699a375685185eef950978454135b63f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

699a375685185eef950978454135b63f_JaffaCakes118
Size

101KB
MD5

699a375685185eef950978454135b63f
SHA1

c9420b85cf92b196bbcb8f46c3dc1a21148a2d69
SHA256

c91d98712437957d18011776f40bf89ae5daed9d9d563b4e09601e93f330b90e
SHA512

01a841a3bb7386aa787d8e906ddf3b22000f6d180c254e1d5624a3d818dff7e6a3fb822ff4dbdc6615476d110d0b3ee2f84cab8b9f2cd5341da0ed94b49e4d11
SSDEEP

1536:P2dCrnKO6Sjjp3IlYXfsJbymfUMCIpMP8o/MH2QGeR+3h0LzK:OdCDKOJvp2Bg8m8KQGxa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
699a375685185eef950978454135b63f_JaffaCakes118

Files

699a375685185eef950978454135b63f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0dac248f1467fc11467f4105f76d07dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcirt

?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
?rdbuf@strstream@@QBEPAVstrstreambuf@@XZ
??0ofstream@@QAE@H@Z
??4strstream@@QAEAAV0@AAV0@@Z
?overflow@strstreambuf@@UAEHH@Z
??0ofstream@@QAE@XZ
??_Gistream@@UAEPAXI@Z
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
?clear@ios@@QAEXH@Z
?close@filebuf@@QAEPAV1@XZ
??1ostrstream@@UAE@XZ
?lock@streambuf@@QAEXXZ
??_7iostream@@6B@
??_8istream@@7B@
??_Gstdiobuf@@UAEPAXI@Z
??0fstream@@QAE@XZ
??6ostream@@QAEAAV0@I@Z
?flush@@YAAAVostream@@AAV1@@Z
??_Estdiostream@@UAEPAXI@Z
?getint@istream@@AAEHPAD@Z
??0stdiobuf@@QAE@ABV0@@Z
?fd@filebuf@@QBEHXZ
?bad@ios@@QBEHXZ
??0strstreambuf@@QAE@H@Z
??4iostream@@IAEAAV0@AAV0@@Z
??1logic_error@@UAE@XZ
?pcount@ostrstream@@QBEHXZ
??0istream_withassign@@QAE@ABV0@@Z
?setbuf@fstream@@QAEPAVstreambuf@@PADH@Z
?out_waiting@streambuf@@QBEHXZ
?init@ios@@IAEXPAVstreambuf@@@Z
??6ostream@@QAEAAV0@O@Z
?get@istream@@QAEAAV1@AAD@Z
?eatwhite@istream@@QAEXXZ
??_Gistrstream@@UAEPAXI@Z
?unsetf@ios@@QAEJJ@Z
??1stdiostream@@UAE@XZ

kernel32

GetDiskFreeSpaceExW
EnterCriticalSection
EnumLanguageGroupLocalesA
LeaveCriticalSection
DosDateTimeToFileTime
ProcessIdToSessionId
SetFileApisToOEM
_lwrite
InterlockedExchange
DeleteCriticalSection
FindFirstFileW
VirtualLock
GlobalFindAtomA
LoadLibraryA
HeapSummary
ExpungeConsoleCommandHistoryA
GetSystemWow64DirectoryW
ShowConsoleCursor
VirtualAlloc
SetConsoleNlsMode
VerifyConsoleIoHandle
ReadConsoleOutputCharacterW
GetUserDefaultUILanguage
GetVolumeNameForVolumeMountPointA
_llseek
GetComputerNameA
GetStartupInfoA
LocalLock
CallNamedPipeW
SetPriorityClass
GlobalFindAtomW
GetSystemWindowsDirectoryW
Heap32ListNext
SuspendThread

glmf32

glsCaptureFlags
glsGetContextListl
glsGetContextFunc
glsGetError
glsPad
glsGetHeaderf
glsCommandString
glsGetStreamType
glsUTF8toUCS1z
glsGetContextPointer
glsNumb
glsComment
glsChannel
glsNumfv
glsNumuiv
glsUTF8toUCS4
glsNumdv
glsUCStoUTF8z
glsError
glsNumus
glsCopyStream
glsGetHeaderi
glsDeleteStream
glsGetCommandFunc
glsGetStreamSize
glsUTF8toUCS4z
glsBeginObj
glsGetStreamReadName
glsGetCaptureFlags
glsEndObj
glsNumsv
glsGetContexti
glsNumusv
glsGetOpcodes
glsGetCurrentTime
glsCallStream
glsBeginGLS
glsHeaderf
glsULongHigh
glsNullCommandFunc
glsIsUTF8String
glsUTF8toUCS2z

snmpapi

SnmpUtilOctetsCmp
SnmpUtilPrintAsnAny
SnmpUtilOctetsNCmp
SnmpTfxClose
SnmpUtilUnicodeToUTF8
SnmpUtilOidToA
SnmpSvcAddrIsIpx
SnmpSvcSetLogType
SnmpUtilAsnAnyFree
SnmpSvcAddrToSocket
SnmpUtilAsnAnyCpy
SnmpUtilVarBindListCpy
SnmpTfxQuery
SnmpUtilMemFree
SnmpUtilVarBindListFree
SnmpUtilOctetsCpy
SnmpUtilOidCmp
SnmpUtilOidAppend
SnmpTfxOpen
SnmpSvcGetUptimeFromTime
SnmpUtilOidCpy
SnmpUtilVarBindCpy
SnmpUtilPrintOid
SnmpSvcGetUptime
SnmpUtilVarBindFree
SnmpUtilAnsiToUnicode
SnmpUtilUnicodeToAnsi
SnmpSvcSetLogLevel
SnmpUtilOctetsFree
SnmpUtilDbgPrint
SnmpUtilUTF8ToUnicode
SnmpUtilMemReAlloc
SnmpUtilMemAlloc
SnmpSvcInitUptime
SnmpUtilIdsToA
SnmpUtilOidNCmp
SnmpUtilOidFree

adsldpc

SchemaOpen
ADsDeleteClassDefinition
ChangeSeparator
InitObjectInfo
LdapTypeToAdsTypeDNWithString
ADSIGetNextColumnName
LdapReadAttributeFast
LdapTypeToAdsTypeGeneralizedTime
ADsCreateClassDefinition
ADSICloseSearchHandle
SchemaGetPropertyInfo
ADsGetObjectAttributes
GetDefaultServer
LdapcKeepHandleAround
BuildADsPathFromLDAPPath
ReadPagingSupportedAttr
LdapDeleteS
ADSICloseDSObject
ADsGetLastError
FreeADsStr
GetDisplayName
LdapSearchExtS
Component
LdapAddS
ADsEnumClasses
LdapCloseObject
LdapValueFreeLen
LdapSearchInitPage
ADSIGetObjectAttributes
ADsCreateAttributeDefinition
ReadServerSupportsIsADControl
ADsGetFirstRow
ADsSetSearchPreference
LdapModifyExtS
ADsFreeColumn
LdapNextAttribute
LdapSearchS
GetSyntaxOfAttribute
LdapGetValuesLen
AdsTypeFreeAdsObjects

lz32

CopyLZFile
LZOpenFileA
LZClose
GetExpandedNameW
LZRead
LZCreateFileW
LZCopy
LZInit
LZStart
LZDone
LZCloseFile
LZSeek
LZOpenFileW
GetExpandedNameA

msident

DllGetClassObject

ntdll

RtlFreeHeap
RtlFindSetBits
ZwQueryInformationPort
RtlImpersonateSelf
NtAddAtom
ZwResetWriteWatch
ZwOpenSection
RtlSubtreeSuccessor
RtlNewSecurityObject
RtlDosSearchPath_U
RtlInitializeRXact
ZwCreateJobObject
RtlAppendUnicodeStringToString
ZwCreateNamedPipeFile
RtlUniform
ZwSaveMergedKeys
ZwUnlockFile
ZwTestAlert
NtQuerySymbolicLinkObject
NtCreateThread
RtlDosSearchPath_Ustr
RtlQueryTagHeap
RtlInitializeCriticalSectionAndSpinCount
RtlAddAce
NtQueryDefaultLocale
NtProtectVirtualMemory
RtlQueryAtomInAtomTable
ZwFlushKey
ZwQueueApcThread
abs

msctf

TF_GetThreadMgr
TF_InvalidAssemblyListCacheIfExist
DllGetClassObject
TF_RunInputCPL
TF_CreateLangBarMgr
TF_CreateCategoryMgr
TF_InitSystem
TF_GetThreadFlags
TF_CreateThreadMgr
TF_UninitSystem
TF_IsCtfmonRunning
TF_CreateLangBarItemMgr
TF_GetGlobalCompartment
TF_CreateInputProcessorProfiles
TF_CreateCicLoadMutex
TF_CreateDisplayAttributeMgr
TF_PostAllThreadMsg

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0dac248f1467fc11467f4105f76d07dc

Headers

DLL Characteristics

File Characteristics

Imports

msvcirt

kernel32

glmf32

snmpapi

adsldpc

lz32

msident

ntdll

msctf

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 30KB - Virtual size: 68KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 30KB - Virtual size: 68KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB