48510b0c492c54c073037b0e38b5f113_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

48510b0c492c54c073037b0e38b5f113_JaffaCakes118
Size

34KB
MD5

48510b0c492c54c073037b0e38b5f113
SHA1

f24937b2e644e760931ef92b7bee6c3430673f10
SHA256

d8b9c2d260f87bef1757629bff90673256c487a2bbda2296cce8f05fa755331b
SHA512

6f29aecf4c872619a61d41853734bb3cc1c9a478d47d29c260482d20cda75fdc1c80613946f3194e916959e722765877a43787a7a843fbd8bb329d9b08182ddc
SSDEEP

768:Ml/7XNEw95+mrxHFW81gWDfZDLUSltDYVJ+SRDRp5m7CBZr:MF72w95+mrf1hNLxltI+SRlrD/r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48510b0c492c54c073037b0e38b5f113_JaffaCakes118

Files

48510b0c492c54c073037b0e38b5f113_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9cf30799174e039c8dce43d3a80d1e29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptSetKeyIdentifierProperty
CryptMsgCountersign
I_CryptGetDefaultCryptProvForEncrypt
I_CryptGetFileVersion
I_CryptReadTrustedPublisherDWORDValueFromRegistry
CryptInitOIDFunctionSet
CryptVerifySignatureU
CertResyncCertificateChainEngine
CertCreateCTLEntryFromCertificateContextProperties
I_CryptInsertLruEntry
I_CryptRegisterSmartCardStore
RegOpenHKCUKeyExU
RegEnumValueU
CryptRegisterOIDFunction
CertVerifyTimeValidity
CryptGetKeyIdentifierProperty
I_CryptGetTls
CryptMsgEncodeAndSignCTL
CertRDNValueToStrW
CryptEncodeObject
CertEnumCRLsInStore
I_CryptGetOssGlobal
I_CryptFlushLruCache
CryptMsgDuplicate

msvcrt40

??0istream@@IAE@XZ
??_Gstdiostream@@UAEPAXI@Z
?gptr@streambuf@@IBEPADXZ
??4istream@@IAEAAV0@PAVstreambuf@@@Z
??0ofstream@@QAE@HPADH@Z
_beginthread
_setmbcp
_safe_fprem
_wexecvpe
__RTCastToVoid
_vsnprintf
_wstat
?pptr@streambuf@@IBEPADXZ
_wgetcwd
_wfullpath
_wexeclp
_yn
raise
_wpopen
??_Eios@@UAEPAXI@Z
_fpieee_flt
?precision@ios@@QBEHXZ
??_Eostream_withassign@@UAEPAXI@Z
_wcsdup
_wfindfirst
_CIfmod
iswpunct
??4iostream@@IAEAAV0@PAVstreambuf@@@Z
_getcwd
_ismbbalpha
?lockc@ios@@KAXXZ
??0strstream@@QAE@XZ
_controlfp
?setf@ios@@QAEJJJ@Z
??_Ebad_cast@@UAEPAXI@Z
_open
wcsxfrm
??4bad_typeid@@QAEAAV0@ABV0@@Z
_fpclass
localtime
?underflow@filebuf@@UAEHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
??0strstreambuf@@QAE@XZ
_mbsncat
wcscspn
_write
??_8ofstream@@7B@
??_Eistream_withassign@@UAEPAXI@Z
?str@ostrstream@@QAEPADXZ
_wfreopen
??4strstreambuf@@QAEAAV0@ABV0@@Z
_adj_fdiv_m32
_msize

