a02396092ebb3d7a7b6f3015a1d4a741_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a02396092ebb3d7a7b6f3015a1d4a741_JaffaCakes118
Size

862KB
MD5

a02396092ebb3d7a7b6f3015a1d4a741
SHA1

7fe665be5746a1cd57d7fda6979ed328b0a0b6ea
SHA256

ec9d8af72b9e2a5adca31d3d40b754fedb3e6b3ad7ec29ae6b76d6fe703e0db8
SHA512

148ced8f0ab64d1acb3387b25e4acbdd1d7e565a463ea64ae2c46bcd43c8a2653ec66078fe222250079dbe9e7a2ad1977981235a3d470e9e0ff5ab9a51fca0bc
SSDEEP

24576:1wqrSK7I++rEWl9+22WkKywb4WE16MsJX:1fL7cEK9+KyM4WpF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a02396092ebb3d7a7b6f3015a1d4a741_JaffaCakes118

Files

a02396092ebb3d7a7b6f3015a1d4a741_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f3bad3e97ebae563e983a28993ca3d6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msoert2

IsValidFileIfFileUrlW
MessageBoxInst
CleanupFileNameInPlaceA
CchFileTimeToDateTimeW
GetHtmlCharset
strtrim
PszDupW
ShellUtil_GetSpecialFolderPath
HrGetCertificateParam
HrCheckTridentMenu
PVGetMsgParam
HrCopyStreamCB
HrIsStreamUnicode
CleanupFileNameInPlaceW
ChConvertFromHex
_MSG
PszFromANSIStreamA
IsPrint
RicheditStreamIn
MessageBoxInstW
CreateLogFile
FIsHTMLFile
CleanupGlobalTempFiles
HrStreamSeekBegin
HrCopyStreamCBEndOnCRLF
PszScanToCharA
StrToUintW
PVGetCertificateParam
PVDecodeObject
IsDigit
HrSafeGetStreamSize
DeleteTempFileOnShutdownEx

msvcirt

??6ostream@@QAEAAV0@PBC@Z
?fill@ios@@QAEDD@Z
??_8ifstream@@7B@
??6ostream@@QAEAAV0@G@Z
??_7stdiostream@@6B@
??5istream@@QAEAAV0@PAVstreambuf@@@Z
??0ofstream@@QAE@XZ
??_Gstdiostream@@UAEPAXI@Z
?is_open@fstream@@QBEHXZ
?read@istream@@QAEAAV1@PACH@Z
??0ostream_withassign@@QAE@XZ
??0ios@@IAE@XZ
?setf@ios@@QAEJJJ@Z
??_Gstrstream@@UAEPAXI@Z
?get@istream@@QAEHXZ
?getline@istream@@QAEAAV1@PACHD@Z
??_Gfilebuf@@UAEPAXI@Z
??1ostrstream@@UAE@XZ
??0logic_error@@QAE@ABV0@@Z
??_8strstream@@7Bostream@@@
??0strstreambuf@@QAE@PAEH0@Z
??4ostream@@IAEAAV0@PAVstreambuf@@@Z
?sync@stdiobuf@@UAEHXZ
?setbuf@strstreambuf@@UAEPAVstreambuf@@PADH@Z
??4strstream@@QAEAAV0@AAV0@@Z
??1exception@@UAE@XZ
??0strstream@@QAE@PADHH@Z
?unlock@ios@@QAAXXZ
??6ostream@@QAEAAV0@PBX@Z
??_Dfstream@@QAEXXZ
?rdbuf@fstream@@QBEPAVfilebuf@@XZ
??4istream_withassign@@QAEAAVistream@@ABV1@@Z

ntdll

RtlOemStringToUnicodeString
RtlAnsiStringToUnicodeSize
RtlIpv6AddressToStringA
ZwSetInformationThread
NtCreateSection
RtlFindMessage
_snprintf
ZwUnlockFile
RtlAddActionToRXact
NtSuspendThread
_ultow
_aullshr
NtFreeVirtualMemory
RtlInt64ToUnicodeString
RtlMoveMemory
ZwVdmControl
RtlAddAuditAccessAceEx
abs
ZwOpenMutant
ZwAdjustGroupsToken
NtSystemDebugControl
ZwOpenProcessToken
RtlUnwind
NtQueryDefaultLocale
NtDeviceIoControlFile
ZwSetBootEntryOrder
NtSetEventBoostPriority
RtlInitializeSid
ZwRequestPort
NtTranslateFilePath
NtAreMappedFilesTheSame
ZwFlushVirtualMemory
ZwCompleteConnectPort
NtReplyWaitReplyPort
RtlCreateTimerQueue
NtDeleteBootEntry
ZwWriteFileGather
RtlGetProcessHeaps
NtSetHighEventPair

kernel32

DebugActiveProcessStop
FindActCtxSectionGuid
EnumCalendarInfoExA
LoadLibraryA
GetShortPathNameA
SetConsoleDisplayMode
GlobalFindAtomA
HeapCreate
SetFileShortNameA
GetCommConfig
VirtualAlloc
AddConsoleAliasW
FindNextFileW
LocalUnlock
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
DeleteCriticalSection
CreateEventW
OpenWaitableTimerW
lstrcatA
AddVectoredExceptionHandler
SetConsoleLocalEUDC
SetStdHandle
FindNextChangeNotification
ExpandEnvironmentStringsW
HeapSummary
SetFileValidData
FindNextFileA
ClearCommBreak
EnumUILanguagesW

avifil32

AVIStreamWrite
AVIFileWriteData
AVIFileInfo
AVIFileOpen
AVIFileOpenW
AVIStreamOpenFromFile
AVIStreamLength
AVISaveOptions
EditStreamSetNameA
AVIFileRelease
AVISaveV
AVIClearClipboard
IID_IAVIStream
CreateEditableStream
AVISaveA
AVIFileGetStream
AVIStreamStart
AVIFileInfoW
EditStreamCopy
AVIStreamWriteData
EditStreamPaste
EditStreamSetInfoA
EditStreamSetInfo
AVIStreamBeginStreaming
AVIFileOpenA
AVIStreamEndStreaming
AVIStreamSetFormat
EditStreamCut
AVIStreamRelease
AVIFileCreateStreamW
AVIStreamAddRef
AVIFileExit
IID_IAVIFile
AVIBuildFilterW
AVIGetFromClipboard
EditStreamSetInfoW
AVIMakeFileFromStreams
AVIBuildFilterA
EditStreamSetName
DllGetClassObject
AVIStreamFindSample
AVIStreamInfoA
AVIFileInit

stclient

DllGetClassObject

hhsetup

?AddLocation@CCollection@@QAEPAVCLocation@@PBD000PAK@Z
?AddLocationHistory@CTitle@@QAEKKPBD00PBVCLocation@@00H@Z
?SetSampleLocation@CCollection@@QAEXPBG@Z
?MergeKeywords@CCollection@@QAEHPAG@Z
?SetVolume@CLocation@@QAEXPBG@Z
?SetId@CLocation@@QAEXPBD@Z
?GetVolumeW@CLocation@@QAEPBGXZ
?GetFirstChildFolder@CFolder@@QAEPAV1@XZ
?GetNextLocation@CLocation@@QAEPAV1@XZ
?ConfirmTitles@CCollection@@QAEXXZ
?SetId@CTitle@@QAEXPBD@Z
?HandleCollectionEntry@CCollection@@AAEKPAVCParseXML@@PAD@Z
?SetMasterCHM@CCollection@@QAEXPBDG@Z
?SetTitle@CLocation@@QAEXPBG@Z
?DeleteLocation@CCollection@@AAEKPAVCLocation@@@Z
?bIsVisable@CFolder@@QAEHXZ
?NewTitle@CCollection@@AAEPAVCTitle@@XZ
?RemoveAll@CFIFOString@@QAEXXZ
?GetMasterCHM@CCollection@@QAEHPAPADPAG@Z
?DeleteTitle@CCollection@@AAEKPAVCTitle@@@Z
?AllocCopyValue@CCollection@@AAEKPAVCParseXML@@PADPAPAD@Z
?FindLocation@CCollection@@QAEPAVCLocation@@PBDPAI@Z
?NewLocationHistory@CTitle@@QAEPAULocationHistory@@XZ
?AddChildFolder@CFolder@@QAEPAV1@PBGKPAKG@Z
??4CTitle@@QAEAAV0@ABV0@@Z
?SetNextLocation@CLocation@@QAEXPAV1@@Z
?Close@CCollection@@QAEKXZ
?CheckTitleRef@CCollection@@AAEKPBGG@Z
?SetVersion@CCollection@@QAEXK@Z
?GetFirstTitle@CCollection@@QAEPAVCTitle@@XZ
??1CFIFOString@@QAE@XZ

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 434KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3bad3e97ebae563e983a28993ca3d6f

Headers

DLL Characteristics

File Characteristics

Imports

msoert2

msvcirt

ntdll

kernel32

avifil32

stclient

hhsetup

Sections

.text Size: 131KB - Virtual size: 131KB

.rdata Size: 293KB - Virtual size: 292KB

.data Size: 434KB - Virtual size: 1.9MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 131KB - Virtual size: 131KB

.rdata
Size: 293KB - Virtual size: 292KB

.data
Size: 434KB - Virtual size: 1.9MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB