49087e59686754dd7475ad679131db51_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

49087e59686754dd7475ad679131db51_JaffaCakes118
Size

875KB
MD5

49087e59686754dd7475ad679131db51
SHA1

3942356cfa8b968a85ed6da63b494f19b2b1daaa
SHA256

6631e391006451021ebf67fdd6c5172964cb9fb7826577c90f69404b5c62e511
SHA512

aeb4826252f787ec900ffe93a87fa81126915bb1f512395ca1a90bdadd69cbba047a30aefd9a6164c387b2d4f208a05b1a0545bd2217a6b8d682bbc581cfb88e
SSDEEP

12288:yDKXuEH1c4OOwUyKEJsQPt44OX2wtOkTvluotWlWECvQegpiWnSaY1CMD0LIv/ZJ:yDWH1PwUyKEJsQPqrLFtk2vQfpixdn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49087e59686754dd7475ad679131db51_JaffaCakes118

Files

49087e59686754dd7475ad679131db51_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c9e5dbdcc084c615a3975ebfbd79ae7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??0__non_rtti_object@@QAE@PBD@Z
_cprintf
_strnicmp
_cputs
isspace
_getpid
_ismbcpunct
_fstati64
_safe_fprem
_adj_fprem1
vwprintf
_setmode
__badioinfo
_mbsninc
_makepath
getwc
_fstat
_wfindnext
??0bad_cast@@AAE@PBQBD@Z
_mbslwr
_fsopen
_y1
ferror
fclose
_setjmp
_umask
vswprintf
__p___initenv
_adj_fdivr_m16i
_adj_fdivr_m32
_wsearchenv
_global_unwind2
_adj_fpatan
_strtoui64
ldiv
_mbscspn
__CxxQueryExceptionSize
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_purecall
_exit
??3@YAXPAX@Z
_wfindnexti64
ungetc
__p__fmode
__RTtypeid

mprapi

MprAdminInterfaceGetCredentialsEx
MprAdminServerSetCredentials
MprInfoDuplicate
MprConfigServerConnect
MprConfigServerRefresh
MprConfigInterfaceGetInfo
MprAdminUserRead
MprAdminTransportSetInfo
MprAdminInterfaceConnect
MprAdminDeviceEnum
MprAdminPortReset
MprConfigInterfaceEnum
MprConfigInterfaceTransportRemove
MprAdminMIBBufferFree
MprAdminUserWrite
MprAdminUserClose
MprAdminUserGetInfo
MprInfoRemoveAll
MprAdminUserReadProfFlags
MprConfigTransportEnum
MprAdminMIBEntryGet
MprInfoBlockFind
MprAdminPortDisconnect
MprAdminServerGetInfo
MprPortSetUsage

olecli32

DefCreateFromTemplate
GenDraw
OleGetData
OleClose
ErrUpdate
OleQueryClientVersion
OleQueryBounds
BmSaveToStream
OleRequestData
GenGetData
ObjRename
ObjQueryType
OleRelease
OleRevertClientDoc
LeGetUpdateOptions
MfCallbackFunc
OleCopyFromLink
OleSetData
OleActivate
GenRelease
LeSetTargetDevice
GenEqual
PbCreateInvisible
ErrSetData
DibChangeData
DefCreate
OleDraw
PbCreate
GenQueryBounds
ErrClose
LeQueryOutOfDate
OleReconnect
LeCopy
OleQueryOutOfDate
OleCreateLinkFromClip
DefCreateFromClip
MfCopy
PbDraw

opengl32

glTexGeni
glMaterialiv
glGetLightiv
glGetFloatv
glLogicOp
glPopAttrib
glColor4iv
glGetTexLevelParameterfv
glEvalCoord1d
glLightiv
glPixelZoom
glIndexubv
glColor4fv
glVertex2i
glTexCoord4sv
glVertex4sv
glFeedbackBuffer
glVertex2fv
glGetTexLevelParameteriv
glTexCoord3iv
glTexCoord1iv
glRasterPos3fv
glLightfv
wglCopyContext
glFogiv
glNormal3d
glRects
glGetPixelMapfv
glDrawBuffer
glVertex4iv
glEvalCoord2fv
glRasterPos3f
glTexCoord2sv
glTexCoord2s
glGetTexGendv
glRenderMode
glColor4ub
glScissor
glVertex2f
glPushAttrib

kernel32

ReadConsoleW
ReleaseMutex
GetTimeFormatW
GetConsoleAliasesLengthW
WritePrivateProfileSectionA
GetConsoleInputExeNameA
GetProcessId
InitializeSListHead
GetConsoleMode
Heap32ListFirst
GetModuleHandleW
FindNextVolumeW
GetTempFileNameW
MultiByteToWideChar
ReplaceFile
GetModuleHandleA
SetConsoleMaximumWindowSize
OpenProcess
DuplicateHandle
GetProfileSectionW
WriteProfileStringA
SetThreadUILanguage
VirtualFreeEx
WriteFile
DeleteVolumeMountPointW
GetCurrentDirectoryA
OpenJobObjectA
FreeLibrary
OpenWaitableTimerA
LoadLibraryExW
FindNextFileA
GetEnvironmentVariableW
FindActCtxSectionStringW
DeleteCriticalSection
ReplaceFileW
GetConsoleAliasA
GetProcessHeap
LCMapStringW
SetConsoleTextAttribute
SetLocalTime
WriteProfileSectionW
EnumDateFormatsA
DelayLoadFailureHook
VirtualAlloc
BaseCheckAppcompatCache
GetTickCount
FindNextVolumeA
_lread
SetFileShortNameA
LoadLibraryA
GetCurrentProcessId

msvcrt40

_memccpy
_write
_setmode
_amsg_exit
??1ifstream@@UAE@XZ
_CIlog10
?set_terminate@@YAP6AXXZP6AXXZ@Z
??5istream@@QAEAAV0@AAC@Z
?close@ifstream@@QAEXXZ
_wpgmptr
??_8ostream@@7B@
?fd@ifstream@@QBEHXZ
div
?sync_with_stdio@ios@@SAXXZ
??6ostream@@QAEAAV0@PAVstreambuf@@@Z
??_Gbad_typeid@@UAEPAXI@Z
__p__pctype
__getmainargs
??_Gifstream@@UAEPAXI@Z
?ipfx@istream@@QAEHH@Z
??5istream@@QAEAAV0@AAD@Z
??_7logic_error@@6B@
??0strstreambuf@@QAE@P6APAXJ@ZP6AXPAX@Z@Z
asin
?width@ios@@QAEHH@Z

advapi32

CredReadDomainCredentialsA
OpenBackupEventLogW
CreateProcessAsUserA
ElfOpenEventLogA
OpenEncryptedFileRawW
ElfBackupEventLogFileA
RegRestoreKeyA
ConvertToAutoInheritPrivateObjectSecurity
ChangeServiceConfigA
QueryTraceW
AddAccessDeniedObjectAce
CreatePrivateObjectSecurity
QueryServiceLockStatusW
LsaRemovePrivilegesFromAccount
CryptSetProviderW
ReadEncryptedFileRaw
NotifyChangeEventLog
WmiQuerySingleInstanceW
AccessCheckAndAuditAlarmW
ElfCloseEventLog
StartServiceW
DecryptFileW
PrivilegeCheck
AccessCheckByTypeAndAuditAlarmA
ConvertStringSDToSDDomainA
OpenEventLogA
EnumServicesStatusExA
ControlService
LsaFreeMemory
LookupAccountSidW
SystemFunction006
EnumServicesStatusA
WmiCloseBlock
BuildTrusteeWithObjectsAndSidA
SystemFunction020

user32

DefWindowProcW
RegisterClassW
PostQuitMessage

Sections

.text
Size: 550KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 314KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9e5dbdcc084c615a3975ebfbd79ae7b

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

mprapi

olecli32

opengl32

kernel32

msvcrt40

advapi32

user32

Sections

.text Size: 550KB - Virtual size: 550KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 314KB - Virtual size: 1.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 550KB - Virtual size: 550KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 314KB - Virtual size: 1.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B