a119a4d5a688966e1f8ab6c2f7c23dfa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a119a4d5a688966e1f8ab6c2f7c23dfa_JaffaCakes118
Size

861KB
MD5

a119a4d5a688966e1f8ab6c2f7c23dfa
SHA1

f680b19f3566c7dde56d3493e2c50eeca5400588
SHA256

c9565187bf6cecb6844dd01cc6a95c6bf1d538160eef2e813c7e7fb4b75f591f
SHA512

835459472ce47cbd3e2051b8978d0a6a046a14b7058dcd155a89b863737784325542904392d7dc5ba09c50f182664d26e328a4348022cc8b852321bc3f5c7539
SSDEEP

24576:gtikuUJ7Ux4BZCv/TcF/R8zTFLINt9L5:WZBBovLOMFLCt9F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a119a4d5a688966e1f8ab6c2f7c23dfa_JaffaCakes118

Files

a119a4d5a688966e1f8ab6c2f7c23dfa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4f3557c60c5bd4587955de9c2d73b904

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

InternalGetIpNetTable
InternalSetIpForwardEntry
InternalGetTcpTable
_PfRemoveFiltersFromInterface@20
_PfUnBindInterface@4
GetIpErrorString
GetIcmpStatistics
GetRTTAndHopCount
IcmpSendEcho2
IcmpCreateFile
InternalGetIpForwardTable
DisableMediaSense
IcmpParseReplies
InternalDeleteIpNetEntry
NotifyAddrChange
Icmp6CreateFile
NhpAllocateAndGetInterfaceInfoFromStack
GetBestRoute
GetNumberOfInterfaces
NhGetInterfaceNameFromGuid
NhGetInterfaceNameFromDeviceGuid
_PfMakeLog@4
do_echo_req
_PfCreateInterface@24
SetIpForwardEntry
IcmpSendEcho
GetIpStatisticsEx

opengl32

glVertex3fv
wglGetPixelFormat
glColor4b
glGetMaterialiv
glVertex4dv
glRenderMode
glColor4ubv
glGetPixelMapuiv
glTexParameterfv
glVertex3sv
glGetTexEnvfv
glEvalCoord1f
glVertex2s
glDisable
glPassThrough
glEvalPoint1
glColor3f
glEdgeFlagv
glTexCoord3dv
glArrayElement
glNormal3iv
glRectd
glTexCoord3sv
glRectiv
glColor3fv
glColor3usv
glTexParameteriv

msvcirt

?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
??0istream@@IAE@ABV0@@Z
??5istream@@QAEAAV0@AAF@Z
?oct@@YAAAVios@@AAV1@@Z
?in_avail@streambuf@@QBEHXZ
??4ostream@@IAEAAV0@PAVstreambuf@@@Z
?isfx@istream@@QAEXXZ
??0istream_withassign@@QAE@ABV0@@Z
??1strstream@@UAE@XZ
?seekpos@streambuf@@UAEJJH@Z
?read@istream@@QAEAAV1@PAEH@Z
??_7ifstream@@6B@
?get@istream@@QAEAAV1@AAE@Z
??_Eostream@@UAEPAXI@Z
?str@strstream@@QAEPADXZ
??0ostrstream@@QAE@XZ
?xsgetn@streambuf@@UAEHPADH@Z
?unlock@ios@@QAAXXZ
?open@fstream@@QAEXPBDHH@Z
??_Distrstream@@QAEXXZ
?rdbuf@ifstream@@QBEPAVfilebuf@@XZ
??_7stdiobuf@@6B@
??_8istrstream@@7B@
?stdiofile@stdiobuf@@QAEPAU_iobuf@@XZ
?seekp@ostream@@QAEAAV1@J@Z
?flush@@YAAAVostream@@AAV1@@Z
??_Dostrstream@@QAEXXZ
?flags@ios@@QBEJXZ
??0istream_withassign@@QAE@PAVstreambuf@@@Z
?bad@ios@@QBEHXZ
??0exception@@QAE@XZ
??1ios@@UAE@XZ
??6ostream@@QAEAAV0@PBC@Z
?adjustfield@ios@@2JB
??_Gostream_withassign@@UAEPAXI@Z
?pword@ios@@QBEAAPAXH@Z
??0ostream_withassign@@QAE@ABV0@@Z
?eback@streambuf@@IBEPADXZ
?setlock@ios@@QAAXXZ
??_8ifstream@@7B@
?rdbuf@stdiostream@@QBEPAVstdiobuf@@XZ
?lock@streambuf@@QAEXXZ
?what@exception@@UBEPBDXZ
?rdbuf@ios@@QBEPAVstreambuf@@XZ
??1stdiostream@@UAE@XZ
?seekoff@stdiobuf@@UAEJJW4seek_dir@ios@@H@Z
?sh_none@filebuf@@2HB
??0exception@@QAE@ABQBD@Z
?rdbuf@ofstream@@QBEPAVfilebuf@@XZ
?cin@@3Vistream_withassign@@A
?get@istream@@QAEAAV1@PAEHD@Z
?fd@ofstream@@QBEHXZ
?clrlock@streambuf@@QAEXXZ
?xsputn@streambuf@@UAEHPBDH@Z
??4strstream@@QAEAAV0@AAV0@@Z
??0strstreambuf@@QAE@PAEH0@Z
?get@istream@@QAEAAV1@AAC@Z
?tellg@istream@@QAEJXZ
?lockc@ios@@KAXXZ
??_Gofstream@@UAEPAXI@Z
??0fstream@@QAE@ABV0@@Z
??0fstream@@QAE@PBDHH@Z
?rdstate@ios@@QBEHXZ
?rdbuf@fstream@@QBEPAVfilebuf@@XZ
?iword@ios@@QBEAAJH@Z
??_7istream@@6B@
?sputbackc@streambuf@@QAEHD@Z

cmutil

CmStrrchrA
?WPPB@CIniA@@QAEXPBD0H@Z
?LoadEntry@CIniW@@IBEPAGPBG@Z
CmBuildFullPathFromRelativeW
CmStrStrW
?SetEntry@CIniA@@QAEXPBD@Z
CmAtolA
SzToWz
?CIniA_DeleteEntryFromReg@CIniA@@IBEHPAUHKEY__@@PBD1@Z
GetOSBuildNumber
??4CIniA@@QAEAAV0@ABV0@@Z
?Log@CmLogFile@@QAAXW4_CMLOG_ITEM@@ZZ
CmStrtokA
??0CRandom@@QAE@XZ
?SetICSDataPath@CIniW@@QAEXPBG@Z
CmLoadImageW
?SetParams@CmLogFile@@QAEJHKPBG@Z
?SetHInst@CIniA@@QAEXPAUHINSTANCE__@@@Z
CmMoveMemory
?SetPrimaryRegPath@CIniA@@QAEXPBD@Z
?WPPS@CIniA@@QAEXPBD00@Z
CmLoadSmallIconW
?SetWriteICSData@CIniA@@QAEXH@Z
??0CIniW@@QAE@PAUHINSTANCE__@@PBG111@Z
?IsEnabled@CmLogFile@@QAEHXZ
CmStrTrimW
?WPPS@CIniW@@QAEXPBG00@Z
?GetHInst@CIniA@@QBEPAUHINSTANCE__@@XZ
?WPPI@CIniW@@QAEXPBG0K@Z
?CloseFile@CmLogFile@@AAEJXZ
WzToSzWithAlloc
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBG@Z
?GetSection@CIniA@@QBEPBDXZ
?SetPrimaryFile@CIniW@@QAEXPBG@Z
?SetEntryFromIdx@CIniA@@QAEXK@Z
?LoadEntry@CIniA@@IBEPADPBD@Z
?LoadSection@CIniW@@QBEPAGPBG@Z
CmBuildFullPathFromRelativeA
??_FCIniW@@QAEXXZ
?GetPrimaryRegPath@CIniA@@QBEPBDXZ
?GetPrimaryRegPath@CIniW@@QBEPBGXZ
CmWinHelp

advapi32

CryptEnumProviderTypesA
ConvertStringSDToSDRootDomainA
CryptSetProvParam
GetSidLengthRequired
GetTraceLoggerHandle
ConvertAccessToSecurityDescriptorW
FlushTraceA
NotifyChangeEventLog
RegEnumKeyW
AccessCheckByType
ObjectCloseAuditAlarmA
WmiFreeBuffer
OpenBackupEventLogA
LsaEnumerateAccountRights
AccessCheckByTypeResultListAndAuditAlarmW
SetSecurityDescriptorRMControl
CryptEnumProviderTypesW
CreateRestrictedToken
CredWriteDomainCredentialsA
I_ScSetServiceBitsW
LsaQueryForestTrustInformation
ElfClearEventLogFileA
SetInformationCodeAuthzLevelW
ElfBackupEventLogFileW
ElfOpenEventLogA
SetSecurityDescriptorControl
RegDeleteKeyA
LookupSecurityDescriptorPartsA
QueryUsersOnEncryptedFile
GetWindowsAccountDomainSid
OpenProcessToken
ImpersonateSelf
IsValidAcl
MD5Update
LsaEnumerateAccounts
QueryAllTracesW
RegUnLoadKeyA
RegSetValueExA
SaferiCompareTokenLevels

kernel32

GetSystemTimeAsFileTime
GetModuleFileNameW
FindVolumeClose
GetCurrentThread
GetConsoleAliasA
QueryPerformanceFrequency
VirtualAlloc
HeapDestroy
SwitchToThread
FindNextChangeNotification
LZDone
VDMOperationStarted
GetLocaleInfoW
GetHandleInformation
VirtualQueryEx
SetConsoleInputExeNameA
GetConsoleAliasesLengthA
GlobalFindAtomA
SwitchToFiber
IsSystemResumeAutomatic
DeleteFiber
_llseek
EnumUILanguagesA
LoadResource
VirtualFree
WriteProfileSectionA
CreateProcessInternalW
EnumSystemLocalesW
GetPrivateProfileStringA
GetGeoInfoW
GetProfileSectionA
BuildCommDCBW
ReadConsoleOutputCharacterA
LoadLibraryA
GetSystemDirectoryW
GetPrivateProfileStringW
SetMessageWaitingIndicator
ReleaseSemaphore
DnsHostnameToComputerNameA
SetFileAttributesA
LoadModule
EnumerateLocalComputerNamesA

Sections

.text
Size: 339KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 378KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f3557c60c5bd4587955de9c2d73b904

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

opengl32

msvcirt

cmutil

advapi32

kernel32

Sections

.text Size: 339KB - Virtual size: 339KB

.rdata Size: 378KB - Virtual size: 378KB

.data Size: 140KB - Virtual size: 1.5MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 339KB - Virtual size: 339KB

.rdata
Size: 378KB - Virtual size: 378KB

.data
Size: 140KB - Virtual size: 1.5MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB