86d76262cbf48e7dd604c20a0ed94190_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

86d76262cbf48e7dd604c20a0ed94190_JaffaCakes118
Size

29KB
MD5

86d76262cbf48e7dd604c20a0ed94190
SHA1

528de896de7383155db50bd52131888015598451
SHA256

3d2f291a49a48497317a6c2e832317f50fab59f2469618380907802802e40551
SHA512

7fb0e1e50c4a3c5558e4050dbbca5bf0370dd4bd16305f1b6bf1c6d76f87eacd49a1823d5b96d840026890e4489ecccb430f3f3730fd0da5a474e36f0e6f629d
SSDEEP

768:48tyGS9BtjM93r9lKpQmv4kljboba4hTxfqI13jb/gx:vmPGLI4klPWTxfqe3P/M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86d76262cbf48e7dd604c20a0ed94190_JaffaCakes118

Files

86d76262cbf48e7dd604c20a0ed94190_JaffaCakes118
.exe windows:5 windows x86 arch:x86

21e7835f41f56ababc2210b0530063ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp60

_LEps
?_Tidy@ios_base@std@@AAEXXZ
?_Initcvt@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?imag@?$_Complex_base@M@std@@QBEMXZ
?grouping@?$_Mpunct@D@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?underflow@?$basic_filebuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??Hstd@@YA?AV?$complex@M@0@ABV10@ABM@Z
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??4?$_Ctr@O@std@@QAEAAV01@ABV01@@Z
?seekoff@?$basic_filebuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGPAG0@Z
??_7range_error@std@@6B@
??_F_Locinfo@std@@QAEXXZ
??_F?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?min@?$numeric_limits@I@std@@SAIXZ
??Hstd@@YA?AV?$complex@N@0@ABNABV10@@Z
??0underflow_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?quiet_NaN@?$numeric_limits@_N@std@@SA_NXZ
??_8?$basic_ofstream@GU?$char_traits@G@std@@@std@@7B@
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
??_F?$moneypunct@D$0A@@std@@QAEXXZ
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??_7?$numpunct@D@std@@6B@
??1?$numpunct@D@std@@UAE@XZ
?do_frac_digits@?$_Mpunct@G@std@@MBEHXZ
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGPAGG@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHPBG@Z
?_Clocptr@_Locimp@locale@std@@0PAV123@A
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?do_widen@?$ctype@G@std@@MBEPBDPBD0PAG@Z
??_D?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??Kstd@@YA?AV?$complex@O@0@ABOABV10@@Z
??Ystd@@YAAAV?$complex@N@0@AAV10@ABV10@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?do_length@?$codecvt@DDH@std@@MBEHAAHPBD1I@Z
?compare@?$collate@G@std@@QBEHPBG000@Z
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
?_Init_cnt@_Winit@std@@0HA
??0strstream@std@@QAE@PADHH@Z
?nothrow@std@@3Unothrow_t@1@B
?read@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@PAGH@Z
??Zstd@@YAAAV?$complex@N@0@AAV10@ABV10@@Z
?signaling_NaN@?$numeric_limits@E@std@@SAEXZ
??0?$numpunct@G@std@@QAE@I@Z
?get@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEGXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Init@?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
?round_error@?$numeric_limits@D@std@@SADXZ
??4bad_cast@std@@QAEAAV01@ABV01@@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$char_traits@G@std@@SAPBGPBGIABG@Z
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
?unget@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??1?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ

msvcrt

_mbsnset
_wtof
_ismbslead
iswctype
_wcslwr
_XcptFilter
_mbsbtype
vfwprintf
__getmainargs
__setlc_active
strcoll
_wexecvp
_timezone
__p__dstbias
_mbctokata
tolower
iswascii
_CItan
_mbsrchr
__toascii
fabs
__crtLCMapStringA
_tzset
?set_new_handler@@YAP6AXXZP6AXXZ@Z
_ftime
_atoi64
?unexpected@@YAXXZ
fputwc
labs
_fullpath
_CIcosh
_wfdopen
__set_app_type
_filelengthi64
_adj_fdiv_m32
_strupr
_mbsupr
_lsearch
??_Gbad_typeid@@UAEPAXI@Z
__p__osver
_wstati64
_kbhit
_wsearchenv
?terminate@@YAXXZ
__p__commode

rpcrt4

NdrGetUserMarshalInfo
RpcMgmtInqDefaultProtectLevel
RpcSsFree
NdrAllocate
RpcEpRegisterA
NdrServerContextNewMarshall
I_RpcTurnOnEEInfoPropagation
NdrNonConformantStringBufferSize
NdrNonConformantStringMarshall
NdrMesTypeAlignSize2
NdrConformantStringMemorySize
CStdStubBuffer_DebugServerRelease
RpcServerInqDefaultPrincNameA
RpcBindingToStringBindingW
MIDL_wchar_strlen
NdrFullPointerXlatFree
MesEncodeIncrementalHandleCreate
tree_size_ndr
NdrRpcSsDisableAllocate
RpcMgmtInqStats
I_RpcServerInqAddressChangeFn
data_into_ndr
NdrpCreateProxy
pfnUnmarshallRoutines
NdrEncapsulatedUnionFree
RpcBindingInqAuthClientExW
NdrCorrelationPass
I_RpcPauseExecution
RpcAsyncGetCallStatus
NdrRpcSmSetClientToOsf
NDRCContextMarshall
double_from_ndr
NdrXmitOrRepAsFree
RpcFreeAuthorizationContext
I_RpcFreePipeBuffer
I_RpcGetCurrentCallHandle
NdrMesSimpleTypeAlignSize
NdrUserMarshalMarshall
RpcServerUseProtseqEpW
NdrXmitOrRepAsBufferSize
RpcSsDisableAllocate
NDRCContextUnmarshall
NdrConformantStructBufferSize
NdrUserMarshalUnmarshall

