af43ecc9d6c6991d799939c81cb3b513_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af43ecc9d6c6991d799939c81cb3b513_JaffaCakes118
Size

872KB
MD5

af43ecc9d6c6991d799939c81cb3b513
SHA1

2430a317419dd5054bb69096377c2feb14c0acd0
SHA256

a1022902ba208f2e69fd27e3a8800981acb55856aec422ff60cbe7810d80171f
SHA512

221b99fd457cc3ca4be4b1843b85e8d7b4a33953159179d464e8e308bcace59562a4eae61a5fd6ab09e85c9d1ee437fc86d7bd2f5e8f1e81149a3507e4adf109
SSDEEP

24576:9obmZD8ZC0GyoSB8u5MWji2olkET97lrLd7aCCmCNUOi:9obmZDT0L5ttET97hR7j5CNU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af43ecc9d6c6991d799939c81cb3b513_JaffaCakes118

Files

af43ecc9d6c6991d799939c81cb3b513_JaffaCakes118
.exe windows:5 windows x86 arch:x86

321c0bb0b2b93357fe6f79c31719705a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msdart

?Clear@CLKRLinearHashTable@@QAEXXZ
SetMemHook
?IsReadLocked@CFakeLock@@QBE_NXZ
?IsUnlocked@CLockedDoubleList@@QBE_NXZ
?WriteUnlock@CReaderWriterLock@@QAEXXZ
?CheckTable@CLKRHashTable@@QBEHXZ
?_Initialize@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@P6G?BKPBX@ZP6GKK@ZP6G_NKK@ZP6GX0H@ZPBDNK@Z
?ReadUnlock@CLKRLinearHashTable@@QBEXXZ
?sm_lpOSVERSIONINFO@CMdVersionInfo@@0PAU_OSVERSIONINFOW@@A
?SetSpinCount@CFakeLock@@QAE_NG@Z
?sm_wDefaultSpinCount@CSmallSpinLock@@1GA
?Pop@CLockedSingleList@@QAEQAVCSingleListEntry@@XZ
??1CReaderWriterLock3@@QAE@XZ
?IsReadUnlocked@CLKRLinearHashTable@@QBE_NXZ
?sm_wDefaultSpinCount@CReaderWriterLock2@@1GA
??1CSingleList@@QAE@XZ
?DeleteKey@CLKRHashTable@@QAE?AW4LK_RETCODE@@K@Z
?IsReadUnlocked@CSpinLock@@QBE_NXZ
?HeadNode@CLockedDoubleList@@QBEQBVCListEntry@@XZ
?_LockSpin@CSpinLock@@AAEXXZ
?TryWriteLock@CReaderWriterLock2@@QAE_NXZ
?GetStatistics@CLKRHashTable@@QBE?AVCLKRHashTableStats@@XZ
?ConvertSharedToExclusive@CReaderWriterLock2@@QAEXXZ
?Unlock@CLockedDoubleList@@QAEXXZ
?ReadUnlock@CSmallSpinLock@@QAEXXZ
?_H1@CLKRLinearHashTable@@ABEKK@Z
?IsLocked@CLockedSingleList@@QBE_NXZ
?WriteUnlock@CReaderWriterLock3@@QAEXXZ
??0CLockedSingleList@@QAE@XZ
?GetDefaultSpinCount@CReaderWriterLock3@@SGGXZ
?sm_dblDfltSpinAdjFctr@CFakeLock@@1NA
?TryReadLock@CFakeLock@@QAE_NXZ
?ConvertExclusiveToShared@CReaderWriterLock@@QAEXXZ
?sm_pfnTryEnterCriticalSection@CCriticalSection@@0P6GHPAU_RTL_CRITICAL_SECTION@@@ZA
?IsWriteLocked@CLKRHashTable@@QBE_NXZ
?GetDefaultSpinAdjustmentFactor@CSpinLock@@SGNXZ
??4CLKRHashTableStats@@QAEAAV0@ABV0@@Z
?_ExtractKey@CLKRHashTable@@ABE?BKPBX@Z
?GetDefaultSpinCount@CReaderWriterLock@@SGGXZ

