf@@XZ
?pptr@streambuf@@IBEPADXZ

oleaut32

DispCallFunc
VarCyFromBool
VarUI1FromI8
VarI2FromUI2
VarCyMul
SafeArrayCopyData
VarI4FromR8
VarMod
VarCyFromR4
SysAllocStringLen
VariantClear
VarUI8FromStr
SysStringLen
VarUI4FromI4
VarBoolFromR4
VarBoolFromDate
VarUI8FromR4
VarR4FromUI2
SafeArrayUnlock
VarCyInt
SafeArrayDestroyDescriptor
VarI8FromCy
SafeArrayGetRecordInfo
LoadRegTypeLib
VarI2FromBool
VarI1FromDisp
VarR4CmpR8
VarI2FromI4
VarCyFromI2
VarTokenizeFormatString
VarR8FromUI8
VarCyFromI1
VarI2FromUI1
VarUI1FromUI4
VarPow

msvcrt40

??6ostream@@QAEAAV0@H@Z
??_Estdiostream@@UAEPAXI@Z
??4istream@@IAEAAV0@PAVstreambuf@@@Z
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
_ismbcl2
_longjmpex
_execve
_msize
?set_new_handler@@YAP6AXXZP6AXXZ@Z
_CIacos
?what@exception@@UBEPBDXZ
wcstoul
mbstowcs
??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z
?flush@@YAAAVostream@@AAV1@@Z
??0strstreambuf@@QAE@P6APAXJ@ZP6AXPAX@Z@Z
?seekoff@filebuf@@UAEJJW4seek_dir@ios@@H@Z
_exit
??9type_info@@QBEHABV0@@Z
??_Eistream@@UAEPAXI@Z
_ismbcalpha
_wfindnexti64
__p__pctype
_wtol
_fcloseall
?out_waiting@streambuf@@QBEHXZ
_wperror

dbghelp

SymLoadModule64
vc7fpo
SymGetModuleInfo
FindExecutableImageEx
SymFromAddr
SymGetSymNext64
GetTimestampForLoadedLibrary
SymMatchString
SymUnloadModule
SymEnumSourceFiles
SymEnumTypes
ImagehlpApiVersionEx
srcfiles
UnmapDebugInformation
SymGetLineFromName64
SymEnumerateSymbols64
SymFunctionTableAccess
SymGetSymFromAddr
dh
ImageRvaToSection
SymMatchFileName
SymUnDName64
SymRegisterCallback
SymUnDName
SymEnumerateModules64
SymCleanup
omap

user32

SetScrollPos
IsIconic
MoveWindow

crtdll

_ecvt
memmove
_osver_dll
system
_fgetchar
_onexit
_chdrive
_fcloseall
_mbcjmstojis
fprintf
_CIexp
_ftime
sprintf
fputc
abort
modf
_snprintf
_ismbcsymbol
fflush
_heapmin
_chsize
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_CIacos
wcsftime
_rotr
_getdrive
_mbcjistojms
_rmtmp
_y1

gdi32

RectVisible

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfa88b3d0b6791af31521a062a22956d

Headers

DLL Characteristics

File Characteristics

Imports

mfcsubs

lsasrv

dbnmpntw

opengl32

msdart

msi

kernel32

esent

msvcirt

oleaut32

msvcrt40

dbghelp

user32

crtdll

gdi32

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB