5b1a52a2f4573a1ca947a3af859cf6f7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5b1a52a2f4573a1ca947a3af859cf6f7_JaffaCakes118
Size

736KB
MD5

5b1a52a2f4573a1ca947a3af859cf6f7
SHA1

60304824bd8170c4bbf8434f3d19997613192f75
SHA256

c8896166b962b230042527b2c7048ee6ea4777f83ec7e01f08e4c77096acba6a
SHA512

f5bb17ec8fc62ae7576bfbefbde26dae45ad1f93f589930e26715291d0c681d21519048e5f240d69ece0f3371c2c96ffc5656f477a63d12c227a0e50584f2d4c
SSDEEP

12288:ZqdbvfV+BzJzCWLey0GkNk22avmvpm3G25XqvURXxQ:ZqdzV+BzJzdkziv6G2Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b1a52a2f4573a1ca947a3af859cf6f7_JaffaCakes118

Files

5b1a52a2f4573a1ca947a3af859cf6f7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

572b759ef38dedc2aff680b1cf0b5933

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Project\eNMv3.0\Uranus\bin\eNMTray.pdb

Imports

enmipcmm

??1CeNMIPCmm@enm_pvl_acer@@UAE@XZ
??0CeNMIPCmm@enm_pvl_acer@@QAE@PB_WPAVIeNMListener@1@@Z
??0IeNMListener@enm_pvl_acer@@QAE@XZ
?Stop@CeNMIPCmm@enm_pvl_acer@@MAGXXZ
?TxMsg@CeNMIPCmm@enm_pvl_acer@@UAGHPB_WPAU_ENM_MSG@@@Z
?Init@CeNMIPCmm@enm_pvl_acer@@UAGHXZ
?DeleteCS@CeNMIPCmm@enm_pvl_acer@@QAGXXZ

msvcr80

memset
_crt_debugger_hook
_controlfp_s
_invoke_watson
?what@exception@std@@UBEPBDXZ
??3@YAXPAX@Z
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_except_handler4_common
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
__FrameUnwindFilter
_itoa_s
wcscat_s
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CxxUnregisterExceptionObject
wcscpy_s
__CxxDetectRethrow
__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject
??_V@YAXPAX@Z
??1exception@std@@UAE@XZ
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
memcmp
??_U@YAPAXI@Z
sprintf_s
_stricmp
??2@YAPAXI@Z
vswprintf_s
strcpy_s
free
malloc
swprintf_s
_wcsicmp

kernel32

CreateMutexW
GetLastError
OpenMutexW
OpenEventW
CloseHandle
WaitForSingleObject
WaitForMultipleObjects
ResetEvent
CreateProcessW
CreateEventW
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
SetEvent
MultiByteToWideChar
CreateDirectoryW
WideCharToMultiByte
lstrlenA
GetLocaleInfoA
GetThreadLocale
TerminateProcess
GetVersionExA
GetACP
SetFileAttributesW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime

network

?IpRenew@@YA_NPADPAX@Z
?GetRemoteMAC@@YA_NPADQAE@Z
?GetServiceStates@@YA?AW4_ENET_SERVICE_STATE@@XZ
?HangupPPPoE@@YAXXZ
?HangupRasConnection@@YAHH@Z
?GetAdapterInfo@@YAJPADPAU_ACER_IP_ADAPTER_INFO@@@Z
?HangupVPN@@YAXXZ
?GetFirewallStatus@@YAJPAH@Z
?isDomainUser@@YAHXZ
?CheckHTTP@@YAHXZ
?GetIESettings@@YAJPAUACER_ENM_PROXY_SETTINGS@@@Z
?GetSysDefaultPrinter@@YAHPAD@Z
?GetCurrentRASConnection@@YAXHPADPAH@Z
?CheckGateway2@@YAHPAD@Z
?CheckGateway@@YAHPAD@Z

networkcardmgr

?GetAdapterGuid@@YAHPAD0@Z
?GetAdapterLinkSpeed@@YAHPADPAJ@Z
?GetAdapterState@@YAXPADPAH@Z
?StartMonitor@CMediaStatus@@QAEHXZ
?Init@CMediaStatus@@QAEXPAUHWND__@@II@Z
??0CMediaStatus@@QAE@PAD@Z
?GetAdapterMediaStatus@@YAHPADPAH@Z

ws2_32

inet_addr

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

enethook

?StartSwWatching@@YAKXZ

msvcm80

?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z

user32

SendMessageW
PostMessageW
FindWindowW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
GetUserNameW

shell32

SHGetFolderPathW

oleaut32

SysStringByteLen
VariantCopy
SysAllocStringByteLen

shlwapi

SHRegGetUSValueW
SHRegDeleteUSValueW
SHRegCreateUSKeyW
SHRegSetUSValueW
SHRegCloseUSKey
SHRegOpenUSKeyW

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??0?$allocator@_W@std@@QAE@ABV01@@Z
??0?$allocator@D@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

iphlpapi

GetAdaptersInfo

mscoree

_CorExeMain

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

572b759ef38dedc2aff680b1cf0b5933

Headers

File Characteristics

PDB Paths

Imports

enmipcmm

msvcr80

kernel32

network

networkcardmgr

ws2_32

wtsapi32

enethook

msvcm80

user32

advapi32

shell32

oleaut32

shlwapi

msvcp80

iphlpapi

mscoree

Sections

.text Size: 92KB - Virtual size: 90KB

.rdata Size: 228KB - Virtual size: 225KB

.data Size: 4KB - Virtual size: 150KB

.rsrc Size: 404KB - Virtual size: 403KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 92KB - Virtual size: 90KB

.rdata
Size: 228KB - Virtual size: 225KB

.data
Size: 4KB - Virtual size: 150KB

.rsrc
Size: 404KB - Virtual size: 403KB

.reloc
Size: 4KB - Virtual size: 3KB