82dc82cb9157c21386889c3e1e2bef2a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

82dc82cb9157c21386889c3e1e2bef2a_JaffaCakes118
Size

47KB
MD5

82dc82cb9157c21386889c3e1e2bef2a
SHA1

0a6e7992b800b99c1f582b7ca8a97b641f3b117c
SHA256

935c771cbb2daa7516b8d634d896d49bdd835de3ecf103f5611b880ecd2d5cc3
SHA512

a31150dfd44e41e7bca1828fbd790b4fbef87061f05a0086666a25c98170a48f4a98c802b1d38e6f5c3a4ae68ce7164404c31696ba53999a09f7967dc68e804d
SSDEEP

768:NQkz035vRco97WXMVlFlBaxZG4udbSZZ5F/TA22WaV83iL9Wphue:NQg0p5x9ZlJsZG4w27JI/pi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82dc82cb9157c21386889c3e1e2bef2a_JaffaCakes118

Files

82dc82cb9157c21386889c3e1e2bef2a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f30f1c80fdde092802c511d019ff9c73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

QueryServiceStatus
EnumDependentServicesA
ElfClearEventLogFileW
GetUserNameA
RegQueryValueExW
StartServiceCtrlDispatcherA
WmiExecuteMethodW
GetTrusteeTypeW
EnumServicesStatusExA
UpdateTraceA
FreeInheritedFromArray
SaferiRecordEventLogEntry
SetEntriesInAclA
AccessCheckByTypeResultListAndAuditAlarmA
GetSecurityDescriptorGroup
OpenServiceA
SystemFunction008
WmiDevInstToInstanceNameA
StopTraceA

msvcirt

??4ostrstream@@QAEAAV0@ABV0@@Z
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??_Eistream_withassign@@UAEPAXI@Z
??0ifstream@@QAE@H@Z
?rdbuf@ios@@QBEPAVstreambuf@@XZ
??0exception@@QAE@ABV0@@Z
??5istream@@QAEAAV0@PAE@Z
??1strstreambuf@@UAE@XZ
??0strstream@@QAE@ABV0@@Z
?x_maxbit@ios@@0JA
??_8ifstream@@7B@
??1strstream@@UAE@XZ
?clog@@3Vostream_withassign@@A
??6ostream@@QAEAAV0@E@Z
??0istrstream@@QAE@ABV0@@Z
?setp@streambuf@@IAEXPAD0@Z
?rdbuf@stdiostream@@QBEPAVstdiobuf@@XZ
?seekg@istream@@QAEAAV1@J@Z

shlwapi

SHRegOpenUSKeyW
SHRegWriteUSValueA
StrToInt64ExA
SHCreateStreamOnFileEx
PathIsUNCW
SHRegSetPathW
SHDeleteEmptyKeyA
PathIsUNCServerA
StrPBrkA
PathIsNetworkPathA
SHReleaseThreadRef
AssocQueryKeyW
PathGetCharTypeA
PathMakeSystemFolderW
SHStrDupA
PathCreateFromUrlW
ColorAdjustLuma
PathIsSystemFolderW
PathFileExistsA
StrCpyNW
SHSetThreadRef
PathUnExpandEnvStringsW
SHRegDeleteEmptyUSKeyA
SHEnumValueA

msdtcprx

?Create@CNameService@@SGJPAPAV1@@Z
DTC_XaClose
?CreateInstance@CTmProxyCore@@SGJPAPAV1@PAUIUnknown@@@Z
ContactToNameObject
DllGetDTCUtilObject
?RemoveDtc@@YGJPAG00@Z
DTC_XaRollback
DTC_XaCommit
DTC_XaRecover
DllGetDTCConnectionManager
DTC_XaOpen
DllGetTransactionManagerCore
?GetDtcLogPath@@YGHKPAG@Z
DTC_XaForget
DllGetDTCProxy
ShutDownCM
?InstallDtcClient@@YGJPAGKK@Z
DTC_XaPrepare
DTC_XaEnd
DTC_XaComplete
DTC_XaStart

kernel32

VirtualAlloc
DebugActiveProcessStop
EnumResourceTypesW
RemoveDirectoryA
ClearCommError
GetConsoleAliasExesLengthW
QueryPerformanceCounter
_lcreat
GetSystemTimeAdjustment
SetVolumeMountPointW
WritePrivateProfileSectionA
SetVolumeLabelW
GetNamedPipeInfo
TlsGetValue
SetVolumeMountPointA
SetThreadExecutionState
GetEnvironmentStringsA
GetEnvironmentVariableW
GetCurrentProcessId
CopyFileExW
GetConsoleAliasW
DeleteFileA
GlobalAddAtomW
LoadLibraryA

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f30f1c80fdde092802c511d019ff9c73

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

msvcirt

shlwapi

msdtcprx

kernel32

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB