62be4589466b20fb2e6a61d0bdd9928d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

62be4589466b20fb2e6a61d0bdd9928d_JaffaCakes118
Size

160KB
MD5

62be4589466b20fb2e6a61d0bdd9928d
SHA1

411ed14ab18e77e2006e085e5688272455591b93
SHA256

6a20ae163723b7043d963996ca6b49770211184adf77db5b63fc31d5b1f5adbb
SHA512

7248711470f73a9c6a7fa30b6100ee708a6c25f48980298af1c2c4fbe33cdee8fd235a531caa2e01220df7ed6579bd6f772c19fd648532c58ede811bb9ea3d4c
SSDEEP

3072:ggMvSy6T6y9+gmTwm4UfEkMoWv0aRBjb7ilEPRouaQ6sm:mvSzH9+g8wmJfEkMp7ilEDZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62be4589466b20fb2e6a61d0bdd9928d_JaffaCakes118

Files

62be4589466b20fb2e6a61d0bdd9928d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bcc9750d2b487153c2594b71fd9517da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

untfs

??1NTFS_EXTENT_LIST@@UAE@XZ
FormatEx
?QueryFileReference@NTFS_INDEX_TREE@@QAEEKPAXKPAU_MFT_SEGMENT_REFERENCE@@PAE@Z
?MakeNonresident@NTFS_ATTRIBUTE@@UAEEPAVNTFS_BITMAP@@@Z
Extend
?IsFree@NTFS_BITMAP@@QBEEVBIG_INT@@0@Z
?ReadList@NTFS_ATTRIBUTE_LIST@@QAEEXZ
?QueryExtentList@NTFS_ATTRIBUTE_RECORD@@QBEEPAVNTFS_EXTENT_LIST@@@Z
?AddSecurityDescriptor@NTFS_FILE_RECORD_SEGMENT@@QAEEW4_CANNED_SECURITY_TYPE@@PAVNTFS_BITMAP@@@Z
?Write@NTFS_FRS_STRUCTURE@@QAEEXZ
?Initialize@NTFS_CLUSTER_RUN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@VBIG_INT@@KK@Z
?AddFileNameAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAU_FILE_NAME@@@Z
?Initialize@NTFS_ATTRIBUTE@@QAEEPAVLOG_IO_DP_DRIVE@@KPBXKKPBVWSTRING@@G@Z
?Save@NTFS_INDEX_TREE@@QAEEPAVNTFS_FILE_RECORD_SEGMENT@@@Z
??1NTFS_FRS_STRUCTURE@@UAE@XZ
??0NTFS_FRS_STRUCTURE@@QAE@XZ
??1NTFS_SA@@UAE@XZ
??1NTFS_ATTRIBUTE@@UAE@XZ
?QueryAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAEKPBVWSTRING@@@Z
?Read@NTFS_ATTRIBUTE@@QAEEPAXVBIG_INT@@KPAK@Z
Chkdsk
Format
?Initialize@NTFS_EXTENT_LIST@@QAEEVBIG_INT@@0@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MASTER_FILE_TABLE@@@Z
??1NTFS_UPCASE_FILE@@UAE@XZ
??0NTFS_BOOT_FILE@@QAE@XZ
?QuerySegmentReference@NTFS_MFT_INFO@@SG?AU_MFT_SEGMENT_REFERENCE@@PAX@Z
??0NTFS_SA@@QAE@XZ

cryptui

CryptUIDlgFreeCAContext
CryptUIDlgViewCRLA
RetrievePKCS7FromCA
CryptUIFreeCertificatePropertiesPagesA
CryptUIStartCertMgr
LocalEnrollNoDS
CryptUIWizFreeCertRequestNoDS
CryptUIGetCertificatePropertiesPagesA
ACUIProviderInvokeUI
CryptUIWizQueryCertRequestNoDS
CryptUIDlgViewCRLW
I_CryptUIProtectFailure
CryptUIGetCertificatePropertiesPagesW
CryptUIDlgViewCTLA
CryptUIFreeCertificatePropertiesPagesW
CryptUIDlgViewSignerInfoW
CryptUIDlgSelectStoreW
CryptUIDlgViewCTLW
CryptUIDlgViewSignerInfoA
CryptUIWizCreateCertRequestNoDS
CryptUIWizExport
CryptUIDlgViewCertificatePropertiesW
CryptUIWizBuildCTL
CryptUIWizSubmitCertRequestNoDS
CryptUIDlgViewContext
CryptUIGetViewSignaturesPagesA
CryptUIDlgViewCertificatePropertiesA
LocalEnroll
CryptUIDlgViewCertificateW
I_CryptUIProtect
CryptUIFreeViewSignaturesPagesW
CryptUIDlgSelectCA
CryptUIDlgCertMgr
CryptUIDlgSelectCertificateW
EnrollmentCOMObjectFactory_getInstance
CryptUIDlgSelectStoreA
CryptUIWizImport

msvcrt40

??5istream@@QAEAAV0@PAC@Z
??0filebuf@@QAE@HPADH@Z
_wenviron
??5istream@@QAEAAV0@AAI@Z
?_query_new_mode@@YAHXZ
?str@strstreambuf@@QAEPADXZ
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
_wctime
_setmaxstdio
_mbsdup
_ungetch
_mbsnset
?unsetf@ios@@QAEJJ@Z
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
_wsplitpath
??0strstreambuf@@QAE@P6APAXJ@ZP6AXPAX@Z@Z
_CIacos
??0ifstream@@QAE@H@Z
_getmbcp
_getcwd
??0ios@@IAE@ABV0@@Z
fprintf
_putch
_cwait
cosh
_wsystem
?sgetc@streambuf@@QAEHXZ
__p__pctype
ungetwc
iswalpha
_adj_fprem1
?seekoff@streambuf@@UAEJJW4seek_dir@ios@@H@Z
__p__wcmdln
_wpgmptr
__argv
??_7ofstream@@6B@
??0istream_withassign@@QAE@ABV0@@Z
_lsearch
_spawnle
?adjustfield@ios@@2JB
__p__winminor
??0filebuf@@QAE@XZ
?sh_read@filebuf@@2HB
_osver
??1istream_withassign@@UAE@XZ
__argc
??4strstream@@QAEAAV0@AAV0@@Z
??_Gexception@@UAEPAXI@Z
__threadhandle
_wcsrev
_fmode
??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z
_wfindnext
iswprint
??0iostream@@IAE@ABV0@@Z
_expand
?getline@istream@@QAEAAV1@PACHD@Z
__threadid
strxfrm
_lfind
?sputn@streambuf@@QAEHPBDH@Z
_flsbuf
_memccpy
_cexit
_fputwchar
_tell
__getmainargs
wcscspn
?_query_new_handler@@YAP6AHI@ZXZ
??_Gstrstreambuf@@UAEPAXI@Z
?write@ostream@@QAEAAV1@PBDH@Z
??0__non_rtti_object@@QAE@ABV0@@Z
rename
_strupr
wcsncat
ftell
__p__acmdln
__p__daylight
?endl@@YAAAVostream@@AAV1@@Z
??1strstream@@UAE@XZ
?underflow@strstreambuf@@UAEHXZ
_getw
??6ostream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
_mbsncpy
??5istream@@QAEAAV0@AAJ@Z

uxtheme

GetThemeString
IsThemeBackgroundPartiallyTransparent
IsThemePartDefined
EnableTheming
DrawThemeParentBackground
GetThemeAppProperties
CloseThemeData
GetThemeFont
GetThemeMetric
SetThemeAppProperties
GetThemeBackgroundContentRect
GetThemeBool
GetThemeFilename
GetCurrentThemeName
GetThemeSysSize
GetThemeDocumentationProperty
OpenThemeData
IsThemeActive
GetThemeSysInt
GetThemeMargins
DrawThemeEdge
GetThemePartSize
GetThemeTextExtent
GetThemeIntList
GetThemeSysColorBrush
GetThemeTextMetrics
GetThemeInt
GetThemeSysColor
GetThemeBackgroundRegion

kernel32

WriteConsoleOutputCharacterW
SuspendThread
FindVolumeClose
InitAtomTable
GetConsoleAliasExesW
GetFileType
GlobalAlloc
GetThreadTimes
SetLocaleInfoA
BackupSeek
GetModuleHandleA
CommConfigDialogW
GetSystemTime
SetHandleContext
BaseFlushAppcompatCache
CmdBatNotification
LoadLibraryA
FindFirstVolumeW
SetComputerNameExW
NlsGetCacheUpdateCount
DeleteFileA
EnumCalendarInfoExA
TzSpecificLocalTimeToSystemTime
GetVolumePathNameW
GetModuleHandleW
SetLastError
GetModuleHandleExA
GetDiskFreeSpaceExA
GetEnvironmentStringsA
FindResourceExW
RegisterWaitForInputIdle
FormatMessageA
GetPrivateProfileStringA
DeleteVolumeMountPointW
VirtualAlloc
ConnectNamedPipe
GetCurrentThread

Sections

.text
Size: 59KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bcc9750d2b487153c2594b71fd9517da

Headers

DLL Characteristics

File Characteristics

Imports

untfs

cryptui

msvcrt40

uxtheme

kernel32

Sections

.text Size: 59KB - Virtual size: 60KB

.rdata Size: 64KB - Virtual size: 68KB

.data Size: 512B - Virtual size: 180KB

.rsrc Size: 34KB - Virtual size: 36KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 59KB - Virtual size: 60KB

.rdata
Size: 64KB - Virtual size: 68KB

.data
Size: 512B - Virtual size: 180KB

.rsrc
Size: 34KB - Virtual size: 36KB

.reloc
Size: 1024B - Virtual size: 4KB