aaa554cacfc75fb8d69246ee58cc9eeb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aaa554cacfc75fb8d69246ee58cc9eeb_JaffaCakes118
Size

830KB
MD5

aaa554cacfc75fb8d69246ee58cc9eeb
SHA1

ba99e1e8e82495f0e9420503d8ff32ef6e720234
SHA256

2696f5e10896e4d38eaa314989dda2a8756d70da6a70f8eff2c124e5587f0b74
SHA512

aa718bd005bb47cfb229f0603ec8de73287fa54fa46354f9db96db009b7c32506b03be1499a555dc936c9598431fd05986e4ddb7ba74dd9b7c391ea6fb663264
SSDEEP

12288:oNnXE5owVeCH8GIsik8UJUNonwnHy2nq9g+k/usvYAuqNycCknnMko7O:oNe0si2Jky2nq9gL/usvl1CknnHo7O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aaa554cacfc75fb8d69246ee58cc9eeb_JaffaCakes118

Files

aaa554cacfc75fb8d69246ee58cc9eeb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

434d7cb9c5f1307602a673ac53be9650

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_network
EnumProtocolsW
GetAcceptExSockaddrs
htons
getpeername
WSASetLastError
shutdown
WSApSetPostRoutine
connect
inet_ntoa
WEP
recvfrom
WSAIsBlocking
send
WSACleanup
htonl
GetServiceW
GetTypeByNameA
getservbyport
SetServiceA
gethostbyname
ntohl
getsockopt
ntohs
AcceptEx
WSAAsyncSelect
setsockopt
listen
EnumProtocolsA
dn_expand
WSAAsyncGetHostByAddr
WSAUnhookBlockingHook
sethostname

query

?GetCategory@CCatState@@QBEPBGI@Z
?GrowBuffer@CVirtualString@@AAEXK@Z
??0CDbColId@@QAE@ABUtagDBID@@@Z
??0CCategorizationSet@@QAE@I@Z
??1SStorageObject@@QAE@XZ
?SetUI4@CStorageVariant@@QAEXKI@Z
??4CDbByGuid@@QAEAAV0@ABV0@@Z
?Map@CMmStreamConsecBuf@@QAEXK@Z
?GetDiskSpace@CDriveInfo@@QAEXAA_J0@Z
?CloseRecord@CPropStoreManager@@QAEXPAVCCompositePropRecord@@@Z
??1?$XPtr@VCDbColumnNode@@@@QAE@XZ
??1CVirtualString@@QAE@XZ
?SetValue@CPropertyRestriction@@QAEXPAG@Z
?PutWString@@YGXAAVPSerStream@@PBG@Z
??0CCatState@@QAE@XZ
?GetBlob@CMemDeSerStream@@UAEXPAEK@Z
?ReadProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@@Z
?AcceptCommand@CQueryScanner@@QAEXXZ
?GetCLSID@CAllocStorageVariant@@QBE?AU_GUID@@I@Z
?AddSortColumn@CDbSortNode@@QAEHABUtagDBID@@HK@Z
?StopFiltering@CFilterDaemon@@QAEXXZ
?SetCD@CCatState@@QAEXPBG@Z
??0CAllocStorageVariant@@QAE@AAUtagPROPVARIANT@@AAVPMemoryAllocator@@@Z
?FormFullTree@CTextToTree@@QAEPAUtagDBCOMMANDTREE@@XZ
?ResetType@CAllocStorageVariant@@IAEXAAVPMemoryAllocator@@@Z
CITextToSelectTreeEx
?Find@CEmptyPropertyList@@QAEPBVCPropEntry@@ABVCDbColId@@@Z
??1CDbCmdTreeNode@@QAE@XZ

crtdll

_strupr
_fullpath
_CIpow
_mbcjistojms
_popen
_findnext
exp
_vsnwprintf
_strdate
iswlower
_fpieee_flt
_execve
strtoul
setvbuf
_pgmptr_dll
strlen
_c_exit
rand
_strset
_close
_get_osfhandle
_ismbbkpunct
_mbsrev
_CIatan2
islower
_osmode_dll
_mbsnbcmp
memset
_umask
_strdup
_matherr
_CIsqrt

dssenh

CPCreateHash
CPSetKeyParam
CPEncrypt
CPGenRandom
CPSetHashParam
CPDuplicateHash
CPHashData
CPSignHash
CPExportKey
CPGetUserKey
CPDuplicateKey
CPDestroyKey
CPGetProvParam
CPDeriveKey
CPVerifySignature
DllRegisterServer
CPHashSessionKey
CPReleaseContext
CPGetHashParam
CPDestroyHash
CPGetKeyParam
DllUnregisterServer
CPAcquireContext
CPImportKey
CPDecrypt
CPGenKey
CPSetProvParam

kernel32

GetDiskFreeSpaceExA
QueryPerformanceFrequency
SetConsoleMenuClose
LZRead
DeleteCriticalSection
BindIoCompletionCallback
ConvertFiberToThread
ReadDirectoryChangesW
AddRefActCtx
GetPrivateProfileSectionNamesW
GetAtomNameW
CreateDirectoryA
LeaveCriticalSection
GetUserDefaultLangID
GetStringTypeExA
WaitCommEvent
BeginUpdateResourceA
GetLastError
SetDefaultCommConfigW
SetProcessAffinityMask
LoadLibraryA
TzSpecificLocalTimeToSystemTime
SetConsoleMaximumWindowSize
SetConsoleInputExeNameA
FatalAppExitA
GetProcessAffinityMask
CancelWaitableTimer
VirtualAlloc
EnterCriticalSection
GetProfileSectionA
DuplicateHandle
lstrcpynA
lstrcmp
CancelTimerQueueTimer
SetThreadAffinityMask
BuildCommDCBA
CreateFileMappingA
GlobalFindAtomA
GetComputerNameExA
FlushViewOfFile
GetLogicalDrives
HeapWalk

msvcp60

?max@?$numeric_limits@C@std@@SACXZ
??1strstream@std@@UAE@XZ
?what@logic_error@std@@UBEPBDXZ
?to_int_type@?$char_traits@G@std@@SAGABG@Z
??_F?$moneypunct@D$0A@@std@@QAEXXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
?_Init@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
?pbackfail@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGG@Z
?precision@ios_base@std@@QAEHH@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAGH@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??4Init@ios_base@std@@QAEAAV012@ABV012@@Z
??1strstreambuf@std@@UAE@XZ
?log@?$_Ctr@O@std@@SAOO@Z
??1?$ctype@D@std@@UAE@XZ
??Gstd@@YA?AV?$complex@M@0@ABV10@0@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXF@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
?_Doraise@runtime_error@std@@MBEXXZ
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@G@Z
?_Isnan@?$_Ctr@O@std@@SA_NO@Z
??4?$complex@O@std@@QAEAAV01@ABO@Z

icm32

CMCreateTransformExtW
CMTranslateRGB
CMCheckColorsInGamut
CMConvertColorNameToIndex
CMTranslateRGBsExt
CMCreateTransform
CMCheckColors
CMCheckRGBs
CMIsProfileValid
CMCreateTransformW
CMTranslateColors
CMGetNamedProfileInfo
CMTranslateRGBs
CMCreateMultiProfileTransform
CMCreateTransformExt
CMCreateProfileW
CMConvertIndexToColorName
CMCreateProfile
CMCreateDeviceLinkProfile
CMGetInfo
CMDeleteTransform

comsvcs

MTSCreateActivity
GetMTAThreadPoolMetrics
GetObjectContext
DllUnregisterServer
MiniDumpW
GetTrkSvrObject
CoLeaveServiceDomain
CoCreateActivity
DllRegisterServer
CoEnterServiceDomain
RecycleSurrogate
DispManGetContext
ComSvcsLogError
CosGetCallContext
CoLoadServices
DllGetClassObject
ComSvcsExceptionFilter
SafeRef

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 710KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

434d7cb9c5f1307602a673ac53be9650

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

query

crtdll

dssenh

kernel32

msvcp60

icm32

comsvcs

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 85KB - Virtual size: 85KB

.data Size: 710KB - Virtual size: 2.0MB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 710KB - Virtual size: 2.0MB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB