a7c521684019f90504b53574cc4fe0a2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a7c521684019f90504b53574cc4fe0a2_JaffaCakes118
Size

384KB
MD5

a7c521684019f90504b53574cc4fe0a2
SHA1

5a2cb37bef65bb1aa5b74bcb67f7f699f232020b
SHA256

7b23da5300bd924cffdf7f881b7807a960144b754a8bf088767e1387716a2005
SHA512

85e32122970ec26f1126c1fe7f6f914c4072143fd41ee330ac3e61246e4fedcf6c478d777ebfca77aebe271391fbce2d746d5ea5fa5f7279bb21309b2d4ad7a1
SSDEEP

6144:jZ8wWb9iUW7LxJMxoatxXrT8+mg3POfYttD+lTp5GTth8OXdESQPm:jZ4ZidLNIb42SYt3TtXdo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7c521684019f90504b53574cc4fe0a2_JaffaCakes118

Files

a7c521684019f90504b53574cc4fe0a2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

480e9c12375c4c8cfaa91fb8c4b256cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msoert2

CreateStreamOnHFileW
HrCopyStream
HrCopyStreamToByte
strtrim
CreateTempFile
DeleteTempFileOnShutdownEx
CleanupFileNameInPlaceW
MessageBoxInstW
FIsEmptyW
CryptFreeFunc
DeleteTempFile
HrLPSZCPToBSTR
FMissingCert
HrIsStreamUnicode
MessageBoxInst
PVDecodeObject
PszSkipWhiteA
OpenFileStreamW
CreateSystemHandleName
OpenFileStreamWithFlagsW
CchFileTimeToDateTimeSz
HrIStreamToBSTR
HrStreamToByte
CreateLogFile
HrCheckTridentMenu
HrFillRasCombo
ChConvertFromHex
CchFileTimeToDateTimeW
CleanupGlobalTempFiles
PszDupA
GenerateUniqueFileName
CleanupFileNameInPlaceA
PszToUnicode
HrStreamSeekCur
PszSkipWhiteW
HrSafeGetStreamSize
IsDigit
HrGetStreamSize

kernel32

GenerateConsoleCtrlEvent
GetConsoleAliasExesLengthA
AddAtomA
IsValidCodePage
FillConsoleOutputCharacterW
LZRead
FoldStringA
CreateActCtxA
TransmitCommChar
ReleaseSemaphore
GlobalFindAtomA
BaseCleanupAppcompatCacheSupport
GetLocaleInfoA
GetDateFormatW
ActivateActCtx
GetCurrentProcessId
GetNativeSystemInfo
GetStartupInfoA
GetUserDefaultLangID
GetGeoInfoA
GetTapeStatus
SetCommState
GetOverlappedResult
GetSystemWow64DirectoryW
SetComPlusPackageInstallStatus
VirtualProtectEx
SetComputerNameA
InitializeCriticalSection
GetVersion
CreateProcessInternalW
VirtualAlloc
FatalAppExitW
GetEnvironmentStrings
GetTempFileNameW
ReadConsoleOutputAttribute
SetConsoleCtrlHandler
GetProcessHeaps
SetConsolePalette
LoadLibraryA
WriteProfileSectionA

msvcrt40

_wsetlocale
?overflow@stdiobuf@@UAEHH@Z
_mbsnbcmp
?is_open@ofstream@@QBEHXZ
_isctype
??4filebuf@@QAEAAV0@ABV0@@Z
sinh
?setb@streambuf@@IAEXPAD0H@Z
free
__p___initenv
wcscpy
??0ifstream@@QAE@H@Z
?fill@ios@@QBEDXZ
_chsize
?isfx@istream@@QAEXXZ
_set_error_mode
??6ostream@@QAEAAV0@PBX@Z
ldiv
_toupper
?gcount@istream@@QBEHXZ
??0ostrstream@@QAE@ABV0@@Z
ungetwc
wcstol
_ismbcdigit
?sh_none@filebuf@@2HB
??4logic_error@@QAEAAV0@ABV0@@Z
??0ostream_withassign@@QAE@XZ
_read
_fdopen
_cprintf
_exit
??_8istrstream@@7B@
_setsystime
?tellp@ostream@@QAEJXZ
??0iostream@@IAE@ABV0@@Z
_ismbclegal
_mkdir
??5istream@@QAEAAV0@AAM@Z
_ismbbalnum
??0ofstream@@QAE@ABV0@@Z
__fpecode
??6ostream@@QAEAAV0@O@Z
_getdrive
_setmaxstdio

polstore

IPSecUnassignPolicy
IPSecSetNegPolData
IPSecCopyNegPolData
IPSecFreePolStr
IPSecClosePolicyStore
IPSecCopyISAKMPData
IPSecDeleteISAKMPData
IPSecDeleteNegPolData
IPSecDeleteFilterData
IPSecCopyPolicyData
IPSecCreateNFAData
IPSecFreeMulNegPolData
IPSecFreeFilterData
IPSecFreeISAKMPData
IPSecEnumPolicyData
IPSecGetISAKMPData
IPSecEnumNegPolData
IPSecSetISAKMPData
IPSecAssignPolicy
IPSecFreeMulNFAData
IPSecIsDomainPolicyAssigned
IPSecAllocPolStr
IPSecCreateISAKMPData
IPSecCopyNFAData
IPSecCreatePolicyData
IPSecCreateNegPolData
IPSecDeleteNFAData
IPSecDeletePolicyData
IPSecFreeMulISAKMPData
IPSecCreateFilterData
IPSecFreeMulFilterData
IPSecFreeNFAData
IPSecOpenPolicyStore
IPSecFreeNegPolData
IPSecAllocPolMem

wsock32

AcceptEx
EnumProtocolsA
s_perror
WSAAsyncGetServByName
WSAUnhookBlockingHook
send
connect
WSAStartup
shutdown
NPLoadNameSpaces
WSACleanup
htonl
sendto
WSAAsyncGetProtoByNumber
__WSAFDIsSet
GetTypeByNameW
GetServiceA
GetAddressByNameA
GetNameByTypeW
gethostbyaddr
ntohs
getservbyname
WSAGetLastError
SetServiceA
MigrateWinsockConfiguration
htons
socket
gethostbyname
EnumProtocolsW
WSAIsBlocking
dn_expand
getpeername
ntohl
recvfrom
select
WSACancelBlockingCall

ntlanui2

DllGetClassObject

msrating

RatingCustomAddRatingSystem
RatingCustomSetUserOptions
VerifySupervisorPassword
RatingCustomAddRatingHelper
RatingCustomCrackData
RatingEnabledQuery
RatingInit
ClickedOnRAT
ClickedOnPRF
RatingCustomInit
RatingAccessDeniedDialog
RatingObtainCancel
RatingCustomRemoveRatingHelper
RatingAddPropertyPages
RatingCustomDeleteCrackedData
RatingCustomSetDefaultBureau
RatingSetupUI
RatingFreeDetails
RatingCheckUserAccess
RatingAccessDeniedDialog2
ChangeSupervisorPassword
RatingObtainQuery
RatingEnable

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 198KB - Virtual size: 655KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

480e9c12375c4c8cfaa91fb8c4b256cc

Headers

DLL Characteristics

File Characteristics

Imports

msoert2

kernel32

msvcrt40

polstore

wsock32

ntlanui2

msrating

Sections

.text Size: 93KB - Virtual size: 93KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 198KB - Virtual size: 655KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 198KB - Virtual size: 655KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 1024B - Virtual size: 1024B