a917041bd430e5e3e510e5d2f8733701_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a917041bd430e5e3e510e5d2f8733701_JaffaCakes118
Size

379KB
MD5

a917041bd430e5e3e510e5d2f8733701
SHA1

c07a692a75d3eaf0af3fbe26145d8dd1b7a7fcc3
SHA256

0249dae657cda1db5a795a9b014590894cd3c70a5c9745bb3e064b05df016700
SHA512

b3c5b5165720bd77bcc5c1c5697458385db93c222cc5805c8d13677df9557cfba50a87588927b8c344ba886223c88114c2765b124e3720bb75763a286482bae0
SSDEEP

6144:3+Aha9dyw4Nc5sevxy5qgXM5bXsvvrvafEywbEg0FhPuo34ofxyrromlCt9j/uBv:Jha9dyw/515y5ycjacy+G9uoIfr0J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a917041bd430e5e3e510e5d2f8733701_JaffaCakes118

Files

a917041bd430e5e3e510e5d2f8733701_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2ecc02d3efe683bfa8477a34e3a908c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleKeyboardLayoutNameW
LockResource
TlsAlloc
EnumResourceNamesA
HeapSummary
GetNumaAvailableMemoryNode
SuspendThread
QueueUserWorkItem
FindFirstChangeNotificationW
SetEnvironmentVariableW
GlobalAddAtomA
GetPrivateProfileSectionW
GetCPInfo
SwitchToFiber
GetConsoleCharType
CreateSemaphoreA
LocalAlloc
GetProcAddress
VDMOperationStarted
EnumSystemLocalesW
DosPathToSessionPathW
FatalAppExitW
UnhandledExceptionFilter
GetModuleHandleExW
_lread
GetCurrentThread
GlobalUnlock
SetConsoleCursorMode
LoadResource
GetProcessAffinityMask
FlushConsoleInputBuffer
ReleaseActCtx
EnumUILanguagesW
GlobalMemoryStatus
GetEnvironmentStringsW
InterlockedPushEntrySList
CreateFileW
Toolhelp32ReadProcessMemory
QueryPerformanceCounter
GlobalFlags
RequestDeviceWakeup
lstrcmpi
GetTickCount
GetStdHandle
LZClose
SetThreadUILanguage
LoadLibraryA
VirtualAlloc
GetFileTime
EndUpdateResourceW
CreateDirectoryExW
SetCommState
GetCompressedFileSizeW
SetFileValidData
FindActCtxSectionStringW
GetNamedPipeInfo
SetCommBreak
HeapDestroy
IsBadCodePtr
QueryDosDeviceW
WriteConsoleOutputAttribute
SetFirmwareEnvironmentVariableW
FindVolumeClose
GetCompressedFileSizeA
IsBadWritePtr
PrivMoveFileIdentityW
ReadConsoleOutputA
GetVersionExA
VerSetConditionMask
DeleteCriticalSection
OpenFileMappingA
SetLocalTime
GetProfileStringA
GetConsoleCommandHistoryW

msvcrt40

_hypot
_winver
??1bad_cast@@UAE@XZ
_wstat
iswlower
?unexpected@@YAXXZ
_wfdopen
??_Estrstream@@UAEPAXI@Z
isalnum
fputws
_wenviron
??_Diostream@@QAEXXZ
?overflow@strstreambuf@@UAEHH@Z
_beginthread
??_8fstream@@7Bostream@@@
?close@ofstream@@QAEXXZ
log
??0ofstream@@QAE@HPADH@Z
sqrt
_ismbcl0
??_7strstream@@6B@
?sync@filebuf@@UAEHXZ
?bad@ios@@QBEHXZ
??5istream@@QAEAAV0@AAO@Z
??5istream@@QAEAAV0@AAK@Z
??_7iostream@@6B@
?raw_name@type_info@@QBEPBDXZ
?clrlock@streambuf@@QAEXXZ
__p__timezone
??0ifstream@@QAE@PBDHH@Z
??4filebuf@@QAEAAV0@ABV0@@Z
_wremove
??_Gistream@@UAEPAXI@Z
??0ifstream@@QAE@H@Z
_wtol

opengl32

glRasterPos4f
glEvalCoord1fv
glGetTexGendv
glColor3fv
glMaterialfv
glPolygonStipple
glMapGrid2f
glLightf
glRasterPos3s
glColor3usv
glCallLists
glRects
glRasterPos2iv
glEndList
glColor4ubv
glRasterPos4dv
glLightfv
glVertex2i
glPointSize
GlmfPlayGlsRecord
glIndexf
glGetPixelMapusv
glTexEnviv
wglDescribePixelFormat
glRasterPos4d
glRasterPos3d
glLightModelfv
glVertex4d

