84cb0895b27de2de7a8ac7218c677813_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

84cb0895b27de2de7a8ac7218c677813_JaffaCakes118
Size

824KB
MD5

84cb0895b27de2de7a8ac7218c677813
SHA1

f3fb738533c43331e719ec0febd04c69b7888a78
SHA256

1633c3512f398d7f3edd346f983be653f42003bc6b46b1dfacab44c63c61bfa0
SHA512

fe1f732d9028781feb0724003580c5271df5f9884ccf71405b1d62786e6e656f5ec1a58beeaab2ad5442e91488eaf99e6e451ea650c800d5aaea250551d164c2
SSDEEP

24576:4y4yBvswOf7p1WY7xpdnZt9IYFxD6aGEkupH:tfxAp1dVfnZ8Y7VH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84cb0895b27de2de7a8ac7218c677813_JaffaCakes118

Files

84cb0895b27de2de7a8ac7218c677813_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9a500ab97a51ca7cd8d1c1a4e667542f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleCommandHistoryLengthA
FindNextFileW
ExpungeConsoleCommandHistoryW
_lcreat
GetTimeFormatW
GetExitCodeProcess
GetSystemWindowsDirectoryW
GetVolumePathNameW
FindFirstVolumeA
GetCompressedFileSizeW
CreateMemoryResourceNotification
ExpandEnvironmentStringsA
VirtualAlloc
Module32Next
GetLogicalDriveStringsW
SetConsoleFont
LoadLibraryA
ConvertFiberToThread
SetConsoleHardwareState
AttachConsole
WTSGetActiveConsoleSessionId
GetNamedPipeInfo
GetProcAddress
lstrcmpi
_hread
GlobalWire
HeapSize
VerifyVersionInfoW
GetProcessPriorityBoost
GetSystemTimeAsFileTime
GetConsoleCharType
GetProcessShutdownParameters
GetTimeFormatA
GetSystemDefaultLangID
ReadFile
SetConsoleCursorPosition
GetPrivateProfileStringW
RegisterConsoleVDM

msvcrt40

wcsncmp
?rdbuf@stdiostream@@QBEPAVstdiobuf@@XZ
_access
??0stdiobuf@@QAE@PAU_iobuf@@@Z
_mbscoll
fgetc
_spawnlp
fgets
__p__winminor
?attach@ofstream@@QAEXH@Z
??0Iostream_init@@QAE@AAVios@@H@Z
tan
_chdir
??6ostream@@QAEAAV0@G@Z
_mbsnset
asctime
?is_open@ofstream@@QBEHXZ
??0ios@@IAE@XZ
_ismbcl1
__toascii
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
fopen
_y1
_heapchk
_statusfp
??_Dfstream@@QAEXXZ
sprintf
_mbsncpy
_mbbtype
sin
??_8iostream@@7Bostream@@@
_spawnve
strcoll
??5istream@@QAEAAV0@AAE@Z
__p__wenviron

rpcrt4

NdrMesSimpleTypeEncode
tree_peek_ndr
NdrPointerMarshall
NdrMesSimpleTypeAlignSize
MesEncodeFixedBufferHandleCreate
RpcBindingToStringBindingW
RpcSsFree
NdrUserMarshalBufferSize
RpcMgmtWaitServerListen
NdrClientCall2
NdrNonEncapsulatedUnionFree
RpcBindingSetOption
NdrPointerFree
NdrRpcSmClientFree
NdrFullPointerXlatInit
UuidCreateSequential
SimpleTypeAlignment
NdrConformantArrayBufferSize
IUnknown_AddRef_Proxy
UuidCreateNil
RpcFreeAuthorizationContext
NdrPartialIgnoreServerInitialize
I_RpcBindingInqLocalClientPID
TowerConstruct
NdrServerInitializeUnmarshall
NDRCContextMarshall
NdrCorrelationFree
NdrDllUnregisterProxy
MesIncrementalHandleReset
NdrNonEncapsulatedUnionMarshall

certcli

CAEnumNextCertType
CAOIDAdd
CAFindByCertType
CACertTypeAccessCheck
CAGetCASecurity
CAGetCertTypeFlags
CASetCertTypeExpiration
CAUpdateCA
DllGetClassObject
DllCanUnloadNow
GetProxyDllInfo
CAFreeCertTypeExtensions
CAGetCertTypeKeySpec
CASetCertTypeKeySpec
CAGetCertTypeFlagsEx
CASetCertTypeFlagsEx
CAGetCertTypeExpiration
CAFindByIssuerDN
CADeleteCA
CADeleteCertType
CAOIDSetProperty
CASetCAFlags
CAOIDFreeLdapURL
CAIsCertTypeCurrent
DllInstall
CAOIDDelete
CAAccessCheck
CACountCertTypes
CAFindByName
CACreateNewCA
CAAddCACertificateType
CACertTypeGetSecurity
CASetCertTypePropertyEx
CAOIDGetLdapURL
CAGetCACertificate
CAEnumNextCA
DllUnregisterServer
CACertTypeQuery
CAGetCertTypeExtensions
CAGetCertTypePropertyEx
CAFindCertTypeByName
CAGetCAExpiration
CACloneCertType

query

?GetPropInfo@CEmptyPropertyList@@QAEHPBGPAPAVCDbColId@@PAGPAI@Z
?SetBOOL@CStorageVariant@@QAEXFI@Z
?VT_VARIANT_GT@@YGHABUtagPROPVARIANT@@0@Z
?GetVPathSSLAccess@CMetaDataMgr@@QAEKPBG@Z
?EnumerateValues@CRegAccess@@QAEXPAGAAVCRegCallBack@@@Z
?Find@CEmptyPropertyList@@QAEPBVCPropEntry@@ABVCDbColId@@@Z
?MakeBackupCopy@CPidLookupTable@@QAEXAAVPRcovStorageObj@@AAVPSaveProgressTracker@@@Z
?Close@CPipeClient@@IAEXXZ
?GetI4@CAllocStorageVariant@@QBEJI@Z
?AppendListElement@CDbProjectListAnchor@@QAEHABUtagDBID@@PAG@Z
?Empty@CPropStoreManager@@QAEXXZ
?ChangeCurrentScope@CCatState@@QAEXPBG@Z
?SetI8@CStorageVariant@@QAEXT_LARGE_INTEGER@@I@Z
?GetFloat@CMemDeSerStream@@UAEMXZ
?ReadProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@@Z
?GetPropInfo@CEmptyPropertyList@@QAEHABVCDbColId@@PAPBGPAGPAI@Z
?GetDrive@CDriveInfo@@SGXPBGPAG@Z
InitializeCIISAPIPerformanceData
?Get@CWin32RegAccess@@QAEHPBGPAGIH@Z
?EnumerateFilesInDir@CiStorage@@SGXPBGAAVCEnumString@@@Z
?UnMarshall@CDbProp@@QAEHAAVPDeSerStream@@@Z
??0CFileBuffer@@QAE@AAVCFileMapView@@I@Z
?SetLPSTR@CStorageVariant@@QAEXPBDI@Z
?GrowBuffer@CVirtualString@@AAEXK@Z
??0CCatState@@QAE@XZ
?MakeISearch@@YGJPAPAUISearchQueryHits@@PAVCDbRestriction@@PBG@Z
?WritePrimaryProperty@CPropStoreManager@@QAEJKKABVCStorageVariant@@@Z
?Release@CEmptyPropertyList@@UAGKXZ
?ciNew@@YGPAXI@Z
?GetFileName@CPathParser@@QBEHPAGAAK@Z
?BuildRegistryPropertiesKey@@YGXAAV?$XArray@G@@PBG@Z
??0CRangeKeyRepository@@QAE@XZ
?IsValid@CRestriction@@QBEHXZ
?QueryInterface@CDbProperties@@UAGJABU_GUID@@PAPAX@Z
?UnMarshallTree@CDbCmdTreeNode@@SGPAV1@AAVPDeSerStream@@@Z
??1CSizeSerStream@@UAE@XZ
??0CAllocStorageVariant@@QAE@PBDAAVPMemoryAllocator@@@Z
?SaCreateData@@YGHAAVPVarAllocator@@GAAUtagSAFEARRAY@@1H@Z
?QueryInterface@CFwPropertyMapper@@UAGJABU_GUID@@PAPAX@Z
?GetAllEntries@CPropertyList@@UAEJPAPAVCPropEntry@@K@Z
LocateCatalogsA
??0CDFA@@QAE@PBGAAVCTimeLimit@@E@Z
??0CDbNatLangRestriction@@QAE@PBGABUtagDBID@@K@Z

