5e96bcbc3029c01a1aef778574206e85_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5e96bcbc3029c01a1aef778574206e85_JaffaCakes118
Size

859KB
MD5

5e96bcbc3029c01a1aef778574206e85
SHA1

b7981ac69998b3a3e59bd1c514bb008bf5cedf19
SHA256

4f36bbf9bf03eedc7bf9f134896b8de5775961bc26b8e0bc84214abffe027928
SHA512

54be36881309c5ac4e8307d53dd299aa40b2d298931615515812b497084bc77962871ebbed97a52177218381d0cabd87ecdd594b5d9ae122b828c2136b5480aa
SSDEEP

24576:yGci0hv+dZaUzTUPW64KSGWZr63UzpEIb4u:swZaUQU1cu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e96bcbc3029c01a1aef778574206e85_JaffaCakes118

Files

5e96bcbc3029c01a1aef778574206e85_JaffaCakes118
.exe windows:5 windows x86 arch:x86

69510d0832a4f8ba2d28af00ce429f1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
GetThreadSelectorEntry
FindAtomW
GetEnvironmentVariableA
BackupRead
OutputDebugStringA
WaitForSingleObjectEx
GetTimeFormatA
SetConsoleWindowInfo
IsBadCodePtr
LocalFree
GetExitCodeThread
TlsGetValue
GetConsoleKeyboardLayoutNameW
SetFileApisToANSI
SetLastError
WritePrivateProfileStringW
VirtualAlloc
PurgeComm
SetFirmwareEnvironmentVariableW
GetConsoleMode
SetLocalPrimaryComputerNameW
GetCurrentProcessId
LoadLibraryA
GetLastError
EnumDateFormatsExW
SetDefaultCommConfigW
GetThreadPriorityBoost
ScrollConsoleScreenBufferA
GetFullPathNameW
GetNativeSystemInfo
ReadConsoleInputW
SetLastConsoleEventActive
OpenFileMappingA
SetStdHandle

msdart

?GetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGNXZ
?_InsertThisIntoGlobalList@CLKRLinearHashTable@@AAEXXZ
??0CReaderWriterLock3@@QAE@XZ
?ReadLock@CReaderWriterLock3@@QAEXXZ
?IsValid@CLKRLinearHashTable@@QBE_NXZ
?_TryWriteLock@CReaderWriterLock2@@AAE_NJ@Z
?IsEmpty@CLockedDoubleList@@QBE_NXZ
??1CReaderWriterLock3@@QAE@XZ
?ConvertSharedToExclusive@CReaderWriterLock@@QAEXXZ
?RemoveTail@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?RemoveEntry@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?RemoveHead@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?IsReadLocked@CCritSec@@QBE_NXZ
?ReadOrWriteUnlock@CFakeLock@@QAEX_N@Z
??4CLKRHashTableStats@@QAEAAV0@ABV0@@Z
?CheckTable@CLKRLinearHashTable@@QBEHXZ
?RemoveTail@CDoubleList@@QAEQAVCListEntry@@XZ
?SetTableLockSpinCount@CLKRHashTable@@QAEXG@Z
?SetDefaultSpinCount@CSpinLock@@SGXG@Z
?ReadUnlock@CReaderWriterLock2@@QAEXXZ
?DeleteKey@CLKRHashTable@@QAE?AW4LK_RETCODE@@K@Z
?_Apply@CLKRLinearHashTable@@AAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@AAW4LK_PREDICATE@@@Z
??1CDoubleList@@QAE@XZ
??1CLockedDoubleList@@QAE@XZ
?SetDefaultSpinCount@CReaderWriterLock@@SGXG@Z
?ReadUnlock@CCritSec@@QAEXXZ
?IsWriteLocked@CLKRLinearHashTable@@QBE_NXZ

ntdll

ZwPowerInformation
NtFsControlFile
RtlSetLastWin32Error
NlsMbOemCodePageTag
RtlConvertToAutoInheritSecurityObject
NtOpenSemaphore
ZwQueryPortInformationProcess
ZwCreateProcessEx
NtRequestWaitReplyPort
NtWaitForMultipleObjects
ZwInitiatePowerAction
RtlLengthSecurityDescriptor
_aullrem
ZwQuerySystemEnvironmentValue
LdrDisableThreadCalloutsForDll
RtlGetActiveActivationContext
NtQueryInstallUILanguage
RtlDeleteAtomFromAtomTable
RtlDeactivateActivationContext
RtlFindActivationContextSectionString
NtSetEaFile
strstr
RtlDosSearchPath_U
ZwCloseObjectAuditAlarm
NtOpenFile

advapi32

RegQueryValueA
SystemFunction024
RegLoadKeyW
LookupPrivilegeValueW
LsaQueryTrustedDomainInfo
MakeSelfRelativeSD
FlushTraceW
AddAccessDeniedAce
LsaCreateSecret
BuildTrusteeWithSidW
AllocateAndInitializeSid
ElfOpenEventLogA
SystemFunction021
BuildExplicitAccessWithNameW
I_ScPnPGetServiceName
GetSidSubAuthority
CryptGenKey
AdjustTokenPrivileges
RegRestoreKeyW
I_ScSendTSMessage
CredUnmarshalCredentialW
CryptSetProvParam
WmiQueryAllDataA
CredIsMarshaledCredentialA
LsaRemoveAccountRights
MD5Final
SystemFunction004
AddAccessAllowedAceEx
OpenEventLogW
WmiNotificationRegistrationW
CredWriteW
CredGetTargetInfoA
StartTraceW
CryptHashSessionKey
MD4Update
ConvertSidToStringSidW
CryptGenRandom
SystemFunction007

snmpapi

SnmpUtilVarBindCpy
SnmpUtilVarBindFree
SnmpUtilOctetsNCmp
SnmpSvcSetLogType
SnmpSvcAddrToSocket
SnmpSvcGetUptime
SnmpUtilVarBindListFree
SnmpUtilDbgPrint
SnmpUtilUnicodeToUTF8
SnmpUtilIdsToA
SnmpSvcGetUptimeFromTime
SnmpTfxClose
SnmpUtilOidCpy
SnmpSvcSetLogLevel
SnmpUtilOctetsCmp
SnmpSvcInitUptime
SnmpUtilOidNCmp
SnmpUtilOidAppend
SnmpUtilUnicodeToAnsi
SnmpUtilOidFree
SnmpUtilOctetsFree
SnmpUtilAnsiToUnicode
SnmpSvcGetEnterpriseOID
SnmpUtilMemAlloc
SnmpUtilOctetsCpy
SnmpUtilVarBindListCpy
SnmpUtilPrintAsnAny
SnmpUtilMemReAlloc
SnmpSvcAddrIsIpx
SnmpTfxQuery
SnmpTfxOpen
SnmpUtilOidCmp
SnmpUtilPrintOid

msvcrt40

_filelength
strxfrm
?blen@streambuf@@IBEHXZ
iswpunct
_getcwd
_adj_fptan
??_Gstdiobuf@@UAEPAXI@Z
islower
__p___winitenv
?endl@@YAAAVostream@@AAV1@@Z
?close@ifstream@@QAEXXZ
??1Iostream_init@@QAE@XZ
_ismbcsymbol
iswdigit
_purecall
??_Estrstream@@UAEPAXI@Z
?getline@istream@@QAEAAV1@PADHD@Z
??2@YAPAXI@Z
??0ofstream@@QAE@ABV0@@Z
?setmode@ifstream@@QAEHH@Z
??0filebuf@@QAE@H@Z
_ismbbkana
_scalb
_atoldbl
?out_waiting@streambuf@@QBEHXZ
_c_exit
?put@ostream@@QAEAAV1@D@Z
localtime
_filbuf
_ismbcprint
_wtempnam
wcscpy
__RTCastToVoid
_cexit
_unloaddll
wcscoll
?rdstate@ios@@QBEHXZ
_creat
?basefield@ios@@2JB
wctomb
_ltoa
?tellg@istream@@QAEJXZ
_wfindfirsti64
iswalpha
_daylight

msvcrt

_seterrormode
_scwprintf
??_U@YAPAXI@Z
isspace
??4bad_typeid@@QAEAAV0@ABV0@@Z
_execl
_putenv
_longjmpex
tmpnam
_j0
_getdrive
_vsnprintf
__p__winmajor
__p___argv
__pxcptinfoptrs
_ismbcl1
wcsncmp
_wfdopen
_wchmod
__set_app_type
is_wctype
__getmainargs
_spawnvpe
exit
fgetpos
__pctype_func
atol
memchr
_mbsninc
_strdup
_vscwprintf
__p__commode
_toupper
atoi
_cwprintf
mktime
_mbsncoll
_mbctype
strerror

user32

EndDialog

Sections

.text
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 330KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69510d0832a4f8ba2d28af00ce429f1c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msdart

ntdll

advapi32

snmpapi

msvcrt40

msvcrt

user32

Sections

.text Size: 337KB - Virtual size: 337KB

.rdata Size: 189KB - Virtual size: 189KB

.data Size: 330KB - Virtual size: 1.8MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 337KB - Virtual size: 337KB

.rdata
Size: 189KB - Virtual size: 189KB

.data
Size: 330KB - Virtual size: 1.8MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B