5d1eea15c33375f7e0a13491286d12bd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5d1eea15c33375f7e0a13491286d12bd_JaffaCakes118
Size

868KB
MD5

5d1eea15c33375f7e0a13491286d12bd
SHA1

d7a756236d03713666367d30c50befa6344a7636
SHA256

cfbe6c1261aca02bd3b67dbe87590ec4beb7b9a3f9ceccd4154d2d176b0f2daf
SHA512

5ff44e986b6c15b1de071aee340aa65ca54c9efc63ce6e1757368f59aa3ecda52d978521b9f586cd2c16fe6c4e17a51c6a6c4277775b129ba3df9e53ad06b063
SSDEEP

24576:jt7io44j7rVlicH/sxe+m1VZ7oo5/tgs:x7Smr/4ZcHco51

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d1eea15c33375f7e0a13491286d12bd_JaffaCakes118

Files

5d1eea15c33375f7e0a13491286d12bd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e74b5a1c09f6c1d1322d138c85e64dc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

usp10

ScriptFreeCache
ScriptGetProperties
ScriptStringValidate
ScriptCacheGetHeight
ScriptStringGetLogicalWidths
LpkPresent
ScriptGetGlyphABCWidth
ScriptStringAnalyse
ScriptStringGetOrder
ScriptItemize
ScriptApplyDigitSubstitution
UspFreeMem
ScriptStringCPtoX
ScriptTextOut
ScriptGetFontProperties
ScriptStringFree
ScriptString_pLogAttr
ScriptGetLogicalWidths
ScriptJustify
ScriptString_pSize
ScriptStringOut
ScriptCPtoX
ScriptXtoCP
ScriptGetCMap
ScriptString_pcOutChars
UspAllocTemp
ScriptIsComplex
ScriptBreak
ScriptStringXtoCP
ScriptRecordDigitSubstitution
ScriptPlace
ScriptShape
ScriptApplyLogicalWidth

kernel32

GetStringTypeExW
SetFileValidData
GlobalReAlloc
SetThreadContext
DeleteVolumeMountPointA
EnumerateLocalComputerNamesA
GlobalMemoryStatusEx
SuspendThread
FindNextVolumeW
CreateRemoteThread
InitAtomTable
GetSystemWow64DirectoryA
GenerateConsoleCtrlEvent
FindActCtxSectionGuid
LocalHandle
OpenSemaphoreW
VerLanguageNameA
SystemTimeToTzSpecificLocalTime
lstrcmp
GetCPInfoExW
RemoveDirectoryW
GetConsoleAliasExesLengthA
ReadFileEx
GetConsoleHardwareState
OutputDebugStringA
GetVersionExW
WideCharToMultiByte
GetSystemDirectoryA
WriteConsoleInputVDMW
ReleaseSemaphore
RegisterWaitForInputIdle
EnumCalendarInfoExA
FindActCtxSectionStringA
GetLargestConsoleWindowSize
WritePrivateProfileStructW
EnumSystemLanguageGroupsW
GlobalAddAtomA
GetDiskFreeSpaceExW
CreateDirectoryExW
SetVolumeLabelW
_llseek
OpenJobObjectW
DeleteFileW
DefineDosDeviceW
SetTimeZoneInformation
TlsGetValue
GetNamedPipeHandleStateA
GetCurrentDirectoryA
_lcreat
FindResourceExA
GetCommConfig
GetConsoleTitleW
TzSpecificLocalTimeToSystemTime
GetProcAddress
GetDiskFreeSpaceW
WriteProcessMemory
DnsHostnameToComputerNameW
TerminateJobObject
WaitForMultipleObjects
LoadLibraryA
VirtualAlloc
GetTapeParameters
FormatMessageA
GetNumberFormatA
GetEnvironmentStringsW
GetOEMCP
ResetEvent
_lwrite
GetACP
SetConsoleFont

msvcrt40

_mbscat
__p__iob
_getcwd
longjmp
_errno
??0ofstream@@QAE@HPADH@Z
_mbsupr
??_Dostrstream@@QAEXXZ
_beep
??_7ios@@6B@
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_fputchar
_wcsupr
_adj_fdiv_m32
?unlock@streambuf@@QAEXXZ
_wsystem
strspn
_rotr
_tempnam
_mbslen
fputwc
?cin@@3Vistream_withassign@@A
??0ostream_withassign@@QAE@ABV0@@Z
?setf@ios@@QAEJJJ@Z
wcscpy
getenv
??_Distream_withassign@@QAEXXZ
??1ios@@UAE@XZ
_setjmp3
_isatty
?name@type_info@@QBEPBDXZ
_wstrdate
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
_strlwr
?width@ios@@QAEHH@Z
??0logic_error@@QAE@ABQBD@Z
??6ostream@@QAEAAV0@C@Z
_HUGE
ungetwc
strpbrk
_spawnvp
isalnum
strcspn
_spawnlpe
?sh_none@filebuf@@2HB
towlower
_daylight
??0fstream@@QAE@HPADH@Z
?setmode@ofstream@@QAEHH@Z
??0filebuf@@QAE@HPADH@Z
_utime
?gcount@istream@@QBEHXZ
??5istream@@QAEAAV0@AAF@Z
_CIcosh
__mb_cur_max
_pwctype
ceil
??0ofstream@@QAE@ABV0@@Z
??4ios@@IAEAAV0@ABV0@@Z
_access
_XcptFilter
iswlower
??0iostream@@IAE@ABV0@@Z
strtol
?unsetf@ios@@QAEJJ@Z
??_7iostream@@6B@
_ismbbalpha
fscanf
_CIcos
??0stdiostream@@QAE@PAU_iobuf@@@Z
??4iostream@@IAEAAV0@PAVstreambuf@@@Z
??0ifstream@@QAE@HPADH@Z
wcsxfrm
_execl
?set_unexpected@@YAP6AXXZP6AXXZ@Z

pdh

PdhLookupPerfNameByIndexW
PdhVerifySQLDBA
PdhEnumLogSetNamesW
PdhExpandCounterPathW
PdhEnumLogSetNamesA
PdhTranslate009CounterW
PdhFormatFromRawValue
PdhGetDllVersion
PdhOpenLogW
PdhEnumObjectItemsHW
PdhVbGetLogFileSize
PdhExpandWildCardPathHW
PdhLookupPerfIndexByNameA
PdhVbOpenLog
PdhCollectQueryData
PdhAddCounterA
PdhAdd009CounterA
PdhGetCounterInfoA
PdhAddCounterW
PdhGetDataSourceTimeRangeH
PdhConnectMachineA
PdhGetLogFileTypeA
PdhListLogFileHeaderW
PdhComputeCounterStatistics
PdhExpandWildCardPathA
PdhGetDefaultPerfCounterW
PdhVbUpdateLog
PdhSelectDataSourceW
PdhBrowseCountersW
PdhGetLogSetGUID
PdhEnumMachinesHA
PdhListLogFileHeaderA
PdhCreateSQLTablesA
PdhIsRealTimeQuery
PdhValidatePathW
PdhEnumObjectItemsW
PdhEnumObjectItemsHA
PdhSetDefaultRealTimeDataSource
PdhAdd009CounterW
PdhVerifySQLDBW
PdhLookupPerfNameByIndexA
PdhSetQueryTimeRange
PdhBrowseCountersHW
PdhGetDataSourceTimeRangeA

ntmarta

AccSetEntriesInAList
AccProvIsAccessAudited
AccProvGetAccessInfoPerObjectType
AccLookupAccountName
AccProvHandleGrantAccessRights
AccConvertSDToAccess
AccRewriteGetExplicitEntriesFromAcl
AccConvertAccessToSecurityDescriptor
AccProvHandleRevokeAccessRights
AccProvHandleGetTrusteesAccess
AccProvGrantAccessRights
AccProvHandleSetAccessRights
AccGetExplicitEntries
AccGetAccessForTrustee
AccProvHandleGetAllRights
AccProvGetAllRights
AccFreeIndexArray
AccConvertAccessMaskToActrlAccess
AccProvRevokeAccessRights
AccProvRevokeAuditRights
EventNameFree
AccProvHandleGetAccessInfoPerObjectType
AccProvCancelOperation
AccProvGetOperationResults
EventGuidToName
AccLookupAccountSid
AccRewriteGetHandleRights
AccProvSetAccessRights
AccProvHandleIsObjectAccessible
AccRewriteSetEntriesInAcl
AccRewriteSetHandleRights
AccConvertAccessToSD
AccProvHandleIsAccessAudited
AccProvGetCapabilities
AccRewriteSetNamedRights
AccProvHandleRevokeAuditRights
AccLookupAccountTrustee
AccProvGetTrusteesAccess
AccConvertAclToAccess
AccTreeResetNamedSecurityInfo
AccProvIsObjectAccessible
AccGetInheritanceSource

msvcirt

??0Iostream_init@@QAE@AAVios@@H@Z
??1stdiostream@@UAE@XZ
?blen@streambuf@@IBEHXZ
??0exception@@QAE@ABV0@@Z
?underflow@filebuf@@UAEHXZ
?epptr@streambuf@@IBEPADXZ
?iword@ios@@QBEAAJH@Z
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??_7streambuf@@6B@
??_8ofstream@@7B@
?delbuf@ios@@QBEHXZ
?setf@ios@@QAEJJJ@Z
?putback@istream@@QAEAAV1@D@Z
?binary@filebuf@@2HB
?close@ofstream@@QAEXXZ
??0fstream@@QAE@ABV0@@Z
?unlockbuf@ios@@QAAXXZ
??_Gstdiostream@@UAEPAXI@Z
??6ostream@@QAEAAV0@K@Z
??4logic_error@@QAEAAV0@ABV0@@Z
??_Gstrstream@@UAEPAXI@Z
?sgetc@streambuf@@QAEHXZ
??0strstream@@QAE@ABV0@@Z
??_7ios@@6B@
??_Gstdiobuf@@UAEPAXI@Z
?isfx@istream@@QAEXXZ
??4ostream@@IAEAAV0@PAVstreambuf@@@Z
?write@ostream@@QAEAAV1@PBCH@Z
?get@istream@@QAEAAV1@AAD@Z
??0iostream@@IAE@XZ
??_Gostrstream@@UAEPAXI@Z
??_Gistrstream@@UAEPAXI@Z
??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z
?overflow@strstreambuf@@UAEHH@Z
??0ifstream@@QAE@XZ
??4ofstream@@QAEAAV0@ABV0@@Z
??_Distrstream@@QAEXXZ
?attach@ofstream@@QAEXH@Z
??_8istream@@7B@
??5istream@@QAEAAV0@PAVstreambuf@@@Z
??0stdiobuf@@QAE@PAU_iobuf@@@Z
?seekoff@stdiobuf@@UAEJJW4seek_dir@ios@@H@Z
?snextc@streambuf@@QAEHXZ
?cout@@3Vostream_withassign@@A
?setg@streambuf@@IAEXPAD00@Z
?str@istrstream@@QAEPADXZ
??_Gostream@@UAEPAXI@Z
??_Eiostream@@UAEPAXI@Z
??0ifstream@@QAE@PBDHH@Z
??_Diostream@@QAEXXZ
??0streambuf@@IAE@PADH@Z
?open@ofstream@@QAEXPBDHH@Z
?pcount@ostrstream@@QBEHXZ
?fd@ifstream@@QBEHXZ
??4fstream@@QAEAAV0@AAV0@@Z
?sync_with_stdio@ios@@SAXXZ
?underflow@strstreambuf@@UAEHXZ
?setlock@ios@@QAAXXZ
??6ostream@@QAEAAV0@PBX@Z
?setlock@streambuf@@QAEXXZ
?x_maxbit@ios@@0JA

samlib

SamRidToSid
SamCloseHandle
SamOpenGroup
SamQueryInformationUser
SamEnumerateGroupsInDomain
SamiLmChangePasswordUser
SamSetMemberAttributesOfGroup
SamConnect
SamCreateAliasInDomain
SamGetGroupsForUser
SamLookupDomainInSamServer
SamQuerySecurityObject
SamChangePasswordUser3
SamAddMemberToGroup
SamTestPrivateFunctionsDomain
SamQueryInformationDomain
SamSetSecurityObject
SamiChangeKeys
SamLookupNamesInDomain
SamiSetBootKeyInformation
SamDeleteGroup
SamTestPrivateFunctionsUser
SamOpenDomain
SamOpenUser
SamEnumerateDomainsInSamServer
SamFreeMemory
SamChangePasswordUser
SamDeleteAlias
SamRemoveMultipleMembersFromAlias
SamGetCompatibilityMode
SamCreateUserInDomain
SamiEncryptPasswords
SamGetDisplayEnumerationIndex
SamOpenAlias
SamCreateGroupInDomain
SamQueryInformationGroup
SamAddMultipleMembersToAlias
SamConnectWithCreds
SamiSetDSRMPassword
SamEnumerateAliasesInDomain
SamGetMembersInGroup
SamSetInformationUser
SamQueryDisplayInformation

msvcrt

_mbsnbcoll
_ctype
__crtGetLocaleInfoW
_mbsnbset
swscanf
_execve
_wutime
iswctype
_mbsncpy
fwrite
_tolower
iswpunct
fsetpos
_creat
_fileno
_CIatan2
exit
_wtol
_ungetwch
_mbctype
_wctime64
_XcptFilter
__getmainargs
_fstati64
_utime64
_callnewh
_strrev
strcat
_fgetchar
__p__commode
_dstbias
_spawnle
?_set_new_mode@@YAHH@Z
_adj_fdiv_m32i
is_wctype
_wpopen
_environ
??_7exception@@6B@
_itow
__set_app_type
isupper
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z

d3d8thk

OsThunkDdGetMoCompGuids
OsThunkDdResetVisrgn
OsThunkDdGetDC
OsThunkD3dContextDestroyAll
OsThunkDdUnattachSurface
OsThunkDdSetGammaRamp
OsThunkDdCreateDirectDrawObject
OsThunkDdBlt
OsThunkDdColorControl
OsThunkDdAddAttachedSurface
OsThunkDdGetMoCompFormats
OsThunkDdCreateMoComp
OsThunkD3dContextCreate
OsThunkD3dValidateTextureStageState
OsThunkDdDestroyMoComp
OsThunkDdQueryDirectDrawObject
OsThunkDdGetDxHandle
OsThunkDdGetDriverState
OsThunkDdDeleteSurfaceObject
OsThunkDdUnlock
OsThunkDdGetInternalMoCompInfo
OsThunkDdDestroySurface
OsThunkDdRenderMoComp
OsThunkDdUpdateOverlay
OsThunkDdAttachSurface

user32

PostQuitMessage
DefWindowProcW
RegisterClassW

Sections

.text
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 345KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e74b5a1c09f6c1d1322d138c85e64dc5

Headers

DLL Characteristics

File Characteristics

Imports

usp10

kernel32

msvcrt40

pdh

ntmarta

msvcirt

samlib

msvcrt

d3d8thk

user32

Sections

.text Size: 332KB - Virtual size: 332KB

.rdata Size: 185KB - Virtual size: 185KB

.data Size: 345KB - Virtual size: 1.8MB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 332KB - Virtual size: 332KB

.rdata
Size: 185KB - Virtual size: 185KB

.data
Size: 345KB - Virtual size: 1.8MB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B