ac1aefa57a91328f1e2224ef6708c715_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ac1aefa57a91328f1e2224ef6708c715_JaffaCakes118
Size

363KB
MD5

ac1aefa57a91328f1e2224ef6708c715
SHA1

9810961bef6f905856b97efc881e09f119086f48
SHA256

2d9522c1d0f5ea852558e1b3877d73f8ee2d5c9d44d1d8bc687bbf04c46766a0
SHA512

fbb66c37126d95cd59a4dfb7c880c1a18a9fa8afe6bcba7ec6b34d67e54cd72a0157ff69c38f51f5e16709a348f7056f5133c1117ccc39a240bc28771ab0f48b
SSDEEP

6144:T56+Aq4WBTWpSqXhpe4ioU2UvHANg412x:NONXi4iJ2cgihx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac1aefa57a91328f1e2224ef6708c715_JaffaCakes118

Files

ac1aefa57a91328f1e2224ef6708c715_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2eaf7681cf60327cff49f2244e0aa8b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\nt\dnsrv\sdktools\reskit\content\subinacl\source\obj\i386\subinacl.pdb

Imports

kernel32

WriteConsoleOutputW
FormatMessageW
CloseHandle
GetLastError
GetCurrentProcess
GetCurrentThread
GetConsoleScreenBufferInfo
GetStdHandle
SetLastError
MultiByteToWideChar
WriteFile
WriteConsoleW
SetConsoleTextAttribute
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetFileInformationByHandle
CreateFileW
DeviceIoControl
GetCompressedFileSizeW
GetFileSizeEx
GetComputerNameW
WideCharToMultiByte
OpenProcess
GetFullPathNameW
FindClose
FindNextFileW
FindFirstFileW
ExitProcess
ExpandEnvironmentStringsW
GetCommandLineW
SetConsoleCtrlHandler
ReadFile
GetLargestConsoleWindowSize
GetModuleFileNameW
FreeLibrary
FileTimeToSystemTime
FileTimeToLocalFileTime
QueryDosDeviceW
ReadConsoleW
GetSystemTime
GetTickCount
SetConsoleActiveScreenBuffer
LocalFree
SystemTimeToFileTime
SetConsoleScreenBufferSize
CreateConsoleScreenBuffer
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

mfc42u

ord861
ord800
ord540
ord535
ord3658
ord823
ord538
ord2836
ord825
ord2910
ord858
ord5446
ord6390
ord2099
ord5436
ord6379
ord4199
ord5679
ord4273
ord6279
ord6278
ord5706
ord1863
ord5826
ord3722
ord542
ord802
ord5597
ord6563
ord3898
ord2036
ord5830
ord2440
ord537
ord2756
ord2755
ord2810
ord940
ord925
ord922
ord941
ord942
ord924
ord536
ord4197
ord927
ord4124
ord4272

msvcrt

malloc
wprintf
_getch
wcsstr
_wcsicmp
wcsncat
sprintf
wcschr
_wtoi
__RTDynamicCast
iswprint
printf
_c_exit
_exit
wcsncmp
swscanf
wcsrchr
towupper
_purecall
wcsncpy
wcscmp
fclose
_wfopen
_setmode
fread
fwrite
fseek
swprintf
free
__CxxFrameHandler
_CxxThrowException
_XcptFilter
_cexit
exit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
wcscpy
wcslen
wcscat
_controlfp

msvcirt

??6ostream@@QAEAAV0@PBX@Z
?cout@@3Vostream_withassign@@A

msvcp60

?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
?open@?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXPBDH@Z
??_D?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXXZ
?close@?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXXZ
??1?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
?wcin@std@@3V?$basic_istream@GU?$char_traits@G@std@@@1@A
?getline@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@PAGH@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?wcerr@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAG@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PBX@Z

advapi32

SetSecurityDescriptorGroup
RegGetKeySecurity
GetNamedSecurityInfoW
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetAclInformation
GetAce
InitializeAcl
AddAce
RegConnectRegistryW
SetNamedSecurityInfoW
SetSecurityInfo
EnumServicesStatusW
OpenServiceW
RegSetKeySecurity
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
MakeSelfRelativeSD
GetSecurityDescriptorLength
SetKernelObjectSecurity
QueryUsersOnEncryptedFile
QueryRecoveryAgentsOnEncryptedFile
FreeEncryptionCertificateHashList
ConvertSecurityDescriptorToStringSecurityDescriptorW
EqualSid
LookupPrivilegeValueW
AdjustTokenPrivileges
PrivilegeCheck
LookupAccountSidW
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorOwner
GetSecurityInfo
AddAccessAllowedAce
InitializeSid
GetKernelObjectSecurity
GetSecurityDescriptorControl
CopySid
GetLengthSid
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
AccessCheck
MapGenericMask
DeleteAce
FreeSid
EqualPrefixSid
AllocateAndInitializeSid
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
IsValidSid
LookupAccountNameW
ConvertSidToStringSidW
RegEnumKeyExW
RegQueryInfoKeyW
OpenSCManagerW
LogonUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LsaFreeMemory
LsaClose
LsaQueryInformationPolicy
LsaOpenPolicy

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

netapi32

NetShareSetInfo
NetApiBufferFree
NetWkstaGetInfo
NetGetAnyDCName
NetServerGetInfo
NetUserModalsGet

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

winspool.drv

ClosePrinter
EnumPrintersW
GetPrinterW
OpenPrinterW
SetPrinterW

clusapi

CloseCluster
CloseClusterResource
ClusterCloseEnum
ClusterResourceControl
OpenClusterResource
ClusterEnum
ClusterOpenEnum
OpenCluster

ole32

CoInitialize
CoCreateInstanceEx

user32

wsprintfW

samlib

SamSetSecurityObject
SamLookupNamesInDomain
SamOpenUser
SamOpenAlias
SamOpenGroup
SamOpenDomain
SamCloseHandle
SamEnumerateGroupsInDomain
SamEnumerateUsersInDomain
SamEnumerateAliasesInDomain
SamFreeMemory
SamConnect
SamQuerySecurityObject

ntdll

RtlInitUnicodeString
RtlNtStatusToDosError

shell32

CommandLineToArgvW

Sections

.text
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ldata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2eaf7681cf60327cff49f2244e0aa8b4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

mfc42u

msvcrt

msvcirt

msvcp60

advapi32

version

netapi32

mpr

winspool.drv

clusapi

ole32

user32

samlib

ntdll

shell32

Sections

.text Size: 274KB - Virtual size: 274KB

.data Size: 4KB - Virtual size: 53KB

.rsrc Size: 4KB - Virtual size: 3KB

.ldata Size: 80KB - Virtual size: 80KB

.text
Size: 274KB - Virtual size: 274KB

.data
Size: 4KB - Virtual size: 53KB

.rsrc
Size: 4KB - Virtual size: 3KB

.ldata
Size: 80KB - Virtual size: 80KB