msls31

LsGetRubyLsimethods
LssbGetNumberDnodesInSubline
LssbGetVisibleDcpInSubline
LssbGetObjDimSubline
LsPointUV2FromPointUV1
LsdnSubmitSublines
LsAppendRunToCurrentSubline
LsDestroyLine
LssbFDonePresSubline
LsdnModifyParaEnding
LsdnFinishRegular
LsQueryPointPcpSubline
LsGetHihLsimethods
LsDisplayLine
LssbFDoneDisplay
LsdnSetRigidDup
LsQueryFLineEmpty
LsdnQueryPenNode
LsEnumSubline
LsGetTatenakayokoLsimethods
LsdnGetCurTabInfo
LssbGetDurTrailWithPensInSubline
LsLwMultDivR
LsCreateSubline
LsGetReverseLsimethods
LsGetWarichuLsimethods
LsdnFinishDelete
LsGetMinDurBreaks
LsModifyLineHeight
LssbGetPlsrunsFromSubline
LsQueryTextCellDetails
LsGetLineDur
LsdnSetAbsBaseLine
LsTruncateSubline

rasdlg

RouterEntryDlgA
RasSrvHangupConnection
RasUserPrefsDlg
RasDialDlgW
RasSrvAddPropPages
GetRasDialOutProtocols
RasSrvCleanupService
RasPhonebookDlgA
RasSrvIsConnectionConnected
RasSrvInitializeService
RasUserGetManualDial
RasEntryDlgW
RasUserEnableManualDial
RasAutodialQueryDlgA
RasDialDlgA
DwTerminalDlg
RasSrvIsServiceRunning
RasSrvEnumConnections
RasPhonebookDlgW
RasEntryDlgA
RasAutodialQueryDlgW
RouterEntryDlgW
RasSrvAllowConnectionsConfig

kernel32

SetFilePointerEx
Heap32First
GetCurrentThread
SetHandleContext
HeapSetInformation
WritePrivateProfileStructW
FreeLibraryAndExitThread
GetDevicePowerState
ReadConsoleW
GetSystemWindowsDirectoryW
GetUserGeoID
DelayLoadFailureHook
InitializeCriticalSectionAndSpinCount
EnumerateLocalComputerNamesW
EnumTimeFormatsW
GetCurrentProcess
LCMapStringW
GetConsoleCharType
WaitForMultipleObjectsEx
InterlockedPushEntrySList
FindFirstFileW
WriteConsoleInputVDMW
HeapUnlock
GetPrivateProfileIntA
LeaveCriticalSection
OpenMutexW
EnterCriticalSection
UTUnRegister
GetEnvironmentStringsA
InitializeCriticalSection
LoadLibraryA
VirtualAlloc
SetConsoleMaximumWindowSize
FindNextVolumeMountPointW
PrepareTape
FindResourceW
GetThreadLocale
SwitchToThread
SetConsoleHardwareState
DeleteCriticalSection
SetCommConfig

odbc32

CollectODBCPerfData
OpenODBCPerfData
SQLPrepareA
SQLGetDescRecW
SQLBindParam
SQLSpecialColumnsW
SQLSetConnectOption
SQLConnectA
SQLSpecialColumns
SQLFreeStmt
SQLSetPos
SQLDescribeColA
SQLPrimaryKeysA
SQLErrorW
SQLGetCursorNameA
SQLGetConnectAttr
SQLGetDiagRecA
SQLGetStmtAttrA
SQLConnect
SQLGetDescField
SQLGetConnectOption
SQLSetStmtOption
SQLTablesW
SQLGetConnectOptionA
SQLSetCursorNameW
SQLProcedureColumnsA
SQLColumnsA
SQLAllocHandleStd
ValidateErrorQueue

