8614991e89ce09debd42fabda88b6322_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8614991e89ce09debd42fabda88b6322_JaffaCakes118
Size

33KB
MD5

8614991e89ce09debd42fabda88b6322
SHA1

9a37f3da0ee2f812efb65b759f51904a1fa69038
SHA256

579ce458dee9bdd662d1935adf0eb1ceea7e201610eb880c4f00b464322cc801
SHA512

84d3fc90d1113ee694d66a7512ac93b0762b5f946ae5eb528ba0ff2138cb150fd18124f6a12898a09e8d317c7d4f977bed78354dd5d4c64ce1ef957ceab77ad6
SSDEEP

768:1L07dW+JCIU3jNg/raY82/lsO8l7CZj+W5hS+WV8EOF0s:1YJW+cIU9MkQj5hS+m8EOb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8614991e89ce09debd42fabda88b6322_JaffaCakes118

Files

8614991e89ce09debd42fabda88b6322_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b3b93ba9d8b1775dfb9dd85a7cb31aae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetpCleanFtinfoContext
I_NetLogonControl2
DsRoleDcAsReplica
NetLocalGroupAddMember
NetGroupAddUser
NetReplImportDirLock
RxRemoteApi
RxNetAccessGetUserPerms
NetShareDelSticky
NetRemoteTOD
NetUserModalsSet
NetUserGetInfo
DsRoleAbortDownlevelServerUpgrade
NetWkstaGetInfo
NetRegisterDomainNameChangeNotification
I_BrowserQueryOtherDomains
NetBrowserStatisticsGet
I_BrowserSetNetlogonState
I_BrowserDebugTrace
NetShareDel
DsGetDcNextA
I_NetDatabaseSync
NetConnectionEnum
I_NetServerTrustPasswordsGet
NetLocalGroupGetInfo
NetLocalGroupDelMembers
I_NetAccountSync
NetReplExportDirLock
DsEnumerateDomainTrustsA
DsGetDcOpenA
NetLocalGroupAddMembers
DsMergeForestTrustInformationW
NetDfsAddStdRoot
RxNetAccessSetInfo
NetLocalGroupSetInfo
NetpwPathCanonicalize
NetMessageNameAdd
NetReplExportDirSetInfo
NetpSetFileSecurity
NetpAllocFtinfoEntry
DsGetDcSiteCoverageW
NetGetJoinInformation
NetReplSetInfo
NetAuditWrite
NlBindingAddServerToCache
NetReplImportDirEnum
I_NetDatabaseDeltas
RxNetAccessDel
NetGetAnyDCName
DsRoleDnsNameToFlatName
RxNetAccessAdd
NetReplExportDirUnlock
NetServerDiskEnum
NetShareEnum
I_NetServerGetTrustInfo
NetFileClose
NetWkstaUserEnum

lpk

ftsWordBreak
LpkDllInitialize
LpkTabbedTextOut
LpkInitialize
LpkPSMTextOut
LpkEditControl
LpkDrawTextEx
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkUseGDIWidthCache
LpkExtTextOut

msvcp60

??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@N@0@@Z
??_7?$basic_fstream@GU?$char_traits@G@std@@@std@@6B@
mbrtowc
?_Tidy@?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@IAEXXZ
??4?$numeric_limits@H@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?eq@?$char_traits@D@std@@SA_NABD0@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@GABV10@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z
?do_tolower@?$ctype@D@std@@MBEPBDPADPBD@Z
?_Callfns@ios_base@std@@AAEXW4event@12@@Z
??Gstd@@YA?AV?$complex@N@0@ABNABV10@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??_7time_base@std@@6B@
?real@?$_Complex_base@M@std@@QBEMXZ
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?decimal_point@?$_Mpunct@D@std@@QBEDXZ
??Hstd@@YA?AV?$complex@N@0@ABNABV10@@Z
??_7?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
?freeze@strstreambuf@std@@QAEX_N@Z
?id@?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A

shlwapi

StrRChrA
SHDeleteEmptyKeyW
UrlApplySchemeA
PathFindNextComponentW
SHGetThreadRef
SHEnumKeyExW
StrCmpW
SHEnumValueW
SHAutoComplete
StrCpyW
SHRegDeleteEmptyUSKeyA
SHRegQueryInfoUSKeyA
StrChrW
PathFindOnPathW
StrRetToStrA
StrCmpNIW
SHSetValueW
UrlCompareA
StrToIntW
PathRemoveBackslashA
StrSpnW
PathIsSystemFolderA
StrRChrIW
SHCreateStreamOnFileW
wvnsprintfW
PathMatchSpecW
SHIsLowMemoryMachine
PathIsUNCServerShareW
UrlIsNoHistoryA
PathAppendA
PathIsContentTypeA
PathFindExtensionA
SHRegDeleteUSValueW
UrlIsA
SHCreateStreamOnFileA
StrRStrIA
PathIsPrefixW
SHRegEnumUSValueW
PathGetArgsW
AssocQueryStringByKeyW
SHQueryValueExW
SHGetInverseCMAP
StrRetToStrW
SHOpenRegStreamA
StrRetToBSTR
SHDeleteKeyW
SHRegQueryInfoUSKeyW
StrRetToBufW
PathFileExistsW
PathFindSuffixArrayA
AssocQueryKeyW
PathFindFileNameA
StrCSpnIW
UrlIsW
PathRemoveExtensionA
PathIsLFNFileSpecA
StrPBrkA
PathIsDirectoryEmptyA
PathIsUNCA
SHQueryInfoKeyA
SHRegDeleteEmptyUSKeyW
PathCompactPathExA
PathUnmakeSystemFolderA
PathIsLFNFileSpecW
PathCompactPathA
PathUnmakeSystemFolderW
PathRemoveBackslashW
SHRegOpenUSKeyW
SHCreateStreamOnFileEx
HashData
StrTrimA
SHRegWriteUSValueW
ChrCmpIW
SHRegDeleteUSValueA
StrFormatByteSizeW

mapi32

MAPIGetDefaultMalloc@0
MapStorageSCode@4
WrapCompressedRTFStream
FBadRglpszW@8
UlPropSize@4
BMAPIFindNext
SwapPlong@8
UNKOBJ_Free@8
cmc_look_up
BMAPIGetReadMail
FBadRestriction@4
HrDecomposeEID@28
FBadRglpNameID@8
GetTnefStreamCodepage@12
UNKOBJ_ScCOAllocate@12
MAPIAddress
FDecodeID@12
HrAllocAdviseSink@12
OpenTnefStreamEx@32
HrSetOmiProvidersFlagsInvalid@4
FtMulDwDw@8
HrThisThreadAdviseSink@8
UNKOBJ_ScAllocateMore@16
CchOfEncoding@4
BMAPIAddress
FreePadrlist@4
InstallFilterHook@4
MAPILogoff
BMAPISaveMail
ScDupPropset@16
FPropCompareProp@12
ScMAPIXFromCMC
__ValidateParameters@8
ScCreateConversationIndex@16
cmc_read
MAPISaveMail
FBinFromHex@8
OpenIMsgOnIStg@44
HrSetOneProp@8
FixMAPI@0
CreateTable@36
LaunchWizard@20

mspatcha

ApplyPatchToFileExA
ApplyPatchToFileByHandles
ApplyPatchToFileA
ApplyPatchToFileByHandlesEx
TestApplyPatchToFileA
ApplyPatchToFileExW
GetFilePatchSignatureA
TestApplyPatchToFileByHandles
ApplyPatchToFileW
GetFilePatchSignatureW
TestApplyPatchToFileW
GetFilePatchSignatureByHandle

opengl32

glFogiv
glTexImage1D
glTexCoord4i
glEvalCoord2dv
glTranslated
glCopyTexImage2D
glBegin
glIsTexture
glLightModelfv
glGetPixelMapusv
glIndexs
glTexParameteri
glBindTexture
glClearIndex
glRasterPos3dv
glListBase
glClearAccum
glRectf
glVertex2dv
glRasterPos3f
glFogfv
glRasterPos4i
glColorPointer
glEvalPoint1
glTexCoord4f
glGetTexLevelParameteriv
glPushName
glColor4ub
glEdgeFlagPointer
glGetMaterialfv
glTexCoord2i
glEvalCoord1f
glColor3s
glTexParameterf
glIndexPointer
glPixelMapusv
glTexCoord4d
glVertex2i
glColor3ui
glNormal3i
glColor4fv
glColor3ubv
glDisableClientState
glRasterPos4d
glPushAttrib
glColor4sv