inetcomm

MimeOleParseRfc822AddressW
HrAttachDataFromFile
MimeOleGetRelatedSection
EssKeyExchPreferenceEncodeEx
EssSecurityLabelDecodeEx
MimeEditCreateMimeDocument
MimeEditViewSource
MimeOleSetBodyPropA
HrAthGetFileName
MimeOleGetCodePageCharset
MimeOleGetAllocator
EssMLHistoryDecodeEx
MimeOleEncodeHeader
HrGetAttachIconByFile
EssContentHintDecodeEx
MimeOleCreateVirtualStream
MimeOleSetDefaultCharset
MimeGetAddressFormatW
MimeOleSetCompatMode
MimeOleConvertEnrichedToHTML
MimeOleSMimeCapRelease
HrSaveAttachToFile
MimeOleOpenFileStream
MimeOleGetBodyPropA
EssSecurityLabelEncodeEx
MimeOleInetDateToFileTime
MimeOleSMimeCapGetHashAlg
HrAthGetFileNameW
MimeOleGetFileExtension
CreateSMTPTransport
MimeOleAlgStrengthFromSMimeCap
DllGetClassObject
CreateRASTransport
MimeOleCreateBody
EssSignCertificateDecodeEx

query

??1CSort@@QAE@XZ
?DeleteRegistryParamNoThrow@CCatalogAdmin@@QAEXPBG@Z
?IsLeaf@CRestriction@@QBEHXZ
?GetDrive@CDriveInfo@@SGXPBGPAG@Z
??0CCiAdminParams@@QAE@PAVCLangList@@@Z
??0CAllocStorageVariant@@QAE@W4VARENUM@@KAAVPMemoryAllocator@@@Z
??1CColumns@@QAE@XZ
?GetPhysicalPath@CWebServer@@QAEKPBGPAGKK@Z
??0CAllocStorageVariant@@QAE@PBDAAVPMemoryAllocator@@@Z
?AcceptCommand@CQueryScanner@@QAEXXZ
?Read@CRegAccess@@QAEPAGPBG0@Z
?GetCY@CAllocStorageVariant@@QBE?ATtagCY@@I@Z
??0CPropertyValueParser@@QAE@AAVCQueryScanner@@GK@Z
?Release@CDbProperties@@UAGKXZ
?SetPhrase@CContentRestriction@@QAEXPBG@Z
?QueryScopeList@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
?Pause@CCatalogAdmin@@QAEHXZ
?_pGlobalPropListFile@CLocalGlobalPropertyList@@0PAVCPropListFile@@A
??1CPropertyStoreWids@@QAE@XZ
??1CDbPropBaseRestriction@@QAE@XZ
?InitializeForRead@CDynStream@@QAEXXZ
?SetDWORDParam@CCatalogAdmin@@QAEXPBGK@Z
?GetTotalSizeInKB@CPropStoreManager@@QAEKXZ
?AcqLine@CQueryScanner@@QAEPAGH@Z
?GetUShort@CMemDeSerStream@@UAEGXZ
?Init@CRegChangeEvent@@QAEXXZ
?NewStemmer@CCiOle@@SGPAUIStemmer@@ABU_GUID@@@Z
?GetPropTypeCount@CEmptyPropertyList@@SGIXZ
?SetI8@CStorageVariant@@QAEXT_LARGE_INTEGER@@I@Z
?AddScope@CCatalogAdmin@@QAEXPBG0H00@Z
?Init@CFileMapView@@QAEXXZ
?ChangeDirty@CPropStoreInfo@@AAEXH@Z
?ReOpenStream@CPhysIndex@@EAEXXZ
?FormFullTree@CTextToTree@@QAEPAUtagDBCOMMANDTREE@@XZ
?CheckHasIndexTable@CiStorage@@SGHPBG@Z
?EndTransaction@CPropStoreManager@@QAEXKHKK@Z
?EnumerateValues@CRegAccess@@QAEXPAGAAVCRegCallBack@@@Z
?SkipWChar@CMemDeSerStream@@UAEXK@Z
?GetCGIVariableW@CWebServer@@QAEHPBGAAV?$XArray@G@@AAK@Z

powrprof

DeletePwrScheme
GetCurrentPowerPolicies
ReadProcessorPwrScheme
CanUserWritePwrScheme
IsAdminOverrideActive
ReadGlobalPwrPolicy
EnumPwrSchemes
LoadCurrentPwrScheme
IsPwrHibernateAllowed
GetActivePwrScheme
GetPwrCapabilities
WritePwrScheme
MergeLegacyPwrScheme
IsPwrShutdownAllowed
WriteProcessorPwrScheme
CallNtPowerInformation
WriteGlobalPwrPolicy
IsPwrSuspendAllowed
GetPwrDiskSpindownRange
ValidatePowerPolicies
SetSuspendState
ReadPwrScheme
SetActivePwrScheme

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ecc02d3efe683bfa8477a34e3a908c1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt40

opengl32

inetcomm

query

powrprof

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 130KB - Virtual size: 130KB

.data Size: 512B - Virtual size: 564KB

.rsrc Size: 158KB - Virtual size: 158KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 130KB - Virtual size: 130KB

.data
Size: 512B - Virtual size: 564KB

.rsrc
Size: 158KB - Virtual size: 158KB

.reloc
Size: 1024B - Virtual size: 1024B