6198dfa6d9ce1061265413a6a9d24135_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6198dfa6d9ce1061265413a6a9d24135_JaffaCakes118
Size

186KB
MD5

6198dfa6d9ce1061265413a6a9d24135
SHA1

4fd18b9ff5a8f67f9f8c8377ce3390c70ec14d52
SHA256

ec46054670a79c0529d6c8e4b0a7e56f1bf29d1b92ef44f0b8d4da7a8ae5d912
SHA512

51d8f66bf9ce1b558f5bd16b7e01d16395549c141f90cd734b529078122880ae9922d6e0e12dafa571ead984b5b38af07f2a3fa8e9e86b98686da4b1372dde52
SSDEEP

3072:m0g8smJeJfrlEndAVWw+LjIy55KelyhfmL9rzL5Vg7LDBpnz+icYxS0E:mt8smwjaH7jD5VlylTz5M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6198dfa6d9ce1061265413a6a9d24135_JaffaCakes118

Files

6198dfa6d9ce1061265413a6a9d24135_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e1fac0fba87fa81008bf959d31823f37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlImpersonateSelf
ZwOpenSection
ZwEnumerateSystemEnvironmentValuesEx
RtlLogStackBackTrace
ceil
ZwMapViewOfSection
NtDebugActiveProcess
RtlAddActionToRXact
ZwQuerySecurityObject
NtOpenIoCompletion
ZwSaveMergedKeys
NtFlushKey
RtlEnlargedIntegerMultiply
strspn
ZwSetInformationProcess
NtSetLowWaitHighEventPair
RtlDestroyEnvironment
RtlAdjustPrivilege
ZwConnectPort
RtlInitializeResource
ZwSetInformationDebugObject
RtlUpcaseUnicodeStringToCountedOemString
NtQuerySecurityObject
NtUnloadDriver
ZwFlushWriteBuffer
RtlAcquirePebLock
NtFilterToken
RtlSubtreeSuccessor
ZwReadFileScatter
RtlpNtOpenKey
ZwLockProductActivationKeys
RtlCreateTimer
ZwQueryValueKey
NtAccessCheck
RtlDeleteTimerQueueEx
ZwQueryInstallUILanguage
NtUnlockFile
DbgUiConnectToDbg
RtlPrefixUnicodeString

gdi32

SetFontEnumeration
CreateMetaFileA
GdiSwapBuffers
CreatePenIndirect
GdiSetLastError
GdiReleaseLocalDC
SetMapMode
FloodFill
CreateDIBSection
CombineTransform
DdEntry52
GetCharWidth32A
GdiPlayDCScript
DdEntry21
DdEntry27
DescribePixelFormat
CLIPOBJ_ppoGetPath
FixBrushOrgEx
PolyPolyline
GetPixel
CopyMetaFileW
FillPath
GdiConvertRegion
GetOutlineTextMetricsA
RemoveFontResourceA
GdiPlayPrivatePageEMF
SetMetaFileBitsEx
SelectClipRgn
EnumFontFamiliesW
SetWorldTransform
EngMultiByteToWideChar
GdiAlphaBlend
GdiSetPixelFormat
GetBitmapBits
EngDeleteClip
SetDIBits
GdiGetSpoolFileHandle
DdEntry8
RestoreDC

wintrust

SoftpubDumpStructure
CryptCATCDFEnumAttributesWithCDFTag
OpenPersonalTrustDBDialogEx
WVTAsn1SpcStatementTypeEncode
WVTAsn1SpcSpAgencyInfoDecode
SoftpubDllRegisterServer
CryptCATVerifyMember
CryptSIPRemoveSignedDataMsg
CryptCATEnumerateMember
CryptCATAdminReleaseContext
WVTAsn1SpcMinimalCriteriaInfoEncode
WTHelperGetFileName
CatalogCompactHashDatabase
CryptCATPutAttrInfo
SoftpubLoadDefUsageCallData
WVTAsn1SpcLinkDecode
CryptSIPGetRegWorkingFlags
WintrustCertificateTrust
CryptCATCDFEnumMembers
WTHelperGetFileHash
WVTAsn1SpcFinancialCriteriaInfoDecode
WVTAsn1SpcFinancialCriteriaInfoEncode
mscat32DllUnregisterServer
WTHelperOpenKnownStores
TrustIsCertificateSelfSigned
SoftpubLoadMessage
CryptCATCDFClose
IsCatalogFile

msvcirt

?get@istream@@QAEAAV1@PACHD@Z
?sync@filebuf@@UAEHXZ
??_8ostrstream@@7B@
??_Gstdiostream@@UAEPAXI@Z
?rdstate@ios@@QBEHXZ
??5istream@@QAEAAV0@AAE@Z
??_Gstdiobuf@@UAEPAXI@Z
?str@istrstream@@QAEPADXZ
??4istrstream@@QAEAAV0@ABV0@@Z
??_8strstream@@7Bistream@@@
??1ios@@UAE@XZ
??0filebuf@@QAE@H@Z
??4ostream_withassign@@QAEAAV0@ABV0@@Z
?pbase@streambuf@@IBEPADXZ
?stdiofile@stdiobuf@@QAEPAU_iobuf@@XZ
??1strstreambuf@@UAE@XZ
?lockptr@ios@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
?unlockbuf@ios@@QAAXXZ
?gcount@istream@@QBEHXZ
?setf@ios@@QAEJJ@Z
??4ostream@@IAEAAV0@ABV0@@Z
?rdbuf@ostrstream@@QBEPAVstrstreambuf@@XZ
?setp@streambuf@@IAEXPAD0@Z
?put@ostream@@QAEAAV1@E@Z
?pptr@streambuf@@IBEPADXZ
??6ostream@@QAEAAV0@PBC@Z
?fLockcInit@ios@@0HA
??0logic_error@@QAE@ABQBD@Z
??_8fstream@@7Bistream@@@
??6ostream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
??6ostream@@QAEAAV0@M@Z
?freeze@strstreambuf@@QAEXH@Z
?read@istream@@QAEAAV1@PADH@Z
??5istream@@QAEAAV0@AAG@Z
?put@ostream@@QAEAAV1@C@Z

kernel32

Process32Next
SetConsoleNlsMode
lstrcatW
GetFileSizeEx
SetLastError
SetFileShortNameA
FillConsoleOutputCharacterA
GetConsoleInputExeNameW
SetComputerNameW
ScrollConsoleScreenBufferA
GlobalAlloc
AddRefActCtx
FindNextChangeNotification
WaitNamedPipeA
VirtualAlloc
FatalExit
BuildCommDCBAndTimeoutsA
GetModuleHandleW
CreateSemaphoreW
ReadConsoleOutputW
GetCPInfoExW
GetFileType
SetupComm
GetBinaryTypeA
FormatMessageW
DeleteFileA
FindVolumeMountPointClose
MultiByteToWideChar
LoadLibraryA
GetProfileSectionW
CreateSocketHandle
GetTimeZoneInformation
GetModuleHandleA
CreateActCtxW
GetVolumeInformationA
ReadConsoleInputExW
GetConsoleProcessList
GetLargestConsoleWindowSize
CloseHandle
FindAtomW
GetCurrentThread
BuildCommDCBW
GetSystemWindowsDirectoryW
LZOpenFileA
SetCalendarInfoA
ReadConsoleInputA
UpdateResourceW

ntdsapi

DsCrackUnquotedMangledRdnW
DsFreeSchemaGuidMapW
DsFreeNameResultA
DsReplicaSyncAllA
DsaopBindWithCred
DsBindWithCredW
DsFreePasswordCredentials
DsCrackSpnW
DsReplicaSyncA
DsIsMangledDnA
DsQuoteRdnValueA
DsListSitesA
DsListInfoForServerA
DsReplicaVerifyObjectsW
DsMakeSpnW
DsListServersForDomainInSiteW
DsListRolesA
DsUnBindA
DsReplicaSyncW
DsReplicaUpdateRefsA
DsAddSidHistoryA
DsIsMangledRdnValueW
DsReplicaVerifyObjectsA
DsListServersForDomainInSiteA
DsUnBindW
DsaopBindWithSpn
DsFreeDomainControllerInfoA
DsMakeSpnA
DsReplicaAddA
DsaopExecuteScript
DsIsMangledRdnValueA
DsFreeDomainControllerInfoW
DsBindA
DsGetDomainControllerInfoW
DsBindW
DsBindWithSpnA
DsGetDomainControllerInfoA
DsListServersInSiteW
DsCrackSpn2A
DsCrackSpn3W
DsListServersInSiteA
DsCrackSpnA
DsWriteAccountSpnW
DsRemoveDsDomainA

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1fac0fba87fa81008bf959d31823f37

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

gdi32

wintrust

msvcirt

kernel32

ntdsapi

Sections

.text Size: 74KB - Virtual size: 74KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 512B - Virtual size: 202KB

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 74KB - Virtual size: 74KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 512B - Virtual size: 202KB

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 1KB - Virtual size: 1KB