8900587946ac7272694089ce6c156d5f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8900587946ac7272694089ce6c156d5f_JaffaCakes118
Size

804KB
MD5

8900587946ac7272694089ce6c156d5f
SHA1

5c9bf751633ddce6ab452d501fc9bf63f3862f05
SHA256

16f4fbe07b863717be0d1fe3e98a8408b2cb99aaad167de29424a757934825f9
SHA512

77ab62ace0e6396a007c75b78172b2bbfb4a2ca5ca7802d1120649dc9a179f5281172c13c3bc15061a6838a1c8105d63563c7bb8ed40b23ae1d0725a4f4b40dd
SSDEEP

24576:FB28CUgoLPSbZ91O3NUEThM6aZGyL/dwfus:D2Z+6bZ9g36q6RZGyeWs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8900587946ac7272694089ce6c156d5f_JaffaCakes118

Files

8900587946ac7272694089ce6c156d5f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e1d1eab0a7f7b6b85482926509764554

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp60

??_7bad_exception@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_fstream@GU?$char_traits@G@std@@@std@@QAEXXZ
?_Init@?$codecvt@DDH@std@@IAEXABV_Locinfo@2@@Z
??Z?$_Complex_base@N@std@@QAEAAV01@ABN@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
?max@?$numeric_limits@O@std@@SAOXZ
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
?_Init@?$codecvt@GDH@std@@IAEXABV_Locinfo@2@@Z
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAPAG0PAH001@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAGH@Z
towctrans
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?round_error@?$numeric_limits@_N@std@@SA_NXZ
?eof@ios_base@std@@QBE_NXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?do_tolower@?$ctype@D@std@@MBEDD@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?id@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
?_Init@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
??9std@@YA_NABV?$complex@O@0@0@Z
?is_open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??4?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z

kernel32

GetFileAttributesExW
lstrcat
UTRegister
SetVolumeMountPointW
CreateIoCompletionPort
FindResourceExW
WriteFileGather
Thread32First
LocalLock
LocalCompact
PulseEvent
ConvertFiberToThread
GetModuleHandleA
LoadLibraryA
GetCurrencyFormatW
CreatePipe
CreateConsoleScreenBuffer
VirtualFree
SetConsoleInputExeNameW
GetStdHandle
lstrlenW
WinExec
VirtualLock
GetProcessWorkingSetSize
OpenWaitableTimerA
QueryPerformanceFrequency
CreateNamedPipeW
GetAtomNameW
LockResource
VirtualAlloc
Module32FirstW

oleacc

AccessibleObjectFromPoint
LresultFromObject
ObjectFromLresult
CreateStdAccessibleProxyW
LIBID_Accessibility
GetStateTextA
AccessibleObjectFromEvent
DllCanUnloadNow
WindowFromAccessibleObject
IID_IAccessible
IID_IAccessibleHandler
GetStateTextW
CreateStdAccessibleProxyA
DllGetClassObject
DllRegisterServer
CreateStdAccessibleObject
GetOleaccVersionInfo
AccessibleObjectFromWindow
GetRoleTextA
GetRoleTextW
AccessibleChildren

dnsapi

DnsFreeConfigStructure
DnsQuery_W
DnsQuery_UTF8
DnsModifyRecordsInSet_UTF8
DnsCopyStringEx
DnsRecordSetCompare
DnsMapRcodeToStatus
DnsUnicodeToUtf8
DnsRecordListFree
DnsUpdateTest_A
DnsRecordBuild_W
DnsRecordBuild_UTF8
Dns_ParseMessage
NetInfo_Copy
NetInfo_Build
DnsValidateName_UTF8
NetInfo_Clean
Dns_CloseSocket
Dns_RecvTcp
DnsQueryConfigDword
DnsUpdateTest_UTF8
Dns_CreateSocket

samlib

SamRemoveMemberFromGroup
SamChangePasswordUser3
SamConnectWithCreds
SamGetDisplayEnumerationIndex
SamShutdownSamServer
SamiEncryptPasswords
SamGetAliasMembership
SamRemoveMemberFromForeignDomain
SamLookupNamesInDomain
SamLookupDomainInSamServer
SamiChangeKeys
SamCreateUserInDomain
SamQueryInformationGroup
SamQuerySecurityObject
SamiSetBootKeyInformation
SamAddMemberToAlias
SamGetMembersInGroup
SamFreeMemory
SamDeleteUser
SamQueryInformationUser
SamRemoveMultipleMembersFromAlias
SamCloseHandle
SamTestPrivateFunctionsDomain
SamConnect
SamSetSecurityObject
SamiChangePasswordUser
SamSetInformationUser
SamCreateGroupInDomain
SamDeleteAlias
SamEnumerateAliasesInDomain

msvcrt20

wcschr
puts
feof
??_7ofstream@@6B@
_iob
?_query_new_mode@@YAHXZ
??5istream@@QAEAAV0@AAJ@Z
?seekg@istream@@QAEAAV1@J@Z
atexit
isalnum
_mkdir
__getmainargs
_read
?dec@@YAAAVios@@AAV1@@Z
??_7istream_withassign@@6B@
??0ifstream@@QAE@ABV0@@Z
??4ostream_withassign@@QAEAAVostream@@ABV1@@Z
??6ostream@@QAEAAV0@PBD@Z
?gbump@streambuf@@IAEXH@Z
?unbuffered@streambuf@@IBEHXZ
?writepad@ostream@@AAEAAV1@PBD0@Z

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 549KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1d1eab0a7f7b6b85482926509764554

Headers

DLL Characteristics

File Characteristics

Imports

msvcp60

kernel32

oleacc

dnsapi

samlib

msvcrt20

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 240KB - Virtual size: 240KB

.data Size: 549KB - Virtual size: 1.9MB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 264B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 240KB - Virtual size: 240KB

.data
Size: 549KB - Virtual size: 1.9MB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 264B