8334a16298490f2069e25363f7bfb5c5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8334a16298490f2069e25363f7bfb5c5_JaffaCakes118
Size

71KB
MD5

8334a16298490f2069e25363f7bfb5c5
SHA1

f6645ae9e3098e0d0b900eb7a6d2b20e5d91fc23
SHA256

be2b7ac5cd25a5f53899bba2777894d652f1f9599e7e2d2f1df13795d3a95ba6
SHA512

c4e4e138c671fa995120d5466cf917a70194c76daa7467d156d9374a3a6138af40c507ff7a486ba8cc1be7079e61730a5aa3388c541ee823a48e924babba3d41
SSDEEP

1536:SgCudWs4BRUqHkwE/kKyjb5GmqvvcVUQU:DCUWs4cqR+kKAbgcVU1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8334a16298490f2069e25363f7bfb5c5_JaffaCakes118

Files

8334a16298490f2069e25363f7bfb5c5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

65aa5890b097399f5ddd496505c862df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetAddConnection3A
WNetGetConnection3W
WNetUseConnectionA
WNetGetDirectoryTypeA
WNetSetLastErrorA
WNetDisconnectDialog
WNetGetPropertyTextW
I_MprSaveConn
WNetPasswordChangeNotify
WNetGetNetworkInformationA
WNetGetUserA
WNetDirectoryNotifyW
WNetPropertyDialogW
WNetDisconnectDialog1W
MultinetGetConnectionPerformanceA
WNetGetConnection3A
WNetFormatNetworkNameW
WNetOpenEnumW
WNetGetConnectionA
WNetGetProviderNameA
WNetAddConnectionA
WNetGetDirectoryTypeW
WNetUseConnectionW
WNetOpenEnumA
WNetLogonNotify
WNetGetResourceParentA
WNetCancelConnectionW
WNetDisconnectDialog2
WNetConnectionDialog1W
MultinetGetConnectionPerformanceW
WNetGetResourceInformationA
WNetCancelConnection2W
WNetGetProviderTypeA

kernel32

FileTimeToSystemTime
CreateConsoleScreenBuffer
SetFileAttributesW
SetSystemPowerState
CreateNamedPipeA
LoadLibraryA
WaitNamedPipeW
ReadConsoleOutputA
GetProfileSectionW
IsValidLocale
GetCurrentDirectoryW
GetNativeSystemInfo
GetHandleContext
NlsGetCacheUpdateCount
DeleteCriticalSection
ReadConsoleOutputAttribute
GetCPInfoExA
LeaveCriticalSection
VirtualAlloc
_lwrite
GetNextVDMCommand
EnterCriticalSection
ConvertThreadToFiber
GlobalMemoryStatusEx
WritePrivateProfileSectionW
SetVolumeMountPointA
_lclose
FindFirstChangeNotificationW
GetUserGeoID
SetUnhandledExceptionFilter
ReplaceFileA
ReadConsoleOutputW
FindFirstFileA

oleaut32

VarUI8FromI1
SafeArrayDestroyData
VarI8FromBool
VarBstrFromI2
VarCyMul
VarUI2FromBool
VarCyCmp
LoadRegTypeLib
SafeArrayCreate
VarInt
SafeArrayAccessData
VarR4FromDec
VarDecFromUI1
VarR8FromI1
VarDecFromStr
VarBoolFromCy
SafeArrayGetIID
RevokeActiveObject
VarBstrFromUI2
VarR4FromI4
VarUI4FromR4
VarUI1FromUI8
BSTR_UserMarshal
VarI2FromR8
SafeArrayCopy
VarI4FromR8
VarI1FromI4
VarR4FromUI2
VarUI8FromI8
SafeArrayAllocDescriptor
VarDecAdd
VarDateFromR4
VarDecFromUI4
VarI8FromUI8
VarR8FromI4

cscdll

CSCFindFirstFileForSidW
CSCQueryFileStatusW
CSCTransitionServerOnlineW
CSCIsServerOfflineW
CSCSetMaxSpace
CSCIsCSCEnabled
CSCDeleteW
CSCUnpinFileW
CSCEnumForStatsExW
CSCFindFirstFileW
CSCFindClose
CSCFindNextFileW
CSCPinFileW
CSCDoEnableDisable
CSCEnumForStatsW

setupapi

SetupDiGetClassImageListExA
SetupDiInstallClassExA
CM_Add_Empty_Log_Conf_Ex
SetupQuerySourceListW
SetupLogErrorA
SetupAddInstallSectionToDiskSpaceListW
CM_Set_DevNode_Registry_PropertyW
SetupDiGetHwProfileFriendlyNameExW
SetupDiInstallClassExW
SetupDiGetClassRegistryPropertyA
SetupRenameErrorA
CM_Get_Child
CM_Locate_DevNodeA
CM_Get_Device_Interface_List_SizeW
SetupFreeSourceListW
SetupDiInstallDevice
pSetupIsUserAdmin
SetupVerifyInfFileA
SetupDiGetActualSectionToInstallW
CM_Get_Device_IDA
SetupDiDeleteDeviceInterfaceRegKey
SetupDiGetClassDevsExA
CM_Merge_Range_List
SetupQueueDeleteW
SetupInstallServicesFromInfSectionA
pSetupOutOfMemory
SetupGetInfInformationA
SetupOpenMasterInf
SetupPromptForDiskA
CM_Set_DevNode_Problem
SetupGetSourceInfoW

lz32

LZCloseFile
LZOpenFileA
LZDone
LZRead
LZCreateFileW
LZOpenFileW
LZInit
GetExpandedNameA
CopyLZFile
LZSeek
LZClose
GetExpandedNameW
LZCopy
LZStart

msvcp60

?id@?$collate@D@std@@2V0locale@2@A
??Gstd@@YA?AV?$complex@N@0@ABNABV10@@Z
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
?sqrt@?$_Ctr@O@std@@SAOO@Z
?norm@std@@YANABV?$complex@N@1@@Z
_LSinh
?underflow@strstreambuf@std@@MAEHXZ
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PAG0PBG1@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??Kstd@@YA?AV?$complex@N@0@ABNABV10@@Z
?max@?$numeric_limits@C@std@@SACXZ
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
??Bid@locale@std@@QAEIXZ
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?denorm_min@?$numeric_limits@E@std@@SAEXZ
?max@?$numeric_limits@E@std@@SAEXZ
?setstate@ios_base@std@@QAEXF@Z
??X?$_Complex_base@O@std@@QAEAAV01@ABO@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIABV12@@Z
?curr_symbol@?$_Mpunct@D@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?denorm_min@?$numeric_limits@_N@std@@SA_NXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@@Z
??Nstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??Pstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??1?$collate@G@std@@UAE@XZ
?do_neg_format@?$_Mpunct@G@std@@MBE?AUpattern@money_base@2@XZ
?opfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE_NXZ
?open@?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXPBDH@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?_Isnan@?$_Ctr@N@std@@SA_NN@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAPAG0PAH001@Z

msvcrt

exit
__p__commode
__getmainargs
__set_app_type

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65aa5890b097399f5ddd496505c862df

Headers

DLL Characteristics

File Characteristics

Imports

mpr

kernel32

oleaut32

cscdll

setupapi

lz32

msvcp60

msvcrt

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 87KB - Virtual size: 87KB

.data Size: 14KB - Virtual size: 188KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 87KB - Virtual size: 87KB

.data
Size: 14KB - Virtual size: 188KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B