8dd057192a81a811b3706e21a6157898_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8dd057192a81a811b3706e21a6157898_JaffaCakes118
Size

60KB
MD5

8dd057192a81a811b3706e21a6157898
SHA1

a0478bddf4718921951c2682a4615711b095bef1
SHA256

45a24b03944545375975a2df7ef747d367d0825cd2a2a09754cf886ef752a8b6
SHA512

7b9315587153995b044678394b9af3c7793da419be42452193363bf3f2146a93b1d452d570462cc03896642874962eda8ea0a4fc2aa5e6b17675266ca3682bff
SSDEEP

1536:812mAUNKbSa65INGezFOI32UGxwpt0yp2HXDoWX2RPrm5Vtt/:o2piMHNGAOI32UWw8BHiyBd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8dd057192a81a811b3706e21a6157898_JaffaCakes118

Files

8dd057192a81a811b3706e21a6157898_JaffaCakes118
.exe windows:5 windows x86 arch:x86

dbf2c44bfde5c81d370f93fabf09f12a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

BRUSHOBJ_pvAllocRbrush
PATHOBJ_vEnumStart
SetDeviceGammaRamp
GdiAddFontResourceW
GetTextFaceAliasW
RemoveFontResourceTracking
CreateEnhMetaFileA
PathToRegion
GdiEntry14
TextOutA
Arc
EngDeleteSemaphore
GetBrushAttributes
GetEnhMetaFileBits
EngEraseSurface
CreateFontW
GdiGetPageCount
GetBitmapDimensionEx
GetRgnBox
GetICMProfileW
GetWinMetaFileBits
BRUSHOBJ_ulGetBrushColor
GdiInitializeLanguagePack
DdEntry14
Pie
StrokeAndFillPath
SetRelAbs
DescribePixelFormat
GetDIBits

msvcrt40

?flush@@YAAAVostream@@AAV1@@Z
_scalb
?x_statebuf@ios@@0PAJA
sscanf
_CIexp
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
__RTtypeid
_adj_fdivr_m32
??_8strstream@@7Bistream@@@
_wmkdir
_pgmptr
_setmode
??4ostrstream@@QAEAAV0@ABV0@@Z
??5istream@@QAEAAV0@PAE@Z
?get@istream@@QAEAAV1@PACHD@Z
??_7strstreambuf@@6B@
??_8ofstream@@7B@
strcspn
__doserrno
clearerr
_strlwr
??_Estrstreambuf@@UAEPAXI@Z
_atoldbl
_wspawnl
?get@istream@@IAEAAV1@PADHH@Z
_ftol
towupper
_strdate
?init@ios@@IAEXPAVstreambuf@@@Z

advapi32

SaferGetPolicyInformation
SystemFunction022
LookupPrivilegeValueA
LsaRemoveAccountRights
CryptDuplicateHash
ElfRegisterEventSourceA
StartServiceA
ConvertStringSDToSDDomainW
GetAccessPermissionsForObjectA
RegLoadKeyA
RegSaveKeyW
LsaCreateSecret
ConvertSidToStringSidA
SystemFunction013
CreateServiceW
IsTokenUntrusted
SystemFunction016
LookupPrivilegeNameW
WmiReceiveNotificationsW
GetTrusteeFormA
CryptGenKey
LsaICLookupSids
WmiEnumerateGuids
InitiateSystemShutdownExW
GetManagedApplicationCategories
RegEnumKeyW
LogonUserA
CredpEncodeCredential
OpenProcessToken

kernel32

SetConsoleOutputCP
IsProcessorFeaturePresent
ClearCommError
GetProfileSectionA
GlobalGetAtomNameA
ExitProcess
ConvertThreadToFiber
RegisterConsoleOS2
GetStartupInfoA
GetProcessPriorityBoost
SetConsoleWindowInfo
GetCommState
FreeLibraryAndExitThread
VirtualAlloc
GetSystemTimeAsFileTime
OpenJobObjectW
SetVolumeLabelA
EnumResourceLanguagesW
GetShortPathNameW
CreateEventA
EndUpdateResourceA
SetMailslotInfo
GetNumberOfConsoleFonts
DuplicateHandle
IsBadHugeWritePtr
HeapLock
InvalidateConsoleDIBits
OpenFile
InitializeSListHead
Module32FirstW
ReadConsoleOutputCharacterA
CreateMailslotA
BuildCommDCBA
GetPrivateProfileStructW
FindAtomA
SetSystemTimeAdjustment
GetTempFileNameA
GetCommProperties
SetComputerNameW
InitAtomTable
WriteConsoleOutputCharacterW
LoadLibraryA
InterlockedPopEntrySList
SetConsoleCursor
Process32Next
UpdateResourceW
BackupSeek
ClearCommBreak
GetWindowsDirectoryW
SetConsoleIcon
UTRegister
SetErrorMode
lstrcpyn
GetConsoleAliasesLengthW
FlushConsoleInputBuffer
HeapCreate
Module32First
SearchPathW
OpenMutexW
_lopen
GetConsoleAliasW
GetEnvironmentVariableA
ExitVDM
AreFileApisANSI
RtlZeroMemory
Process32First
CreateIoCompletionPort
GetSystemDefaultUILanguage
DosPathToSessionPathA
GetConsoleDisplayMode
EnumDateFormatsW
GetModuleFileNameW
SetConsoleActiveScreenBuffer
GetLogicalDrives

msvcrt20

??0strstream@@QAE@PADHH@Z
_lsearch
??0stdiobuf@@QAE@PAU_iobuf@@@Z
??4ostream_withassign@@QAEAAVostream@@PAVstreambuf@@@Z
time
_cgets
_chsize
freopen
?gbump@streambuf@@IAEXH@Z
_daylight
?lock@ios@@QAAXXZ
ldexp
??3@YAXPAX@Z
??4ifstream@@QAEAAV0@ABV0@@Z
_safe_fdiv
fgetpos
_cscanf
?out_waiting@streambuf@@QBEHXZ
_cabs
getwc
??_8istream@@7B@

ntdsapi

DsLogEntry
DsReplicaAddA
DsQuoteRdnValueA
DsListServersInSiteA
DsServerRegisterSpnW
DsReplicaSyncA
DsListRolesW
DsIsMangledDnW
DsBindWithCredW
DsReplicaVerifyObjectsA
DsFreeNameResultA
DsCrackSpn3W
DsMakePasswordCredentialsA
DsReplicaModifyA
DsReplicaVerifyObjectsW
DsBindWithSpnW
DsRemoveDsServerW
DsMapSchemaGuidsA
DsMapSchemaGuidsW
DsListSitesA
DsReplicaUpdateRefsA
DsListRolesA
DsIsMangledRdnValueW
DsCrackSpnA
DsFreePasswordCredentials
DsRemoveDsDomainA
DsReplicaSyncAllW

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbf2c44bfde5c81d370f93fabf09f12a

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

msvcrt40

advapi32

kernel32

msvcrt20

ntdsapi

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 16KB - Virtual size: 81KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 276B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 16KB - Virtual size: 81KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 276B