advapi32

GetEffectiveRightsFromAclA
SetEntriesInAuditListW
LsaSetInformationTrustedDomain
GetSecurityDescriptorLength
RegSetValueA
RegCloseKey
QueryServiceConfigW
BuildTrusteeWithObjectsAndNameA
SaferiPopulateDefaultsInRegistry
GetNumberOfEventLogRecords
QueryServiceStatusEx
SystemFunction003
QueryAllTracesW
InitiateSystemShutdownExA
ObjectDeleteAuditAlarmW
SystemFunction012
GetSecurityDescriptorControl
RegQueryInfoKeyA
ObjectCloseAuditAlarmA
SetEntriesInAccessListW
LsaICLookupSidsWithCreds
SystemFunction013
ElfBackupEventLogFileW
RegEnumKeyExA
ConvertAccessToSecurityDescriptorA
RegReplaceKeyA
LsaQuerySecret
RemoveUsersFromEncryptedFile
RegisterServiceCtrlHandlerA
SystemFunction028
ElfOpenBackupEventLogW
GetSidLengthRequired
SystemFunction011
RegisterServiceCtrlHandlerExW
ElfBackupEventLogFileA
ElfClearEventLogFileA
CloseServiceHandle
FreeSid
RegEnumKeyW
GetServiceDisplayNameA
AccessCheckAndAuditAlarmW
LsaAddPrivilegesToAccount
SystemFunction022
RegRestoreKeyA
UnlockServiceDatabase
GetMultipleTrusteeOperationA
SaferSetLevelInformation
LsaEnumerateAccountsWithUserRight
CryptVerifySignatureW
LsaOpenAccount
CredMarshalCredentialW
MD5Init
LsaSetQuotasForAccount
LsaEnumerateAccountRights
RegConnectRegistryW
IsWellKnownSid
EnumServicesStatusW
GetNamedSecurityInfoExA
MakeSelfRelativeSD
AllocateAndInitializeSid
BuildImpersonateTrusteeW
CryptSignHashA
ObjectPrivilegeAuditAlarmW
CredMarshalCredentialA
LsaNtStatusToWinError
FreeEncryptionCertificateHashList
CreateProcessAsUserA
CredReadDomainCredentialsA
CryptGetKeyParam
ElfOpenEventLogW
QueryServiceConfig2W
GetSecurityDescriptorGroup
WmiQueryAllDataMultipleW
CredGetSessionTypes
SetEntriesInAuditListA
LookupAccountNameA
RegisterTraceGuidsW

kernel32

OpenMutexW
OpenProfileUserMapping
ShowConsoleCursor
WaitForDebugEvent
GetProcessWorkingSetSize
SetLocaleInfoW
AddLocalAlternateComputerNameW
FileTimeToLocalFileTime
GetSystemTime
Heap32ListNext
GetLongPathNameW
Sleep
FormatMessageA
IsBadReadPtr
GetSystemWindowsDirectoryA
GetPrivateProfileStructA
SetTapeParameters
VerLanguageNameA
GetExitCodeThread
SetThreadAffinityMask
GlobalFree
GetConsoleAliasExesW
FindNextVolumeA
RemoveDirectoryA
GetVolumeNameForVolumeMountPointW
VirtualAlloc
CreateFiberEx
DefineDosDeviceA
GetVersionExW
GetModuleHandleExA
FindResourceW
Toolhelp32ReadProcessMemory
GetUserDefaultLangID
ReleaseMutex
IsValidLocale
SetComputerNameW
GetEnvironmentStringsA
DeleteFileA
ResumeThread
GetCurrentDirectoryW
VirtualFree
OpenSemaphoreA
SetVolumeLabelW

mtxoci

oexn
ogetpi
odescr
oflng
oopt
oerhms
obindps
oermsg
obndrv
ofen
oparse
Enlist
ocon
obndrn
ologTransacted
oopen
odessp
MTxolog
DllRegisterServer
DllUnregisterServer
ofetch
oclose
GetXaSwitch

opengl32

glIsList
glColorPointer
glRectiv
wglShareLists
glVertex3i
GlmfPlayGlsRecord
glTexCoord3iv
glColor3s
glGetClipPlane
glFeedbackBuffer
glCopyTexImage1D
glEvalCoord2f
GlmfEndGlsBlock
glGetLightfv
glGetPointerv
glAccum
glTexCoord2fv
glPixelMapuiv
glReadBuffer
glGetError
glIndexPointer
glDrawPixels
glEvalCoord1f
glClipPlane
glNormal3iv
glPushAttrib
glVertex2s
glNormal3f
glVertex2i
wglCreateContext
glCopyTexSubImage1D
glCullFace
glRasterPos2iv
GlmfBeginGlsBlock
glVertex3sv
glSelectBuffer
wglDeleteContext
glEvalPoint2
glGetTexParameterfv
glGetMaterialfv
glIndexub
glClearDepth
glColor3dv
glGetTexImage
glOrtho
glEvalCoord1dv
glLineStipple
wglCopyContext
glFogf
glMateriali
glColor4ui
glTexEnvf
glViewport
glCallList
glFrustum
glTexCoord4iv
glTexCoord2iv
glScissor
glIndexfv
glColor4us
wglSwapMultipleBuffers
glVertex4iv
glVertex2sv
glPixelStoref
glTexCoord2sv
glGetIntegerv
glTranslated
glRasterPos4fv
glPassThrough
glGenTextures
wglGetCurrentContext
glEnableClientState
glColor3sv
glColor3fv
glColor4dv
glMap1d

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerInstallFileW
VerQueryValueW
VerFindFileW
VerQueryValueA
VerInstallFileA
GetFileVersionInfoSizeA
VerLanguageNameA
VerFindFileA
VerLanguageNameW
GetFileVersionInfoA

msvcrt

asin
_ismbcl0
__p__acmdln
_spawnv
_mbsnextc
??4bad_cast@@QAEAAV0@ABV0@@Z
_ecvt
fputws
_commode
putchar
??_E__non_rtti_object@@UAEPAXI@Z
_cputs
localtime
_wspawnlpe
ldiv
_wcsicoll
__dllonexit
isgraph
_mbspbrk
_strtoi64
__p___argv
__CxxLongjmpUnwind
_hypot
_atoi64
_mbsnset
_ismbbalnum
_wmkdir
vprintf
fputs
__p__winminor
_findfirst
_spawnvp
strncmp
_getch
__pctype_func
wcspbrk
frexp

csrsrv

CsrUnlockProcess
CsrAddStaticServerThread
CsrLockProcessByClientId
CsrCallServerFromServer
CsrSetBackgroundPriority
CsrRevertToSelf
CsrDereferenceProcess
CsrReferenceThread
CsrSetForegroundPriority
CsrCreateRemoteThread
CsrImpersonateClient
CsrValidateMessageString
CsrDestroyProcess
CsrQueryApiPort
CsrConnectToUser
CsrLockThreadByClientId
CsrCreateThread
CsrCreateProcess
CsrUnhandledExceptionFilter
CsrExecServerThread
CsrServerInitialization
CsrShutdownProcesses
CsrGetProcessLuid
CsrDestroyThread
CsrDereferenceThread
CsrValidateMessageBuffer
CsrUnlockThread

cscdll

CSCQueryFileStatusW
CSCDoEnableDisable
CSCFindNextFileW
CSCSetMaxSpace
CSCFindFirstFileW
CSCEnumForStatsExW
CSCIsServerOfflineW
CSCDeleteW
CSCFindClose
CSCFindFirstFileForSidW
CSCEnumForStatsW
CSCPinFileW
CSCTransitionServerOnlineW
CSCIsCSCEnabled
CSCUnpinFileW

cmpbk32

PhoneBookGetPhoneDispA
PhoneBookEnumNumbers
PhoneBookParseInfoA
PhoneBookEnumCountries
PhoneBookHasPhoneType
PhoneBookGetCountryId
PhoneBookFreeFilter
PhoneBookLoad
PhoneBookGetCountryNameW
PhoneBookGetPhoneDescA
PhoneBookCopyFilter
PhoneBookUnload
PhoneBookGetPhoneDUNA
PhoneBookMatchFilter
PhoneBookEnumNumbersWithRegionsZero
PhoneBookGetPhoneCanonicalA
PhoneBookGetCurrentCountryId
PhoneBookGetCountryNameA
PhoneBookGetPhoneType
PhoneBookMergeChanges
PhoneBookGetRegionNameA
PhoneBookGetPhoneNonCanonicalA
PhoneBookEnumRegions

user32

SetScrollPos
PostQuitMessage
MoveWindow
RegisterClassW
DefWindowProcW
IsIconic

ws2_32

setsockopt
getpeername
WSASocketW
WSACloseEvent
ioctlsocket
WSASendDisconnect
WSAAsyncGetProtoByName
WSAAsyncGetServByName
WSAResetEvent
WSASetBlockingHook
WSAAddressToStringW
WSAGetServiceClassNameByClassIdW
WPUCompleteOverlappedRequest
getprotobynumber
WSCInstallProvider
WSAAccept
WSAInstallServiceClassW
gethostname
inet_ntoa
bind
WSAIoctl
WSAIsBlocking
WSARemoveServiceClass
WSANtohl
freeaddrinfo
getsockopt

gdi32

RectVisible

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cf30799174e039c8dce43d3a80d1e29

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

msvcrt40

advapi32

kernel32

mtxoci

opengl32

version

msvcrt

csrsrv

cscdll

cmpbk32

user32

ws2_32

gdi32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 1KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 578B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 578B