6824db1db5a5c80c238e4be958857f92_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6824db1db5a5c80c238e4be958857f92_JaffaCakes118
Size

356KB
MD5

6824db1db5a5c80c238e4be958857f92
SHA1

f49731f4377ce3ca5c1ad5232db365522a68cabd
SHA256

7b5f04fe17a3aeb6a14b52e696b8fb95ccd46d06015f7e08cac53f79d0a7e040
SHA512

cfbeb3d3287863c9927506520a8c0a4c8dc7ed0a0d29c0eb53aae1e4e21c40c02d169b01bb73c03017223a629f8dc0188d977d4aa4299d00be093c2efa9238a9
SSDEEP

6144:/JCsArgpdiPNBCU0hgZb7NVS9qlBFc1d6YpOV6vqvXeuIS4ChZYy:/UMpd+zCFgJXKLMVPvXPIS5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6824db1db5a5c80c238e4be958857f92_JaffaCakes118

Files

6824db1db5a5c80c238e4be958857f92_JaffaCakes118
.exe windows:5 windows x86 arch:x86

13ccb585d99062a509595969c6a8c7b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MonitorFromWindow
GetKeyboardLayoutNameW
TabbedTextOutW
GetUpdateRgn
CheckMenuItem
IsWindowInDestroy
SetMenuContextHelpId
SetScrollInfo
GetClipCursor
ChildWindowFromPoint
ShowOwnedPopups
SetClassLongW
GetWindowTextLengthA
DestroyCaret
GetInputDesktop
EmptyClipboard
SendDlgItemMessageW
IsZoomed
SetWindowLongA
wsprintfA
GetDoubleClickTime
AllowSetForegroundWindow
SetSysColors
DefMDIChildProcW
GetLastInputInfo
GetMessageA
PtInRect
ChangeMenuW
GetWindowModuleFileNameW
SendNotifyMessageW
GetIconInfo
IMPQueryIMEA
LoadLocalFonts

wintrust

CryptCATPersistStore
TrustOpenStores
CryptCATAdminEnumCatalogFromHash
WTHelperCertIsSelfSigned
WinVerifyTrust
WTHelperGetAgencyInfo
CryptSIPVerifyIndirectData
WVTAsn1SpcStatementTypeDecode
WTHelperGetProvCertFromChain
SoftpubInitialize
OfficeInitializePolicy
SoftpubDllUnregisterServer
CryptCATAdminCalcHashFromFileHandle
WVTAsn1CatMemberInfoDecode
WVTAsn1SpcPeImageDataDecode
CryptCATAdminPauseServiceForBackup
FindCertsByIssuer
SoftpubLoadMessage
CryptCATGetMemberInfo
TrustFindIssuerCertificate
CryptCATAdminAddCatalog
CryptCATVerifyMember
TrustDecode
WVTAsn1CatNameValueEncode
mscat32DllUnregisterServer
WintrustAddDefaultForUsage
WintrustLoadFunctionPointers
TrustIsCertificateSelfSigned
CryptCATPutMemberInfo
DriverCleanupPolicy
CryptCATGetAttrInfo
CryptCATEnumerateAttr
WVTAsn1CatNameValueDecode
GenericChainCertificateTrust
WTHelperCertFindIssuerCertificate
MsCatFreeHashTag
SoftpubFreeDefUsageCallData
WTHelperGetProvSignerFromChain
WTHelperOpenKnownStores
WVTAsn1SpcMinimalCriteriaInfoEncode
WTHelperGetFileName

kernel32

GetShortPathNameA
VerLanguageNameA
GetProfileIntA
GetFirmwareEnvironmentVariableW
WaitNamedPipeW
GlobalAddAtomW
GetVolumePathNamesForVolumeNameW
QueryDosDeviceA
DosDateTimeToFileTime
GetNamedPipeInfo
GetSystemTimeAsFileTime
DosPathToSessionPathA
SetTimeZoneInformation
GetFileAttributesExW
SetLastError
GetConsoleInputExeNameW
SetSystemPowerState
GetConsoleMode
GlobalReAlloc
QueryPerformanceCounter
VDMConsoleOperation
VirtualAlloc
GlobalFindAtomW
GetTapeStatus
LZOpenFileW
LZCreateFileW
UnregisterConsoleIME
NlsGetCacheUpdateCount
DisconnectNamedPipe
ReadProcessMemory
GetConsoleScreenBufferInfo
ReadConsoleOutputCharacterA
OutputDebugStringA
RtlCaptureStackBackTrace
GetStartupInfoW
LoadLibraryA
LockFileEx
FindFirstFileW
DefineDosDeviceA
GetConsoleCursorMode
GetModuleHandleW
GetQueuedCompletionStatus
GetSystemPowerStatus
IsBadWritePtr

msvcrt40

??1bad_typeid@@UAE@XZ
??0bad_cast@@QAE@ABQBD@Z
?str@strstreambuf@@QAEPADXZ
_chgsign
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
?str@ostrstream@@QAEPADXZ
?pbackfail@streambuf@@UAEHH@Z
??_7stdiobuf@@6B@
?setmode@ofstream@@QAEHH@Z
strlen
strcmp
_isnan
wcsftime
_telli64
??_E__non_rtti_object@@UAEPAXI@Z
_adj_fdiv_m32
_beginthread
_setsystime
??4streambuf@@QAEAAV0@ABV0@@Z
??5istream@@QAEAAV0@AAF@Z
??_7istrstream@@6B@
_loaddll
??1__non_rtti_object@@UAE@XZ
??0ifstream@@QAE@ABV0@@Z
??_8stdiostream@@7Bostream@@@
_mbsinc
bsearch
_mbsnbset
tanh
_cgets
__setusermatherr
_setmode
_mbsnbicmp
??0iostream@@QAE@PAVstreambuf@@@Z
??_7exception@@6B@
memchr
__CxxLongjmpUnwind
__STRINGTOLD
??0__non_rtti_object@@QAE@ABV0@@Z
_ftime

netapi32

I_NetDatabaseRedo
NetpHexDump
NetGroupSetUsers
I_NetServerTrustPasswordsGet
NetpwPathCanonicalize
NetLogonGetTimeServiceParentDomain
NetGetJoinableOUs
NetUserSetInfo
NetShareDel
NetLocalGroupAddMember
NetApiBufferSize
NetEnumerateComputerNames
DsGetDcNameW
DsRoleDnsNameToFlatName
I_NetLogonSamLogoff
NetUseAdd
DsRoleGetPrimaryDomainInformation
NetUseDel
NetReplExportDirLock
NetValidateName
NetShareEnum
NetServerGetInfo
NetReplSetInfo
NetpAddTlnFtinfoEntry
DsRoleFreeMemory
NetShareEnumSticky
NetShareAdd
NetpDbgPrint
NetShareDelSticky
DsAddressToSiteNamesExA
NetServiceGetInfo
DsRoleCancel
NetLocalGroupDel
I_NetLogonSamLogon
NetReplExportDirDel
DsGetDcNameA
NetAlertRaise
NetpGetConfigBool
NetErrorLogClear
NetWkstaUserSetInfo

w32topl

ToplSTHeapAdd
ToplDeleteComponents
ToplScheduleCacheCreate
ToplListRemoveElem
ToplGraphNumberOfVertices
ToplFree
ToplGraphInit
ToplIsToplException
ToplVertexFree
ToplGetSpanningTreeEdgesForVtx
ToplEdgeGetToVertex
ToplVertexDestroy
ToplListSetIter
ToplVertexGetParent
ToplVertexGetInEdge
ToplIterGetObject
ToplIterFree
ToplSTHeapDestroy
ToplGraphFindEdgesForMST
ToplEdgeSetWeight
ToplVertexSetId
ToplScheduleMaxUnavailable
ToplSTHeapExtractMin
ToplListNumberOfElements
ToplScheduleMerge
ToplVertexCreate
ToplVertexGetOutEdge
ToplEdgeCreate
ToplVertexGetId
ToplScheduleDuration
ToplMakeGraphState
ToplEdgeDestroy

tcpmonui

??1CTcpMibABC@@UAE@XZ
??0CTcpMibABC@@QAE@XZ
LocalAddPortUI
??0CPortABC@@QAE@XZ
??_7CPortABC@@6B@
??0CTcpMibABC@@QAE@ABV0@@Z
?Read@CPortABC@@UAEKQAXPAEKPAK@Z
??4CPortABC@@QAEAAV0@ABV0@@Z
??_7CTcpMibABC@@6B@
??4CTcpMibABC@@QAEAAV0@ABV0@@Z
??1CPortABC@@UAE@XZ
InitializePrintMonitorUI
LocalConfigurePortUI
??0CPortABC@@QAE@ABV0@@Z

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 574KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13ccb585d99062a509595969c6a8c7b1

Headers

DLL Characteristics

File Characteristics

Imports

user32

wintrust

kernel32

msvcrt40

netapi32

w32topl

tcpmonui

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 112KB - Virtual size: 112KB

.data Size: 157KB - Virtual size: 574KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 112KB - Virtual size: 112KB

.data
Size: 157KB - Virtual size: 574KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 1024B