user32

DrawFrame
SetThreadDesktop
ChildWindowFromPoint
CallMsgFilter
DisableProcessWindowsGhosting
SetShellWindowEx
GetWindowRect
SetWindowStationUser
DestroyCursor
SetSystemCursor
RemovePropW
DispatchMessageW
CopyAcceleratorTableA
GetAltTabInfoW
DdeSetQualityOfService
MoveWindow
SetWindowContextHelpId
IsWindow
CloseDesktop
SetPropA
SetWindowsHookExW
SetWindowTextW
OemKeyScan
PrivateExtractIconsA
RealGetWindowClassA
LoadMenuA
EditWndProc
GetCursorFrameInfo
DdeQueryConvInfo
SetInternalWindowPos
KillTimer
IntersectRect
GetClipboardSequenceNumber
CascadeWindows
GetPropA
ShowWindow
MapVirtualKeyExA

opengl32

glPopAttrib
glTexCoord3dv
glTexEnviv
glTexCoord1d
glAlphaFunc
glVertex2s
glMaterialfv
glEdgeFlag
glVertex4i
glTexCoord4sv
glGetPointerv
glGetMaterialfv
glLightiv
glEvalPoint1
wglDeleteContext
glRectdv
glFlush
glClipPlane
glRectfv
glColor3ub
glEnableClientState
glColor4s
glNormal3i
glRasterPos4d
glPrioritizeTextures
glStencilOp
glNormal3d
glIndexfv
glArrayElement
glTexParameterfv
glTexParameteri
glColor4i

msls31

LsdnSkipCurTab
LsdnGetFormatDepth
LsdnFinishBySubline
LsSetBreaking
LsdnGetCurTabInfo
LsSetModWidthPairs
LsLwMultDivR
LsGetTatenakayokoLsimethods
LsDestroyLine
LsdnFinishDeleteAll
LsdnSetAbsBaseLine
LssbFDoneDisplay
LsSetBreakSubline
LsSetCompression
LsdnFinishRegularAddAdvancePen
LssbFDonePresSubline
LsCompressSubline
LsEnumSubline
LsdnQueryPenNode
LssbGetVisibleDcpInSubline
LsPointXYFromPointUV
LsdnResetPenNode
LsGetRubyLsimethods
LsGetReverseLsimethods
LsdnModifyParaEnding
LssbFIsSublineEmpty

kernel32

CommConfigDialogA
VirtualAlloc
GetDevicePowerState
WriteProfileSectionA
SetDefaultCommConfigW
GetNamedPipeInfo
Beep
SetTapeParameters
GetVersion
GetSystemWindowsDirectoryW
CreateMutexA
GetConsoleInputExeNameA
GetTimeFormatA
GetNextVDMCommand
SetLastConsoleEventActive
SetNamedPipeHandleState
GetExitCodeProcess
GetWindowsDirectoryA
LCMapStringA
GetModuleHandleExA
FindVolumeClose
WriteConsoleOutputCharacterA
DebugBreakProcess
MapUserPhysicalPages
FreeConsole
GetVersionExW
EnumerateLocalComputerNamesA
GetFileAttributesW
SetConsoleDisplayMode
TryEnterCriticalSection
FreeEnvironmentStringsW
VirtualUnlock

duser

SetGadgetParent
WaitMessageEx
DetachWndProc
IsStartDelete
DUserGetGutsData
GetDebug
RegisterGadgetMessage
UnregisterGadgetMessageString
GetStdColorF
GetActionTimeslice
DllMain
DUserRegisterSuper
DUserPostMethod
AttachWndProcA
DUserGetRotatePRID
GetStdPalette
GetGadgetStyle
DUserCastClass
InitGadgets
LookupGadgetTicket
UnregisterGadgetProperty
SetGadgetCenterPoint
DUserSendMethod
DUserInstanceOf
GetGadgetSize
GetMessageExW
UtilDrawBlendRect
GetGadgetBufferInfo
SetGadgetMessageFilter
ForwardGadgetMessage
SetActionTimeslice
RemoveGadgetMessageHandler
GetStdColorName
DUserSendEvent
AddGadgetMessageHandler
DUserGetScalePRID
GetStdColorBrushI
CreateGadget
SetGadgetFillI
DeleteHandle
GetGadgetAnimation
GetStdColorBrushF

mstime

DllCanUnloadNow
DllUnregisterServer
DllEnumClassObjects
DllRegisterServer
DllGetClassObject

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

21e7835f41f56ababc2210b0530063ae

Headers

DLL Characteristics

File Characteristics

Imports

msvcp60

msvcrt

rpcrt4

user32

opengl32

msls31

kernel32

duser

mstime

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 1KB - Virtual size: 2KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 1KB - Virtual size: 2KB