62fefba3dda910f87b479c5ff88a8b55_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

62fefba3dda910f87b479c5ff88a8b55_JaffaCakes118
Size

465KB
MD5

62fefba3dda910f87b479c5ff88a8b55
SHA1

a1ad873bd2055a0c3e67dfc5550f338edb6fa640
SHA256

335daeb1e2c04be57fe20dd28c252b52d75a57396ec4e39d5827e4a746ee7f95
SHA512

ecc720a878faf8e173349e2bcd817634a55216d485f6b37231cf19f946352454e2b39cabc0c94ed1dfe1563ae2a998cb91223defa4cd937d51dcaa519c616424
SSDEEP

12288:m7u9am+y4nYpM/0YGkga0UVFruXJou/eEr:Kcamh4n3blf0Gpuau/Rr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62fefba3dda910f87b479c5ff88a8b55_JaffaCakes118

Files

62fefba3dda910f87b479c5ff88a8b55_JaffaCakes118
.exe windows:5 windows x86 arch:x86

74619cf1579339f81478fbf9e609f65f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

mprapi

MprAdminRegisterConnectionNotification
MprAdminConnectionEnum
MprConfigInterfaceGetInfo
MprAdminUserReadProfFlags
MprAdminInterfaceGetCredentials
MprAdminGetPDCServer
MprInfoBlockRemove
MprAdminPortReset
MprAdminMIBEntrySet
MprConfigGetGuidName
MprDomainRegisterRasServer
MprPortSetUsage
MprAdminInterfaceUpdatePhonebookInfo
MprConfigTransportCreate
MprAdminUserServerConnect
MprConfigInterfaceTransportGetHandle
MprAdminPortClearStats
RasPrivilegeAndCallBackNumber
MprInfoBlockQuerySize
MprAdminMIBEntryCreate
MprConfigServerDisconnect
MprConfigBufferFree
CompressPhoneNumber
MprInfoRemoveAll
MprAdminUserRead
MprConfigInterfaceDelete
MprConfigInterfaceGetHandle
MprConfigServerRefresh
MprAdminMIBServerConnect
MprConfigServerConnect
MprAdminTransportGetInfo
MprConfigInterfaceTransportEnum
MprConfigInterfaceTransportAdd
MprAdminInterfaceQueryUpdateResult
MprConfigServerRestore
MprAdminInterfaceTransportRemove
MprAdminUpgradeUsers
MprAdminInterfaceGetCredentialsEx
MprAdminInterfaceConnect
MprAdminInterfaceDeviceGetInfo
MprConfigServerInstall
MprConfigTransportGetInfo
MprAdminEstablishDomainRasServer
MprAdminServerDisconnect
MprAdminMIBEntryGetFirst

msvcrt40

_rotr
?get@istream@@QAEAAV1@AAC@Z
_ismbblead
??1ios@@UAE@XZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
_wenviron
longjmp
?flags@ios@@QAEJJ@Z
iswxdigit
strtod
??0__non_rtti_object@@QAE@PBD@Z
_wasctime
_unloaddll
_amsg_exit
_telli64
?clear@ios@@QAEXH@Z
_eof
scanf
??_Difstream@@QAEXXZ
??8type_info@@QBEHABV0@@Z
ispunct
?delbuf@ios@@QBEHXZ
??6ostream@@QAEAAV0@C@Z
towupper
_pipe
_findfirst
strftime
?opfx@ostream@@QAEHXZ

atmlib

ATMGetOutline
ATMBBoxBaseXYShowTextA
ATMMakePFMA
ATMXYShowTextA
ATMGetMenuNameA
ATMBeginFontChange
ATMGetBuildStr
ATMFontStatusW
ATMSelectObject
ATMRemoveSubstFontW
ATMGetNtmFieldsW
ATMFontAvailableW
ATMForceFontChange
ATMEnumMMFontsW
ATMBBoxBaseXYShowText
ATMEnumFonts
ATMGetFontPathsA
ATMXYShowText
ATMGetGlyphList
ATMFontSelected
ATMSetFlags
ATMGetMenuNameW
ATMGetGlyphListA
ATMGetNtmFields
ATMGetPostScriptNameA
ATMEnumMMFontsA
ATMGetVersionEx
ATMGetVersionExW
ATMMakePSSW
ATMRemoveSubstFontA
ATMGetFontInfoA
ATMRemoveFontA
ATMFinish
ATMAddFontEx
ATMFontStatusA
ATMEnumFontsA
ATMGetMenuName
ATMInstallSubstFontA
ATMRemoveFontW
ATMEnumFontsW
ATMAddFontExW

kernel32

LoadLibraryA
FormatMessageW
ConvertDefaultLocale
FindAtomW
EnumSystemLanguageGroupsW
VirtualAlloc
AllocateUserPhysicalPages
LocalAlloc
BaseCheckAppcompatCache
DeleteFiber
GetProfileSectionA
GetConsoleScreenBufferInfo
SetVolumeLabelA
GetHandleInformation
GetProcessAffinityMask
DnsHostnameToComputerNameW
TlsGetValue
FindCloseChangeNotification
GetTempFileNameW
MapUserPhysicalPagesScatter
EnumUILanguagesA
GetConsoleAliasW
HeapCreate
QueueUserWorkItem
GetDefaultCommConfigA
GetCalendarInfoA
SetFileAttributesW
LZInit
DefineDosDeviceW
BuildCommDCBW
ResetWriteWatch
ExpungeConsoleCommandHistoryA
GetSystemTimeAsFileTime
AddConsoleAliasA
SetThreadPriority
_lread
GetLocaleInfoW
SetHandleInformation
GlobalHandle
UTRegister
Process32Next
GetUserDefaultLCID
LocalShrink
CompareStringW
GetComputerNameExA
CreateFileA
ActivateActCtx

wldap32

ldap_get_optionW
ldap_value_free
ldap_set_option
ldap_set_optionA
ldap_count_values_len
ldap_compareA
ldap_simple_bind_s
ldap_compare_ext_s
ldap_openA
ldap_search_ext_sW
ldap_perror
ldap_result
ldap_parse_vlv_controlA
ldap_bind_sW
ldap_search_init_page
ldap_modifyW
ldap_modify_ext
ldap_bind_sA
ldap_modrdn2
ldap_search_sW
ldap_openW
ldap_create_page_controlA
ldap_set_dbg_flags
ldap_escape_filter_element
ldap_parse_page_control
ldap_connect
ldap_delete_ext_sW
ldap_search_s
ldap_init
ldap_addW
ldap_sasl_bindW
ldap_modrdn2_sA

query

?Clone@CNodeRestriction@@QBEPAV1@XZ
?GetVPathAccess@CMetaDataMgr@@QAEKPBG@Z
?SetUI8@CStorageVariant@@QAEXT_ULARGE_INTEGER@@I@Z
?AddRefWorkThreads@CWorkQueue@@QAEXXZ
?VT_VARIANT_GE@@YGHABUtagPROPVARIANT@@0@Z
?Init@CFileMapView@@QAEXXZ
DllGetClassObject
??0CRequestClient@@QAE@PBGPAUIDBProperties@@@Z
CIRestrictionToFullTree
?GetCommandChar@CQueryScanner@@QAEGXZ
?EnumerateFilesInDir@CiStorage@@SGXPBGAAVCEnumString@@@Z
??1CDbPropIDSet@@QAE@XZ
??0CValueNormalizer@@QAE@AAVPKeyRepository@@@Z
?IsWriteProtected@CDriveInfo@@QAEHXZ
??0CDbSelectNode@@QAE@XZ
?GetStr@CKey@@QBEPAGXZ
?Empty@CSdidLookupTable@@QAEXXZ
?IsCIEnabled@CMachineAdmin@@QAEHXZ
?NumberOfColumns@CCatState@@QBEIXZ
?EnableCI@CMachineAdmin@@QAEHXZ
??1CFileMapView@@QAE@XZ
??1CFilterDaemon@@QAE@XZ
?Empty@CPidLookupTable@@QAEXXZ
?MakeLocalICommand@@YGJPAPAUIUnknown@@PAUICiCDocStore@@PAU1@@Z
?ciNew@@YGPAXI@Z
?RequiresFlush@CPhysStorage@@QAEHK@Z
??0CPropListFile@@QAE@PAVCEmptyPropertyList@@HPBGK@Z
??1CCatalogEnum@@QAE@XZ
?SkipBlob@CMemDeSerStream@@UAEXK@Z
??0CCiRegParams@@QAE@PBG@Z
?MarkDirty@CDynStream@@QAEHXZ
?AddRef@CEnumWorkid@@UAGKXZ
??1CWorkQueue@@QAE@XZ
??0CLangList@@QAE@PAUICiCLangRes@@K@Z
?GetPropertyInfo@CDbProperties@@UAGJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPINFOSET@@PAPAG@Z
?BuildRegistryScopesKey@@YGXAAV?$XArray@G@@PBG@Z
InitializeCIISAPIPerformanceData
?SkipGUID@CMemDeSerStream@@UAEXXZ
?CheckError@CPropListFile@@QAEJAAKPAPAG@Z

rasapi32

RasDialW
RasScriptTerm
RasGetProjectionInfoA
RasSetAutodialAddressW
DDMGetPhonebookInfo
RasGetEapUserDataA
RasDeleteEntryA
RasGetConnectStatusW
RasGetEntryDialParamsA
RasRenameEntryW
RasSetSubEntryPropertiesA
RasGetAutodialAddressA
RasGetHport
RasScriptReceive
RasGetEapUserIdentityA
DwCloneEntry
RasFreeEapUserIdentityA
RasClearLinkStatistics
RasScriptGetIpAddress
RasCreatePhonebookEntryA
RasConnectionNotificationA
RasQuerySharedConnection
RasGetSubEntryHandleW
RasGetLinkStatistics
RasGetAutodialParamA
RasSetSharedAutoDial
RasValidateEntryNameW
RasValidateEntryNameA
RasGetEntryPropertiesA
RasGetEapUserIdentityW
RasEnumDevicesW
RasEnumEntriesW
DwEnumEntryDetails
RasGetAutodialEnableW
RasConnectionNotificationW

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 537KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74619cf1579339f81478fbf9e609f65f

Headers

File Characteristics

Imports

mprapi

msvcrt40

atmlib

kernel32

wldap32

query

rasapi32

Sections

.text Size: 166KB - Virtual size: 166KB

.rdata Size: 153KB - Virtual size: 153KB

.data Size: 512B - Virtual size: 537KB

.rsrc Size: 143KB - Virtual size: 143KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 166KB - Virtual size: 166KB

.rdata
Size: 153KB - Virtual size: 153KB

.data
Size: 512B - Virtual size: 537KB

.rsrc
Size: 143KB - Virtual size: 143KB

.reloc
Size: 1KB - Virtual size: 1KB