489b177a969ff6500247a8076d7192f7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

489b177a969ff6500247a8076d7192f7_JaffaCakes118
Size

872KB
MD5

489b177a969ff6500247a8076d7192f7
SHA1

e25fb82e601f4de7c279823b77a26fbcd0b128d7
SHA256

4f62a5236c3c60455a9f8b127b86fe8dd92517a3fac789084840af3c3a25c042
SHA512

d88ed570ed51c9ab3ef466854b1a767780a0ef4a207fa8681046dafd388d0f05a058df15f1d537a9efb88b15dc166e49378f2760b4a3714070a8abe0b914f47e
SSDEEP

24576:3rJZ9BDvcjxORzOGHm7UWhf9PuBtbHVF:3rJZH8WqGuXPstDz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
489b177a969ff6500247a8076d7192f7_JaffaCakes118

Files

489b177a969ff6500247a8076d7192f7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

89bbb0de0abfb0ae015b7103ee2ffa5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynW
InitAtomTable
LoadResource
RequestDeviceWakeup
GetModuleHandleExA
GetConsoleCP
LoadLibraryA
GetProcessPriorityBoost
HeapAlloc
GlobalAlloc
GetDiskFreeSpaceExW
FindCloseChangeNotification
VirtualAlloc
GetEnvironmentStringsA
ExpungeConsoleCommandHistoryA
SetClientTimeZoneInformation
SetDefaultCommConfigA
WriteProfileStringA
ReadConsoleOutputAttribute
GetPrivateProfileSectionNamesA
FillConsoleOutputCharacterA
IsSystemResumeAutomatic
SetLastError
SetEnvironmentVariableA
GetCommTimeouts
GetProcessShutdownParameters
FileTimeToSystemTime
FreeLibraryAndExitThread
QueueUserWorkItem
CreateEventA
OpenWaitableTimerW
CreateEventW
TlsAlloc
GetTimeZoneInformation
CreateSemaphoreW
GetDevicePowerState
GetCurrentThread

shlwapi

SHRegisterValidateTemplate
PathIsPrefixW
SHRegGetPathA
StrChrW
StrDupW
PathGetCharTypeA
StrTrimA
PathIsDirectoryEmptyA
UrlApplySchemeA
StrCatChainW
StrRetToBSTR
PathFindOnPathW
PathIsUNCA
StrRChrIW
HashData
PathFileExistsW
PathAddBackslashW
PathUnmakeSystemFolderW
SHSkipJunction
SHRegOpenUSKeyA
SHRegEnumUSValueA
SHGetValueA
StrToInt64ExW
StrCSpnW
PathCombineA
StrFromTimeIntervalA
StrNCatW
SHRegQueryInfoUSKeyW
StrStrIA
UrlCompareW
SHIsLowMemoryMachine
PathMatchSpecA
SHQueryValueExW
StrChrIW
PathRemoveFileSpecA
PathFindNextComponentA
PathUnExpandEnvStringsA
PathSearchAndQualifyW
PathMakeSystemFolderW
SHDeleteOrphanKeyW
PathSetDlgItemPathA
PathAddExtensionW
StrFormatKBSizeW
PathStripPathA

activeds

ADsGetObject
AdsTypeToPropVariant
ADsGetLastError
AdsTypeToPropVariant2
ADsBuildVarArrayInt
ADsEnumerateNext
ADsEncodeBinaryData
ADsBuildEnumerator
ADsBuildVarArrayStr
ConvertSecurityDescriptorToSecDes
ReallocADsStr
FreeADsMem
AllocADsStr
ReallocADsMem
PropVariantToAdsType
ADsDecodeBinaryData
DllGetClassObject
PropVariantToAdsType2
ADsFreeEnumerator
ADsSetLastError
SecurityDescriptorToBinarySD
BinarySDToSecurityDescriptor
AllocADsMem
ConvertSecDescriptorToVariant
AdsFreeAdsValues
FreeADsStr
ADsOpenObject

msvcrt40

_CIatan2
_cscanf
_getdrive
?is_open@filebuf@@QBEHXZ
??_7__non_rtti_object@@6B@
?basefield@ios@@2JB
_pwctype
?is_open@ifstream@@QBEHXZ
?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
_CIsqrt
??_Gistream_withassign@@UAEPAXI@Z
tmpfile
?str@strstreambuf@@QAEPADXZ
__doserrno
??0strstream@@QAE@XZ
??_7ostream_withassign@@6B@
_adjust_fdiv
_wmkdir
_j0
_mbslwr
_wspawnlpe
?getdouble@istream@@AAEHPADH@Z
_ismbclower
_filelengthi64
??4fstream@@QAEAAV0@AAV0@@Z
?_set_new_mode@@YAHH@Z
_adj_fdiv_m32i
?floatfield@ios@@2JB
_isctype
??_8fstream@@7Bostream@@@
_wutime
??_Estdiobuf@@UAEPAXI@Z
_filelength
_timezone
_CIacos
?get@istream@@QAEAAV1@AAC@Z
_wfullpath
fscanf
__iscsymf
_CIfmod
?unlockc@ios@@KAXXZ
__p__pctype
_get_osfhandle
atof
wcstombs
strcoll
iswalnum
_wsystem
__setusermatherr
?binary@filebuf@@2HB
perror
_wspawnve
??_Gbad_cast@@UAEPAXI@Z
_adj_fdiv_m32
_strtime
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
?seekp@ostream@@QAEAAV1@J@Z
_CItanh
_mbsset
_cwait
getenv
_daylight
_unlink
?endl@@YAAAVostream@@AAV1@@Z
?rdbuf@ostrstream@@QBEPAVstrstreambuf@@XZ
??6ostream@@QAEAAV0@E@Z
getc
?open@ifstream@@QAEXPBDHH@Z
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
??_Eistream_withassign@@UAEPAXI@Z
??_7ofstream@@6B@
?read@istream@@QAEAAV1@PADH@Z
strtol
_dup2
clock
?get@istream@@IAEAAV1@PADHH@Z
?seekoff@streambuf@@UAEJJW4seek_dir@ios@@H@Z
sin
??0ofstream@@QAE@ABV0@@Z
??0bad_cast@@QAE@ABQBD@Z
_memccpy
wcscpy
_mbctolower
?pbump@streambuf@@IAEXH@Z

iphlpapi

InternalDeleteIpForwardEntry
SetAdapterIpAddress
InternalGetTcpTable
DisableMediaSense
InternalGetIpForwardTable
GetTcpTable
GetAdapterOrderMap
GetPerAdapterInfo
GetTcpStatisticsEx
NotifyRouteChange
NhpAllocateAndGetInterfaceInfoFromStack
GetNumberOfInterfaces
SetIpForwardEntry
_PfAddGlobalFilterToInterface@8
_PfDeleteInterface@4
do_echo_rep
AllocateAndGetIpAddrTableFromStack
EnableRouter
IpRenewAddress
SetIpNetEntry
GetFriendlyIfIndex
IcmpParseReplies
SetIpTTL
InternalGetIpNetTable
GetNetworkParams
GetUdpStatisticsEx
IpReleaseAddress
GetIfEntry
InternalCreateIpForwardEntry
InternalSetIpForwardEntry
Icmp6CreateFile
InternalSetTcpEntry
InternalSetIpNetEntry
_PfAddFiltersToInterface@24
_PfUnBindInterface@4
_PfMakeLog@4
UnenableRouter

msdart

?_IsLocked@CSpinLock@@ABE_NXZ
?GetDefaultSpinAdjustmentFactor@CCritSec@@SGNXZ
?ConvertExclusiveToShared@CReaderWriterLock2@@QAEXXZ
?GetDefaultSpinCount@CReaderWriterLock2@@SGGXZ
??0CSmallSpinLock@@QAE@XZ
?Push@CSingleList@@QAEXQAVCSingleListEntry@@@Z
?ReadLock@CLKRLinearHashTable@@QBEXXZ
??1CCritSec@@QAE@XZ
?MpHeapCompact@@YAKPAX@Z
?BucketIndex@CLKRHashTableStats@@SGJJ@Z
?IsUnlocked@CLockedDoubleList@@QBE_NXZ
??1CReaderWriterLock3@@QAE@XZ
?IsEmpty@CSingleList@@QBE_NXZ
?SetSpinCount@CFakeLock@@QAE_NG@Z
?_AddRefRecord@CLKRLinearHashTable@@ABEXPBXH@Z
?SetSpinCount@CReaderWriterLock3@@QAE_NG@Z
?s_aBucketSizes@?1??BucketSizes@CLKRHashTableStats@@SGPBJXZ@4QBJB
??4CReaderWriterLock@@QAEAAV0@ABV0@@Z
?IsReadLocked@CLKRLinearHashTable@@QBE_NXZ
?_SubTable@CLKRHashTable@@ABEPAVCLKRLinearHashTable@@K@Z
?Size@CLKRLinearHashTable@@QBEKXZ
?BucketSize@CLKRHashTableStats@@SGJJ@Z
?DeleteKey@CLKRHashTable@@QAE?AW4LK_RETCODE@@K@Z
?Pop@CLockedSingleList@@QAEQAVCSingleListEntry@@XZ
?IsWriteLocked@CLKRHashTable@@QBE_NXZ
?FindRecord@CLKRLinearHashTable@@QBE?AW4LK_RETCODE@@PBX@Z
?SetDefaultSpinCount@CReaderWriterLock3@@SGXG@Z
?_TryReadLock@CReaderWriterLock3@@AAE_NXZ
?GetSpinCount@CSpinLock@@QBEGXZ
?_Initialize@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@P6G?BKPBX@ZP6GKK@ZP6G_NKK@ZP6GX0H@ZPBDNK@Z
?IsWinNT4@CMdVersionInfo@@SAHXZ
?NumSubTables@CLKRLinearHashTable@@QBEHXZ
?ConvertSharedToExclusive@CSpinLock@@QAEXXZ
?SetDefaultSpinCount@CFakeLock@@SGXG@Z
?_TryWriteLock@CReaderWriterLock@@AAE_NXZ
?DeleteIf@CLKRHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1@Z
?_CurrentThreadId@CReaderWriterLock3@@CGJXZ
?ReadLock@CReaderWriterLock3@@QAEXXZ
SetMemHook
?SetTableLockSpinCount@CLKRHashTable@@QAEXG@Z
?WriteUnlock@CLKRLinearHashTable@@QBEXXZ
??1CSpinLock@@QAE@XZ
??0CCritSec@@QAE@XZ
?IsReadUnlocked@CReaderWriterLock3@@QBE_NXZ

Sections

.text
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 273KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89bbb0de0abfb0ae015b7103ee2ffa5c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

activeds

msvcrt40

iphlpapi

msdart

Sections

.text Size: 208KB - Virtual size: 208KB

.rdata Size: 388KB - Virtual size: 388KB

.data Size: 512B - Virtual size: 1.7MB

.rsrc Size: 273KB - Virtual size: 276KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 208KB - Virtual size: 208KB

.rdata
Size: 388KB - Virtual size: 388KB

.data
Size: 512B - Virtual size: 1.7MB

.rsrc
Size: 273KB - Virtual size: 276KB

.reloc
Size: 1024B - Virtual size: 4KB