msvcrt20

_wgetdcwd
?fd@ifstream@@QBEHXZ
_putws
?dbp@streambuf@@QAEXXZ
asctime
?oct@@YAAAVios@@AAV1@@Z
_ismbbkalnum
__p__mbctype
?gcount@istream@@QBEHXZ
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
_kbhit
pow
strrchr
?binary@filebuf@@2HB
_assert
??1stdiobuf@@UAE@XZ
?flags@ios@@QAEJJ@Z
_wexecvp
_chdrive
_endthreadex
_mtlock
__iscsym
?seekpos@streambuf@@UAEJJH@Z
?gptr@streambuf@@IBEPADXZ
__p___wargv
?unbuffered@streambuf@@IBEHXZ
_mbctype
?setmode@ifstream@@QAEHH@Z
_cabs
?osfx@ostream@@QAEXXZ

gdi32

ArcTo
ScaleWindowExtEx
DeviceCapabilitiesExA
RestoreDC
DrawEscape
SetICMProfileW
GdiConvertBitmapV5
GdiSetPixelFormat
DdEntry51
StartPage
XLATEOBJ_iXlate
GdiEndPageEMF
IntersectClipRect
GdiGetPageHandle
SetTextCharacterExtra
GetTextAlign
DeleteMetaFile
GetCharABCWidthsFloatW
GetKerningPairsA
GetCharWidth32W
EngAcquireSemaphore
Ellipse
CreateFontIndirectA
SwapBuffers
MirrorRgn
GdiConsoleTextOut
GetGlyphOutline
GdiGetLocalFont
EnumFontsW
GetEUDCTimeStamp
GdiConvertMetaFilePict
EngPaint
GdiGetLocalBrush
GetPixelFormat
GdiStartDocEMF
Polyline
BeginPath
DdEntry32
BRUSHOBJ_ulGetBrushColor

oledlg

OleUIUpdateLinksA
OleUIChangeIconW
OleUIPasteSpecialA
OleUIEditLinksA
OleUIBusyA
OleUIChangeIconA
OleUIChangeSourceW
OleUIInsertObjectW
OleUIConvertA
OleUIPasteSpecialW
OleUIObjectPropertiesW
OleUIUpdateLinksW
OleUIAddVerbMenuW
OleUICanConvertOrActivateAs
OleUIObjectPropertiesA
OleUIInsertObjectA
OleUIAddVerbMenuA
OleUIConvertW
OleUIChangeSourceA
OleUIEditLinksW
OleUIPromptUserA
OleUIBusyW
OleUIPromptUserW

wldap32

ldap_add_ext_s
ldap_dn2ufnW
ldap_create_page_controlW
ldap_search_extA
ldap_extended_operation_sW
ldap_openW
ldap_search_ext_sA
ldap_get_paged_count
ldap_create_sort_controlW
ldap_delete_ext_sA
ldap_escape_filter_elementA
ldap_modify_ext
ldap_addA
ldap_search_init_pageA
ldap_parse_resultA
ldap_modify_sA
ber_printf
ldap_create_page_controlA
ldap_parse_page_controlW
ldap_msgfree
ldap_get_dn
ldap_modrdn_s
ldap_initA
ldap_next_entry
ldap_perror
ldap_modify_sW

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 573KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a500ab97a51ca7cd8d1c1a4e667542f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt40

rpcrt4

certcli

query

msvcrt20

gdi32

oledlg

wldap32

Sections

.text Size: 115KB - Virtual size: 114KB

.rdata Size: 128KB - Virtual size: 127KB

.data Size: 573KB - Virtual size: 1.9MB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 312B

.text
Size: 115KB - Virtual size: 114KB

.rdata
Size: 128KB - Virtual size: 127KB

.data
Size: 573KB - Virtual size: 1.9MB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 312B