60e7ac095db85296f5b9f9c79bf3592c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

60e7ac095db85296f5b9f9c79bf3592c_JaffaCakes118
Size

384KB
MD5

60e7ac095db85296f5b9f9c79bf3592c
SHA1

fc470fe4272cd72c2de4f5acafbd8fd0bc2a65d1
SHA256

becc4d2e91ded3d8116b963490083ef619c00fce2c0c2beaf8ef937169efd81d
SHA512

83fd958e178e2e8ccd3f4ef6685cab8ca2e1f87f94abf6f5880bf9679561a5f3d7949af6e3436afb38aa6600682011f3ddce15c001d9b2b19014fe859780d1b6
SSDEEP

6144:FZ8wWb9iUW7LxJMxoatxXrT8+mg3POfYttD+lTp5GTth8OXdESQDm:FZ4ZidLNIb42SYt3TtXdk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60e7ac095db85296f5b9f9c79bf3592c_JaffaCakes118

Files

60e7ac095db85296f5b9f9c79bf3592c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

480e9c12375c4c8cfaa91fb8c4b256cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msoert2

CreateStreamOnHFileW
HrCopyStream
HrCopyStreamToByte
strtrim
CreateTempFile
DeleteTempFileOnShutdownEx
CleanupFileNameInPlaceW
MessageBoxInstW
FIsEmptyW
CryptFreeFunc
DeleteTempFile
HrLPSZCPToBSTR
FMissingCert
HrIsStreamUnicode
MessageBoxInst
PVDecodeObject
PszSkipWhiteA
OpenFileStreamW
CreateSystemHandleName
OpenFileStreamWithFlagsW
CchFileTimeToDateTimeSz
HrIStreamToBSTR
HrStreamToByte
CreateLogFile
HrCheckTridentMenu
HrFillRasCombo
ChConvertFromHex
CchFileTimeToDateTimeW
CleanupGlobalTempFiles
PszDupA
GenerateUniqueFileName
CleanupFileNameInPlaceA
PszToUnicode
HrStreamSeekCur
PszSkipWhiteW
HrSafeGetStreamSize
IsDigit
HrGetStreamSize

kernel32

GenerateConsoleCtrlEvent
GetConsoleAliasExesLengthA
AddAtomA
IsValidCodePage
FillConsoleOutputCharacterW
LZRead
FoldStringA
CreateActCtxA
TransmitCommChar
ReleaseSemaphore
GlobalFindAtomA
BaseCleanupAppcompatCacheSupport
GetLocaleInfoA
GetDateFormatW
ActivateActCtx
GetCurrentProcessId
GetNativeSystemInfo
GetStartupInfoA
GetUserDefaultLangID
GetGeoInfoA
GetTapeStatus
SetCommState
GetOverlappedResult
GetSystemWow64DirectoryW
SetComPlusPackageInstallStatus
VirtualProtectEx
SetComputerNameA
InitializeCriticalSection
GetVersion
CreateProcessInternalW
VirtualAlloc
FatalAppExitW
GetEnvironmentStrings
GetTempFileNameW
ReadConsoleOutputAttribute
SetConsoleCtrlHandler
GetProcessHeaps
SetConsolePalette
LoadLibraryA
WriteProfileSectionA

msvcrt40

_wsetlocale
?overflow@stdiobuf@@UAEHH@Z
_mbsnbcmp
?is_open@ofstream@@QBEHXZ
_isctype
??4filebuf@@QAEAAV0@ABV0@@Z
sinh
?setb@streambuf@@IAEXPAD0H@Z
free
__p___initenv
wcscpy
??0ifstream@@QAE@H@Z
?fill@ios@@QBEDXZ
_chsize
?isfx@istream@@QAEXXZ
_set_error_mode
??6ostream@@QAEAAV0@PBX@Z
ldiv
_toupper
?gcount@istream@@QBEHXZ
??0ostrstream@@QAE@ABV0@@Z
ungetwc
wcstol
_ismbcdigit
?sh_none@filebuf@@2HB
??4logic_error@@QAEAAV0@ABV0@@Z
??0ostream_withassign@@QAE@XZ
_read
_fdopen
_cprintf
_exit
??_8istrstream@@7B@
_setsystime
?tellp@ostream@@QAEJXZ
??0iostream@@IAE@ABV0@@Z
_ismbclegal
_mkdir
??5istream@@QAEAAV0@AAM@Z
_ismbbalnum
??0ofstream@@QAE@ABV0@@Z
__fpecode
??6ostream@@QAEAAV0@O@Z
_getdrive
_setmaxstdio

polstore

IPSecUnassignPolicy
IPSecSetNegPolData
IPSecCopyNegPolData
IPSecFreePolStr
IPSecClosePolicyStore
IPSecCopyISAKMPData
IPSecDeleteISAKMPData
IPSecDeleteNegPolData
IPSecDeleteFilterData
IPSecCopyPolicyData
IPSecCreateNFAData
IPSecFreeMulNegPolData
IPSecFreeFilterData
IPSecFreeISAKMPData
IPSecEnumPolicyData
IPSecGetISAKMPData
IPSecEnumNegPolData
IPSecSetISAKMPData
IPSecAssignPolicy
IPSecFreeMulNFAData
IPSecIsDomainPolicyAssigned
IPSecAllocPolStr
IPSecCreateISAKMPData
IPSecCopyNFAData
IPSecCreatePolicyData
IPSecCreateNegPolData
IPSecDeleteNFAData
IPSecDeletePolicyData
IPSecFreeMulISAKMPData
IPSecCreateFilterData
IPSecFreeMulFilterData
IPSecFreeNFAData
IPSecOpenPolicyStore
IPSecFreeNegPolData
IPSecAllocPolMem

wsock32

AcceptEx
EnumProtocolsA
s_perror
WSAAsyncGetServByName
WSAUnhookBlockingHook
send
connect
WSAStartup
shutdown
NPLoadNameSpaces
WSACleanup
htonl
sendto
WSAAsyncGetProtoByNumber
__WSAFDIsSet
GetTypeByNameW
GetServiceA
GetAddressByNameA
GetNameByTypeW
gethostbyaddr
ntohs
getservbyname
WSAGetLastError
SetServiceA
MigrateWinsockConfiguration
htons
socket
gethostbyname
EnumProtocolsW
WSAIsBlocking
dn_expand
getpeername
ntohl
recvfrom
select
WSACancelBlockingCall

ntlanui2

DllGetClassObject

msrating

RatingCustomAddRatingSystem
RatingCustomSetUserOptions
VerifySupervisorPassword
RatingCustomAddRatingHelper
RatingCustomCrackData
RatingEnabledQuery
RatingInit
ClickedOnRAT
ClickedOnPRF
RatingCustomInit
RatingAccessDeniedDialog
RatingObtainCancel
RatingCustomRemoveRatingHelper
RatingAddPropertyPages
RatingCustomDeleteCrackedData
RatingCustomSetDefaultBureau
RatingSetupUI
RatingFreeDetails
RatingCheckUserAccess
RatingAccessDeniedDialog2
ChangeSupervisorPassword
RatingObtainQuery
RatingEnable

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 198KB - Virtual size: 655KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

480e9c12375c4c8cfaa91fb8c4b256cc

Headers

DLL Characteristics

File Characteristics

Imports

msoert2

kernel32

msvcrt40

polstore

wsock32

ntlanui2

msrating

Sections

.text Size: 93KB - Virtual size: 93KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 198KB - Virtual size: 655KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 198KB - Virtual size: 655KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 1024B - Virtual size: 1024B