781c1ba91ab9ccfded31266454a32e40_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

781c1ba91ab9ccfded31266454a32e40_JaffaCakes118
Size

52KB
MD5

781c1ba91ab9ccfded31266454a32e40
SHA1

981b990a92d222b97dd9f85d444db052b42527a7
SHA256

9a0a2dfd6881de2338ef62af1c92459cb4abc7eb1a5aedbfc2aab01e948619d8
SHA512

75f9a248153ee5b2de836182f95ff8b8c6b4060785d536e629a9ec7ca0195fb4dc576c157ce93804a192b762e1d437339ff4506ef07f57bc48aaae157053e0ae
SSDEEP

768:CIi3gu2bkjLnEd5vIqp3KDwKAtfNChljGbyepSSbtUqFetam2iV:RiQuimIdLQAtfNCu9pMsi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
781c1ba91ab9ccfded31266454a32e40_JaffaCakes118

Files

781c1ba91ab9ccfded31266454a32e40_JaffaCakes118
.exe windows:5 windows x86 arch:x86

30aa4361ad62792f5d784eba0a53ec16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadPriorityBoost
GlobalAlloc
SetTimeZoneInformation
SetNamedPipeHandleState
FindActCtxSectionGuid
WriteProfileStringW
FillConsoleOutputCharacterA
DefineDosDeviceW
WriteProfileStringA
GenerateConsoleCtrlEvent
SetFileValidData
LoadLibraryA
SetDefaultCommConfigW
OpenJobObjectA
InterlockedIncrement
IsBadReadPtr
LZSeek
_lread
ResetWriteWatch
Process32NextW
FindNextChangeNotification
EnumSystemCodePagesA
LocalHandle
CloseHandle
GetCPInfo
AddAtomA
FreeEnvironmentStringsA
GetTempFileNameA
VirtualAlloc
GetShortPathNameW
GetTempFileNameW
GetEnvironmentStringsA
EndUpdateResourceA
CreateActCtxW
GetCurrentThread
FindFirstVolumeMountPointA
PeekConsoleInputA
FileTimeToDosDateTime
OpenSemaphoreW
GetNumaNodeProcessorMask
GetUserDefaultUILanguage
SetConsoleCursorPosition
Heap32ListNext
GlobalMemoryStatusEx
RegisterConsoleIME
GetNumaHighestNodeNumber
lstrlenW
GetTimeFormatA
IsBadWritePtr
ReadConsoleInputExA
GetConsoleWindow
PurgeComm
EnumCalendarInfoExW
SetTimerQueueTimer
LoadResource
ReadConsoleInputW
EnumCalendarInfoA
CreateSocketHandle
SetProcessAffinityMask
SetConsoleNumberOfCommandsW
ReleaseMutex
ReleaseSemaphore
ReadDirectoryChangesW
GetGeoInfoA
WaitForSingleObjectEx
OpenFileMappingA
LZCreateFileW
SetFileAttributesW
ConvertDefaultLocale
ScrollConsoleScreenBufferW
GetThreadLocale
DeleteVolumeMountPointA
LeaveCriticalSection
SetLastError
LockResource
HeapWalk
PeekConsoleInputW
GetDateFormatA
ReadFile
SetErrorMode
PrivCopyFileExW
MapUserPhysicalPages
lstrcmpA
lstrcpyA
TlsAlloc
DuplicateHandle
IsBadHugeWritePtr
MultiByteToWideChar
Module32Next
DisconnectNamedPipe
SetCurrentDirectoryA

msdart

??0CLKRHashTableStats@@QAE@XZ
??4CReaderWriterLock@@QAEAAV0@ABV0@@Z
?ReadLock@CLKRHashTable@@QBEXXZ
?ConvertExclusiveToShared@CLKRHashTable@@QBEXXZ
MpHeapValidate
?sm_llGlobalList@CLKRHashTable@@0VCLockedDoubleList@@A
?GetDefaultSpinCount@CCritSec@@SGGXZ
?IsEmpty@CDoubleList@@QBE_NXZ
?IsWriteLocked@CCritSec@@QBE_NXZ
?ApplyIf@CLKRHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@ZP6G?AW4LK_ACTION@@01@Z1W4LK_LOCKTYPE@@@Z
?GetDefaultSpinCount@CSpinLock@@SGGXZ
?InsertTail@CDoubleList@@QAEXQAVCListEntry@@@Z
?SetDefaultSpinCount@CFakeLock@@SGXG@Z
?First@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?HeadNode@CDoubleList@@QBEQBVCListEntry@@XZ
?TryWriteLock@CReaderWriterLock3@@QAE_NXZ
?WriteUnlock@CSmallSpinLock@@QAEXXZ
?_Clear@CLKRLinearHashTable@@AAEX_N@Z
??4CMdVersionInfo@@QAEAAV0@ABV0@@Z
?ConvertExclusiveToShared@CCritSec@@QAEXXZ
?IsEmpty@CLockedSingleList@@QBE_NXZ
?ReadUnlock@CCritSec@@QAEXXZ
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock@@SGXN@Z
FXMemDetach
?_FindRecord@CLKRLinearHashTable@@ABE?AW4LK_RETCODE@@PBXK@Z
?_RemoveThisFromGlobalList@CLKRLinearHashTable@@AAEXXZ
?IsReadLocked@CLKRLinearHashTable@@QBE_NXZ
?IsWinNT4@CMdVersionInfo@@SAHXZ
?ConvertExclusiveToShared@CReaderWriterLock2@@QAEXXZ
?RemoveHead@CDoubleList@@QAEQAVCListEntry@@XZ
?SetDefaultSpinCount@CReaderWriterLock2@@SGXG@Z
??1CLockedSingleList@@QAE@XZ
?WriteLock@CSmallSpinLock@@QAEXXZ
SetMemHook
?TryReadLock@CReaderWriterLock3@@QAE_NXZ

advapi32

RegCloseKey
EnableTrace
AbortSystemShutdownA
RegQueryValueA
GetSecurityDescriptorOwner
LsaSetSecurityObject
LsaGetUserName
GetAuditedPermissionsFromAclA
EnumServicesStatusExW
OpenTraceA
WmiEnumerateGuids
StartServiceCtrlDispatcherW
GetUserNameW
BuildImpersonateTrusteeA
OpenEncryptedFileRawW
ElfClearEventLogFileA
CryptGenRandom
CreatePrivateObjectSecurityEx
GetFileSecurityW
ImpersonateSelf
LsaGetRemoteUserName
EqualDomainSid
SystemFunction019
ConvertStringSidToSidW
WmiMofEnumerateResourcesW
FreeEncryptedFileKeyInfo
ClearEventLogW
LookupPrivilegeDisplayNameW
RegCreateKeyExA

msvcrt40

_strdup
bsearch
?flags@ios@@QBEJXZ
_close
_filelengthi64
??_Eostrstream@@UAEPAXI@Z
_setjmp
??_Gostream_withassign@@UAEPAXI@Z
??5istream@@QAEAAV0@AAJ@Z
??0stdiobuf@@QAE@ABV0@@Z
??_Diostream@@QAEXXZ
__iscsymf
??0strstream@@QAE@XZ
_mbstok
??0istream@@QAE@PAVstreambuf@@@Z
_lrotl
??_7ostrstream@@6B@
??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z
??0istrstream@@QAE@PAD@Z
_kbhit
_popen
__p__osver
wcsncpy
__pxcptinfoptrs
wcscmp
log
??_Gbad_typeid@@UAEPAXI@Z
_getcwd
scanf
mktime
_wpopen
?clrlock@streambuf@@QAEXXZ
??1fstream@@UAE@XZ
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
_HUGE
clock
_winmajor
_ismbcgraph
??1ostream_withassign@@UAE@XZ
??4exception@@QAEAAV0@ABV0@@Z
??6ostream@@QAEAAV0@D@Z
_CIsin
?sunk_with_stdio@ios@@0HA
??_Gistream@@UAEPAXI@Z

rasman

RasRpcDeviceEnum
RasRpcRemoteGetSystemDirectory
RasPortSend
RasBundleGetStatistics
RasSetEapUserInfo
RasGetProtocolInfo
RasGetUnicodeDeviceName
RasRegisterRedialCallback
RasPortFree
RasCompressionSetInfo
RasRpcGetUserPreferences
RasRpcGetInstalledProtocols
RasBundleClearStatistics
RasPortReceive
RasGetInfo
RasConnectionGetStatistics
RasLinkGetStatistics
RasSignalNewConnection
RasPortReserve
RasSendCreds
RasServerPortClose
RasGetDialParams
RasRpcPortGetInfo
RasPortListen
RasDeviceGetInfo

Sections

.text
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30aa4361ad62792f5d784eba0a53ec16

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msdart

advapi32

msvcrt40

rasman

Sections

.text Size: 37KB - Virtual size: 40KB

.rdata Size: 9KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 64KB

.rsrc Size: 3KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 37KB - Virtual size: 40KB

.rdata
Size: 9KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 64KB

.rsrc
Size: 3KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB