709bb9dae2675f384fe64f775c743928_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

709bb9dae2675f384fe64f775c743928_JaffaCakes118
Size

386KB
MD5

709bb9dae2675f384fe64f775c743928
SHA1

186a35a91592b52c083639ef38dd50f127a015d6
SHA256

35001bfc29e30ab6efae89fabfa696605874d92fdbeb027f26d5f3e48fdee5d2
SHA512

9fcb1cf4243fdc9e6f19c5b5cf100aca6e99ef90151cdc7e99ddba32309500a349ffcaf4cd8bad9e6c0c66d0eb47cf486cf876a6ee96e95c1cf2c5baf0d26a14
SSDEEP

6144:JiAZUzfz1w5SG+mUivkOz6bIvhHUSmjFTbk5+DDKMRwpfbJev0Fb5wvJJTZSGy:J1ZPUi7xRF2T457MReMv0Fb5eJtST

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
709bb9dae2675f384fe64f775c743928_JaffaCakes118

Files

709bb9dae2675f384fe64f775c743928_JaffaCakes118
.exe windows:5 windows x86 arch:x86

311ff7bccc2ecfe4b9a36b741661f732

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VarOr
DispGetIDsOfNames
VarI4FromUI8
SafeArrayPtrOfIndex
VarI8FromUI2
SafeArrayGetElement
SafeArrayAccessData
VarCyFromUI2
VarUI4FromDec
VarUI2FromI1
VarBstrFromUI8
VarI1FromDec
VarI2FromUI2
SafeArrayUnaccessData
VarUI2FromUI8
VarUI2FromUI4
VarUI2FromBool
VarCyRound
VarUI4FromR8
SafeArraySetRecordInfo
VarUI2FromCy
GetRecordInfoFromGuids
VarRound
VarUI4FromUI2
SysReAllocString
VarUI4FromI8

msvcirt

?setlock@streambuf@@QAEXXZ
??0strstreambuf@@QAE@PADH0@Z
?base@streambuf@@IBEPADXZ
??_Distream_withassign@@QAEXXZ
??1ostream@@UAE@XZ
?rdbuf@ios@@QBEPAVstreambuf@@XZ
??0stdiostream@@QAE@ABV0@@Z
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
?fill@ios@@QAEDD@Z
?fd@ofstream@@QBEHXZ
?clog@@3Vostream_withassign@@A
?lockc@ios@@KAXXZ
?underflow@strstreambuf@@UAEHXZ
?seekg@istream@@QAEAAV1@J@Z
?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
??6ostream@@QAEAAV0@M@Z
?close@fstream@@QAEXXZ
??0istream_withassign@@QAE@PAVstreambuf@@@Z
?setg@streambuf@@IAEXPAD00@Z
??5istream@@QAEAAV0@PAC@Z
?fd@ifstream@@QBEHXZ
??1logic_error@@UAE@XZ
?peek@istream@@QAEHXZ
??0streambuf@@QAE@ABV0@@Z
?stossc@streambuf@@QAEXXZ
??_Eistream_withassign@@UAEPAXI@Z
??_8strstream@@7Bistream@@@
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
?overflow@stdiobuf@@UAEHH@Z
??_Gios@@UAEPAXI@Z
?sync_with_stdio@ios@@SAXXZ
??_Efilebuf@@UAEPAXI@Z
??0ifstream@@QAE@HPADH@Z
?clear@ios@@QAEXH@Z
?rdbuf@ofstream@@QBEPAVfilebuf@@XZ
??5istream@@QAEAAV0@AAH@Z
?stdiofile@stdiobuf@@QAEPAU_iobuf@@XZ

