469b0cffbb5b02df3b199a6012e3563c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

469b0cffbb5b02df3b199a6012e3563c_JaffaCakes118
Size

827KB
MD5

469b0cffbb5b02df3b199a6012e3563c
SHA1

d477f090a74f8adf955e5f95a876f247dae8d8f0
SHA256

9119563d091bac3fdd891cea9ac539cc0cadb221a5d4f410033e98a4d6a02ba6
SHA512

e81cf6b1bd66033856d9fdfc49f1d233730297682572427c7bf29606f6cff0a588d749d55ff73ecba318e58e13c22f7ab65545d2cf01f9595381402c0faee7ce
SSDEEP

12288:eGNUX2ARMcHWC9yPrluzQyuv7OME+HZI45em4aC5I+K7SNwl0HRQ5wc8R/2B:eGqGAacN8ozFuvjC1Gl0H2wcK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
469b0cffbb5b02df3b199a6012e3563c_JaffaCakes118

Files

469b0cffbb5b02df3b199a6012e3563c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

299cf6d68f369c8f0a270d3526dc3714

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wmasf

ASFGUIDToCodecID
ASFCreateIndexMaker
ASFFindHeaderObject
ASFCreateStreamSelector
ASFGetRootObject
ASFWriteHeaderToFile
ASFCreateIOMonitor
ASFReadHeaderFromFile
ASFCreateIndexMakerFileSink
ASFFindStreamPropertiesObject
ASFGetHeaderObject
ASFGUIDFromCodecID
ASFCreateLibrary
ASFFindRootObject
ASFGetStreamPropertiesObject

expsrv

_adj_fdivr_m32
__vbaDateVar
__vbaVarLateMemCallLdRf
__vbaForEachCollAd
__vbaInStrVar
rtcRightVar
__vbaVarLateMemSt
rtcIPMT
SetMemNewObj
__vbaStrI4
CreateIExprSrvObj
__vbaInStrB
__vbaInStr
__vbaI4Str
__vbaAryMove
BASIC_CLASS_Release
__vbaStrToAnsi
__vbaVarTextTstGe
EbResetProjectNormal
rtcVarFromVar
rtcSendKeys
rtcSetCurrentCalendar
__vbaVarEqv
rtcVarDateFromVar
__vbaChkstk
__vbaUI1Var
_adj_fptan
CopyRecord
_adj_fdiv_m64
rtcInStrRev
TipUnloadProject
__vbaR4Sgn
__vbaFpI4
__vbaCyMulI2
PutMem1
rtcCVErrFromVar
rtcShell
__vbaVarForNext
rtcCharValueBstr
__vbaLineInputStr
rtcRightCharVar
__vbaHresultCheckNonvirt

oleaut32

VarCyFromR4
VarUI2FromCy
VarI2FromI4
VarParseNumFromStr
VarCmp
VarCyFix
RegisterTypeLib
SafeArrayCreateEx
VarBstrFromDec
VarR4FromI4
VarUI1FromI4
VarDecFromR8
VarUI4FromUI8
VarDecFromI1
VarR4FromI2
VarUI8FromBool
VarUI4FromStr
SafeArrayLock
VarCyRound
SafeArrayPtrOfIndex
VarPow
VarUI1FromI8
OleLoadPicture
VarI4FromR4
VariantClear
VarNumFromParseNum
VarCat
VarDecInt
VarI2FromCy
VarFormatPercent
GetAltMonthNames
SafeArrayGetElemsize
SafeArrayAllocDescriptor
SetErrorInfo
DllGetClassObject
VarOr
VarDecFromCy

kernel32

BaseCleanupAppcompatCacheSupport
SetConsoleFont
GlobalHandle
GenerateConsoleCtrlEvent
IsSystemResumeAutomatic
WTSGetActiveConsoleSessionId
SetLocalTime
GetGeoInfoA
GetComputerNameExW
GetComputerNameW
SetUnhandledExceptionFilter
IsValidCodePage
GetThreadTimes
lstrcpyn
SetConsoleMode
BaseFlushAppcompatCache
ResumeThread
SetDefaultCommConfigW
lstrcmpW
LocalCompact
SetNamedPipeHandleState
FindFirstFileExW
IsDBCSLeadByte
EnumResourceTypesA
UnregisterWaitEx
DefineDosDeviceA
GetConsoleAliasesLengthA
VirtualAlloc
FindFirstFileW
LoadLibraryA

ntdll

NtRestoreKey
ZwSetSystemEnvironmentValueEx
RtlCreateUnicodeString
wcscpy
RtlUpcaseUnicodeStringToCountedOemString
NtQueryValueKey
PfxFindPrefix
RtlNewSecurityObjectWithMultipleInheritance
wcscspn
RtlDosSearchPath_Ustr
RtlIsTextUnicode
NtSetSystemTime
RtlMapGenericMask
ZwCreateDirectoryObject
NtCompareTokens
RtlEqualComputerName
RtlDuplicateUnicodeString
iswlower
RtlDnsHostNameToComputerName
NtDebugContinue
RtlUpcaseUnicodeStringToAnsiString
RtlStringFromGUID
RtlDeleteRegistryValue
NtReplyPort
RtlpNotOwnerCriticalSection
RtlExtendedIntegerMultiply
RtlIpv4AddressToStringW
ZwWaitForSingleObject
RtlSystemTimeToLocalTime
RtlQueryEnvironmentVariable_U
ZwQuerySystemEnvironmentValueEx
NtLoadKey
_allshl
RtlDeactivateActivationContext
_lfind
ZwQueryBootOptions
RtlLogStackBackTrace
RtlAllocateHeap

msvcp60

??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIABV12@II@Z
?do_neg_format@?$_Mpunct@D@std@@MBE?AUpattern@money_base@2@XZ
?stossc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?epsilon@?$numeric_limits@C@std@@SACXZ
??1_Winit@std@@QAE@XZ
?do_grouping@?$numpunct@G@std@@MBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?exp@std@@YA?AV?$complex@N@1@ABV21@@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIG@Z
?_Infv@?$_Ctr@N@std@@SANN@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$messages@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??_F?$numpunct@D@std@@QAEXXZ
?_Init@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
??1Init@ios_base@std@@QAE@XZ
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PAG0IG@Z
?overflow@strstreambuf@std@@MAEHH@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG0ABV?$allocator@G@1@@Z
?pubseekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@V32@H@Z
wctrans
?read@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@PAGH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDF@Z
?close@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@XZ
??_D?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEXXZ
??4_Locinfo@std@@QAEAAV01@ABV01@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@O@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
?cos@?$_Ctr@N@std@@SANN@Z
?curr_symbol@?$_Mpunct@D@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_7underflow_error@std@@6B@
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
??0_Timevec@std@@QAE@PAX@Z
?pbackfail@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGG@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?pow@std@@YA?AV?$complex@N@1@ABV21@0@Z
?ldexp@?$_Ctr@N@std@@SANNH@Z

msi

MsiSourceListForceResolutionW
MsiDecomposeDescriptorW
MsiRecordSetStreamA
MsiProvideAssemblyW
MsiSummaryInfoGetPropertyA
MsiUseFeatureExW
MsiCreateRecord
MsiGetActiveDatabase
MsiRecordGetFieldCount
MsiSourceListAddSourceA
MsiApplyPatchA
MsiRecordSetStringA
MsiSequenceA
MsiGetFileHashW
MsiConfigureProductW
MsiOpenPackageA
MsiQueryFeatureStateFromDescriptorW
MsiGetSourcePathW
MsiGetPropertyA
MsiPreviewBillboardW
MsiGetFileVersionW
MsiGetProductInfoW
MsiGetFeatureCostW
MsiCloseAllHandles
MsiGetProductInfoFromScriptW
MsiReinstallFeatureW
MsiReinstallFeatureA
MsiConfigureProductExW
MsiRecordSetInteger
MsiInstallProductW
MsiAdvertiseScriptW
MsiProvideComponentA
MsiPreviewDialogA
MsiUseFeatureExA
DllUnregisterServer

cscdll

CSCDoEnableDisable
CSCFindFirstFileForSidW
CSCQueryFileStatusW
CSCFindNextFileW
CSCEnumForStatsW
CSCPinFileW
CSCIsServerOfflineW
CSCIsCSCEnabled
CSCDeleteW
CSCTransitionServerOnlineW
CSCUnpinFileW
CSCFindClose
CSCEnumForStatsExW
CSCSetMaxSpace
CSCFindFirstFileW

msvcrt40

_wchmod
_fstat
??4iostream@@IAEAAV0@PAVstreambuf@@@Z
_adj_fprem1
?flush@@YAAAVostream@@AAV1@@Z
_heapchk
??7ios@@QBEHXZ
??0iostream@@IAE@XZ
??0istream@@IAE@ABV0@@Z
??0streambuf@@IAE@XZ
tmpfile
_wsplitpath
_wcsset
_execl
_fpreset
_chdir
_vsnwprintf
_wexecl
??_Eistream@@UAEPAXI@Z
_kbhit
??_Gstrstream@@UAEPAXI@Z
??_7__non_rtti_object@@6B@
_wstati64
qsort
_wremove
?attach@filebuf@@QAEPAV1@H@Z
_beep
sprintf
wcstombs
_putenv
??0ostrstream@@QAE@PADHH@Z
??0istrstream@@QAE@ABV0@@Z
??_Dostrstream@@QAEXXZ
?xalloc@ios@@SAHXZ
?rdbuf@ios@@QBEPAVstreambuf@@XZ
_commode
_mbsnicoll
_endthreadex
_adj_fprem
ldiv
_spawnlp

pdh

PdhGetRawCounterValue
PdhConnectMachineW
PdhCollectQueryData
PdhGetLogFileSize
PdhTranslate009CounterA
PdhMakeCounterPathA
PdhCollectQueryDataEx
PdhUpdateLogFileCatalog
PdhEnumObjectItemsHW
PdhMakeCounterPathW
PdhAdd009CounterA
PdhIsRealTimeQuery
PdhParseInstanceNameW
PdhConnectMachineA
PdhVbGetDoubleCounterValue
PdhGetLogSetGUID
PdhLookupPerfIndexByNameW
PdhGetRawCounterArrayW
PdhOpenQueryW
PdhGetDllVersion
PdhOpenQueryH
PdhCreateSQLTablesA
PdhBindInputDataSourceA
PdhGetCounterInfoW
PdhExpandWildCardPathW
PdhBrowseCountersHW

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 722KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

299cf6d68f369c8f0a270d3526dc3714

Headers

DLL Characteristics

File Characteristics

Imports

wmasf

expsrv

oleaut32

kernel32

ntdll

msvcp60

msi

cscdll

msvcrt40

pdh

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 722KB - Virtual size: 2.1MB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 312B

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 722KB - Virtual size: 2.1MB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 312B