msvcrt20

?seekg@istream@@QAEAAV1@J@Z
_strdate
__isascii
_lrotr
?underflow@filebuf@@UAEHXZ
??6ostream@@QAEAAV0@C@Z
memcmp
mbstowcs
_controlfp
__p__iob
_atoldbl
_setmode
_wutime
_mbsnbicmp
?hex@@YAAAVios@@AAV1@@Z
_toupper
_wsearchenv
?setmode@ifstream@@QAEHH@Z
??0fstream@@QAE@ABV0@@Z
_fstat
ungetwc
_putch
_CIacos
_mbscmp
??_7ifstream@@6B@
_adj_fdiv_m64
strerror
_beep
?rdbuf@ifstream@@QBEPAVfilebuf@@XZ
?gptr@streambuf@@IBEPADXZ
_safe_fdiv
_getws
__p__winminor
_isnan
feof
_tcsnccnt
_mbctoupper
_heapset
??0ostream_withassign@@QAE@ABV0@@Z
?sync@streambuf@@UAEHXZ
??0Iostream_init@@QAE@XZ
_ismbslead
??6ostream@@QAEAAV0@F@Z
__iscsymf
?blen@streambuf@@IBEHXZ
_control87
?setf@ios@@QAEJJ@Z
??5istream@@QAEAAV0@AAG@Z
??4istream@@IAEAAV0@ABV0@@Z
?ebuf@streambuf@@IBEPADXZ
fabs
wcstok
?lock@streambuf@@QAEXXZ
_local_unwind2
_snprintf
??_8strstream@@7Bistream@@@
_vsnprintf
??5istream@@QAEAAV0@PAD@Z
??5istream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
__p__commode
_tcsnccmp
_cprintf
_fcvt
??_Estrstream@@UAEPAXI@Z
??0istrstream@@QAE@PAD@Z
_getdrives
iswctype
_wsystem
_tclen
_ismbcprint
strcmp
?doallocate@streambuf@@MAEHXZ
_CIlog10
_fullpath
?pbackfail@stdiobuf@@UAEHH@Z
clock
_ismbbkpunct
_wstrdate
??_8iostream@@7Bistream@@@

kernel32

EnumResourceNamesW
GetModuleHandleA
GetConsoleCommandHistoryLengthA
VirtualAlloc
GetCurrentProcess
GetTempFileNameA
GlobalAddAtomA
GetDiskFreeSpaceA
GetSystemTimeAsFileTime
GetStartupInfoA
SetLocalTime
_lopen
CreateNamedPipeW
TlsFree
lstrcpynW
ConvertThreadToFiber
Module32Next
OpenSemaphoreA
SetConsoleKeyShortcuts
LCMapStringA
GetProcAddress
ReleaseSemaphore
EnumSystemLanguageGroupsA
ReadFileScatter
Heap32ListFirst
FindResourceExW
FindNextVolumeA
ReadConsoleOutputAttribute
GetSystemWow64DirectoryW
Process32NextW
GetStringTypeW
_lcreat
OpenThread
ResumeThread
HeapQueryInformation
GetTapePosition
GetProfileIntW
LoadResource
GetCommConfig
SetTapePosition
SwitchToFiber
SetCommMask
ReadDirectoryChangesW

msvcrt40

_itoa
??_8istrstream@@7B@
_mbsnbcnt
_setmode
??4streambuf@@QAEAAV0@ABV0@@Z
_CIsqrt
?setrwbuf@stdiobuf@@QAEHHH@Z
?flags@ios@@QBEJXZ
_CItan
??_Gexception@@UAEPAXI@Z
_timezone
strncmp
??_Eios@@UAEPAXI@Z
asctime
??0iostream@@IAE@XZ
??_8ostrstream@@7B@
??_8iostream@@7Bostream@@@
_adj_fdiv_m16i
??_Gbad_cast@@UAEPAXI@Z
_wfindfirsti64
_getw
?epptr@streambuf@@IBEPADXZ
?pbase@streambuf@@IBEPADXZ
??_Glogic_error@@UAEPAXI@Z
tolower
_wspawnvp

gdi32

RectVisible

user32

MoveWindow
SetScrollPos
IsIconic

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 898B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3b93ba9d8b1775dfb9dd85a7cb31aae

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

lpk

msvcp60

shlwapi

mapi32

mspatcha

opengl32

msvcrt20

kernel32

msvcrt40

gdi32

user32

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 898B

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 898B