netapi32

NetUseEnum
NetServiceInstall
NetReplImportDirAdd
NetpwPathType
NetpGetConfigBool
I_NetLogonSamLogoff
DsAddressToSiteNamesExW
NetGroupSetUsers
NetShareEnum
DsValidateSubnetNameW
NetScheduleJobGetInfo
NetDfsAddStdRoot
NetpCloseConfigData
I_BrowserDebugTrace
NetpIsRemote
NetApiBufferFree
I_NetServerAuthenticate2
NetServerComputerNameDel
I_NetlogonComputeClientDigest
NetLocalGroupDel
DsGetDcNameWithAccountA
Netbios
DsGetForestTrustInformationW
RxRemoteApi
I_BrowserServerEnum
NetDfsGetClientInfo
NetGroupAddUser
I_NetDfsGetVersion
NlBindingAddServerToCache
I_NetServerPasswordSet2
NetFileGetInfo
I_NetServerGetTrustInfo
NetpMergeFtinfo
RxNetAccessGetUserPerms
NetpGetConfigDword
NetUserChangePassword
NetLocalGroupAdd
NetLocalGroupDelMember
I_NetServerPasswordSet
NetUserGetLocalGroups
NetServerTransportAdd
DsDeregisterDnsHostRecordsW
NetUserEnum
DsRoleUpgradeDownlevelServer
DsRoleAbortDownlevelServerUpgrade

cryptext

CryptExtOpenPKCS7
CryptExtOpenCERW
CryptExtOpenSTR
CryptExtOpenP7R
CryptExtAddCERW
CryptExtAddPFXW
CryptExtOpenCER
CryptExtAddCTLW
CryptExtAddP7RW
CryptExtAddP7R
CryptExtAddCRL
CryptExtOpenSTRW
CryptExtOpenCRLW
CryptExtAddCRLW
CryptExtAddPFX
CryptExtOpenCTL
CryptExtAddSPCW
CryptExtAddSPC
CryptExtOpenCRL
CryptExtOpenP7RW
CryptExtAddCER
CryptExtAddCTL
DllGetClassObject
CryptExtOpenCATW
CryptExtOpenCAT
CryptExtOpenCTLW
CryptExtOpenPKCS7W

msvcrt40

_findnext
wcsncmp
_commode
??_7istrstream@@6B@
labs
_creat
?clrlock@ios@@QAAXXZ
??_Eostream_withassign@@UAEPAXI@Z
??6ostream@@QAEAAV0@J@Z
_fcloseall
??_Gostream_withassign@@UAEPAXI@Z
pow
__iscsym
??_Eexception@@UAEPAXI@Z
??1strstream@@UAE@XZ
??0strstream@@QAE@XZ
??5istream@@QAEAAV0@AAG@Z
_sys_nerr
??0strstreambuf@@QAE@P6APAXJ@ZP6AXPAX@Z@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
??1Iostream_init@@QAE@XZ
_CIatan2
fread
_dup2
??6ostream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
_lrotl
_mbsbtype
??1ostream_withassign@@UAE@XZ
ispunct
_CIlog10
sqrt
__initenv
_wfullpath
iswxdigit

kernel32

LocalFlags
GetNamedPipeHandleStateW
SetConsoleWindowInfo
GetModuleHandleA
HeapCreate
GetFileType
MultiByteToWideChar
MoveFileWithProgressA
GetProcessShutdownParameters
GetTapeStatus
FindFirstVolumeMountPointW
SleepEx
GetSystemTime
LocalUnlock
CreateMutexW
HeapCompact
GetQueuedCompletionStatus
SetClientTimeZoneInformation
GetLocaleInfoW
LoadLibraryA
VirtualAlloc
FindFirstVolumeA
OpenJobObjectA
InterlockedPopEntrySList
lstrcpynA
GlobalFix
GetConsoleScreenBufferInfo
Beep
SetConsoleNlsMode
LCMapStringW
CreateRemoteThread
GlobalHandle
GetVolumeNameForVolumeMountPointA
LocalFree
lstrlenW
QueueUserWorkItem
GetProcessAffinityMask
lstrcatW
LocalAlloc
GetNativeSystemInfo
GetSystemTimeAsFileTime
GetConsoleCP

quartz

AMGetErrorTextA
AMGetErrorTextW
DllGetClassObject
DBToAmpFactor
AmpFactorToDB

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 555KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

311ff7bccc2ecfe4b9a36b741661f732

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

msvcirt

netapi32

cryptext

msvcrt40

kernel32

quartz

Sections

.text Size: 141KB - Virtual size: 141KB

.rdata Size: 120KB - Virtual size: 120KB

.data Size: 512B - Virtual size: 555KB

.rsrc Size: 122KB - Virtual size: 122KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 141KB - Virtual size: 141KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 512B - Virtual size: 555KB

.rsrc
Size: 122KB - Virtual size: 122KB

.reloc
Size: 1024B - Virtual size: 1024B