ntdll

NtPrivilegedServiceAuditAlarm
RtlExitUserThread
strncat
RtlConsoleMultiByteToUnicodeN
NtSetTimerResolution
RtlUnicodeToCustomCPN
RtlAbsoluteToSelfRelativeSD
RtlDoesFileExists_U
NtQuerySystemTime
iswxdigit
DbgUiRemoteBreakin
ZwRemoveProcessDebug
iswalpha
RtlDeleteNoSplay
RtlUnicodeStringToCountedOemString
LdrFindResource_U
ZwCreateSection
_allshl
NtCreateFile
ZwCreateFile
NtDuplicateObject
NtCreateEventPair
ZwGetDevicePowerState
ZwQueryDefaultUILanguage
RtlGetGroupSecurityDescriptor
RtlFindSetBits
NtDeleteKey
RtlFindClearBitsAndSet
RtlInsertElementGenericTable
RtlGetNtVersionNumbers
ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
RtlExtendedIntegerMultiply
RtlAllocateHeap
_memccpy
ZwResumeThread
ZwTerminateThread
ZwSetSystemEnvironmentValue

imm32

ImmGetConversionListA
ImmSetCandidateWindow
ImmIsIME
ImmInstallIMEW
ImmGetCandidateListW
ImmGetCompositionFontA
ImmReSizeIMCC
ImmDestroyContext
ImmGetCandidateWindow
ImmSetOpenStatus
ImmGetConversionStatus
ImmEnumRegisterWordA
ImmGetHotKey
ImmGetRegisterWordStyleA
ImmGetIMCCLockCount
ImmGetIMEFileNameA
ImmAssociateContext
ImmPutImeMenuItemsIntoMappedFile
ImmGetCandidateListCountA
ImmIMPGetIMEA
ImmGetImeMenuItemsW
ImmGetDescriptionA
ImmInstallIMEA
ImmGetIMCCSize
ImmCreateSoftKeyboard
ImmRegisterWordW
ImmGetIMEFileNameW
ImmCreateIMCC
ImmNotifyIME
ImmGetCandidateListA
ImmSetActiveContext
ImmGetImeMenuItemsA
ImmGetVirtualKey
ImmUnlockImeDpi
ImmSetHotKey

msvcp60

?_Doraise@underflow_error@std@@MBEXXZ
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
?_Getcat@?$messages@G@std@@SAIXZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?do_thousands_sep@?$_Mpunct@D@std@@MBEDXZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
?isfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_Fbad_cast@std@@QAEXXZ
?epsilon@?$numeric_limits@M@std@@SAMXZ
?signaling_NaN@?$numeric_limits@G@std@@SAGXZ
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?id@?$moneypunct@G$0A@@std@@2V0locale@2@A
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
??4?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
?widen@?$ctype@G@std@@QBEPBDPBD0PAG@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
??0?$numpunct@G@std@@QAE@ABV_Locinfo@1@I@Z
??Kstd@@YA?AV?$complex@M@0@ABV10@ABM@Z
?overflow@?$basic_filebuf@GU?$char_traits@G@std@@@std@@MAEGG@Z
?_Getcat@?$moneypunct@G$0A@@std@@SAIXZ
?thousands_sep@?$_Mpunct@D@std@@QBEDXZ
?quiet_NaN@?$numeric_limits@D@std@@SADXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Isinf@?$_Ctr@M@std@@SA_NM@Z
?close@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@XZ
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
??1_Locinfo@std@@QAE@XZ
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXPADPBD1@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0ID@Z
??1?$collate@G@std@@UAE@XZ
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 396KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

321c0bb0b2b93357fe6f79c31719705a

Headers

DLL Characteristics

File Characteristics

Imports

msdart

msls31

rasdlg

kernel32

odbc32

ntdll

imm32

msvcp60

Sections

.text Size: 174KB - Virtual size: 174KB

.rdata Size: 297KB - Virtual size: 297KB

.data Size: 396KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 174KB - Virtual size: 174KB

.rdata
Size: 297KB - Virtual size: 297KB

.data
Size: 396KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB