b06b88a4eb0b7d0f9e14743b665c0452_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b06b88a4eb0b7d0f9e14743b665c0452_JaffaCakes118
Size

28KB
MD5

b06b88a4eb0b7d0f9e14743b665c0452
SHA1

417cfa0a9ef94b6074105a3f932cff7954d47e36
SHA256

c6457a914eeb79127d6bb8acbad9d459422d2800a5ffe9a8f27c74e4ef34656d
SHA512

51b081a59fec48760d341c4c2ad078b0f3d7347fb6209b0c0253d92ae5d031f7714f4a968e6d71d517150bb14c1f07663104625f173a12dc15a80333db3fc099
SSDEEP

384:Xw8a1NbEYhcCln0qk/6CW8Kyz5wKlv6TxnmZaAylSnvCBTtnQGvl0VM10poULYas:XgtbcCd03SZMwdngvYtl50pokYa9wWS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b06b88a4eb0b7d0f9e14743b665c0452_JaffaCakes118

Files

b06b88a4eb0b7d0f9e14743b665c0452_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e5fa4ba9a8ecdf530d1b9e6599443c6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rtm

RtmWriteInstanceConfig
RtmGetListEnumRoutes
RtmGetEnumRoutes
RtmReleaseDestInfo
RtmGetAddressFamilyInfo
MgmReleaseInterfaceOwnership
RtmDeregisterEntity
RtmRegisterEntity
RtmReleaseChangedDests
MgmGetMfe
RtmGetChangedDests
RtmDeleteRouteToDest
RtmGetRegisteredEntities
MgmGroupEnumerationStart
MgmGetFirstMfe
RtmDeleteRoute
RtmCreateDestEnum
RtmGetNextHopInfo
RtmGetEnumDests
RtmGetOpaqueInformationPointer
CheckTable
MgmGetFirstMfeStats
RtmWriteAddressFamilyConfig
RtmGetRoutePointer
DeleteFromTable
RtmDeregisterFromChangeNotification
RtmReadAddressFamilyConfig
RtmCreateRouteList
RtmLockRoute
RtmGetDestInfo
RtmBlockDeleteRoutes
RtmCreateRouteEnum
RtmReadInstanceConfig
RtmReferenceHandles
MgmDeInitialize
RtmMarkDestForChangeNotification
RtmIsMarkedForChangeNotification
RtmReleaseNextHopInfo
MgmInitialize
RtmDereferenceHandles
RtmUpdateAndUnlockRoute
MgmDeRegisterMProtocol
MgmGroupEnumerationEnd
MgmTakeInterfaceOwnership

msvcp60

??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
?_Clocptr@_Locimp@locale@std@@0PAV123@A
?quiet_NaN@?$numeric_limits@_N@std@@SA_NXZ
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
_Sinh
??_F?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?underflow@?$basic_filebuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?epsilon@?$numeric_limits@H@std@@SAHXZ
?truename@?$numpunct@D@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?sinh@std@@YA?AV?$complex@M@1@ABV21@@Z
?sqrt@?$_Ctr@M@std@@SAMM@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?imag@?$_Complex_base@M@std@@QBEMXZ
?pubimbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@ABV01@@Z
?do_neg_format@?$_Mpunct@D@std@@MBE?AUpattern@money_base@2@XZ
?exceptions@ios_base@std@@QAEXH@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
??0?$_Mpunct@G@std@@QAE@I_N@Z
btowc
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?denorm_min@?$numeric_limits@_N@std@@SA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?in_avail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?denorm_min@?$numeric_limits@K@std@@SAKXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?max@?$numeric_limits@J@std@@SAJXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIXZ
?ldexp@?$_Ctr@M@std@@SAMMH@Z
?_Getcat@?$moneypunct@D$0A@@std@@SAIXZ
?register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z

ir41_qc

Compress
AllocInstanceData
CompressFramesInfo
DllMain
FreeInstanceData
CompressBegin
SetScalability
CompressEnd

ulib

??OWSTRING@@QBEEABV0@@Z
??1MULTIPLE_PATH_ARGUMENT@@UAE@XZ
?Initialize@CONT_MEM@@QAEEPAXK@Z
?QueryFile@SYSTEM@@SGPAVFSN_FILE@@PBVPATH@@EPAE@Z
??4BSTRING@@QAEAAV0@ABV0@@Z
?Cast@SCREEN@@SGPAV1@PBVOBJECT@@@Z
?QueryByteCount@WSTRING@@QBEKXZ
??0PROGRAM@@IAE@XZ
?QueryIterator@ARRAY@@UBEPAVITERATOR@@XZ
?SetIdsr@COMM_DEVICE@@QAEEE@Z
??0DSTRING@@QAE@XZ
?Put@LIST@@UAEEPAVOBJECT@@@Z
??0BITVECTOR@@QAE@XZ
?DisplayMsg@MESSAGE@@QAAEKW4MESSAGE_TYPE@@KPBDZZ
??1SCREEN@@UAE@XZ
?DeleteAllMembers@ARRAY@@UAEEXZ
??0PATH_ARGUMENT@@QAE@XZ
?QueryFullPathString@PATH@@QBEPAVWSTRING@@XZ
?QueryNextLoggedMessage@MESSAGE@@QAEEPAVFSTRING@@@Z
??1BDSTRING@@UAE@XZ
?Initialize@MEM_BLOCK_MGR@@QAEEKK@Z
?Fatal@PROGRAM@@UBAXKKPADZZ
?Initialize@PRINT_STREAM@@QAEEPBVPATH@@@Z
??1ARRAY@@UAE@XZ
?QueryMemberCount@SORTED_LIST@@UBEKXZ
??1TIMEINFO_ARGUMENT@@UAE@XZ
?QueryStream@FSN_FILE@@QAEPAVFILE_STREAM@@W4STREAMACCESS@@K@Z
?GetStandardOutput@PROGRAM@@UAEPAVSTREAM@@XZ
?FindFirstFileW@@YGPAXPBVPATH@@PAU_WIN32_FIND_DATAW@@@Z
?SetRtsControl@COMM_DEVICE@@QAEEW4RTS_CONTROL@@@Z
?QueryRoot@PATH@@QAEPAVWSTRING@@XZ
?WaitForUserSignal@MESSAGE@@UAEEXZ
??1BITVECTOR@@UAE@XZ
?PutMultipleSwitch@ARGUMENT_LEXEMIZER@@QAEXPBVWSTRING@@@Z
?QueryPackedLog@MESSAGE@@QAEEPAVHMEM@@PAK@Z
?QueryResourceStringV@BASE_SYSTEM@@SGEPAVWSTRING@@KPBDPAD@Z
??4WSTRING@@QAEAAV0@ABV0@@Z
?NewBuf@BDSTRING@@UAEEK@Z
?ResetBit@BITVECTOR@@QAEXKK@Z
?DeleteChAt@BSTRING@@QAEXKK@Z
?SetSize@BITVECTOR@@QAEKKW4BIT@@@Z

dispex

DllCanUnloadNow
DllGetClassObject
DllUnregisterServer
GetProxyDllInfo
DllRegisterServer

opengl32

glTexGendv
glIndexd
glReadBuffer
glGetFloatv
wglCreateContext
glBlendFunc
glEnd
GlmfPlayGlsRecord
glVertex3sv
glGetIntegerv
glColor4ub
glLoadMatrixd
glTexParameteriv
glOrtho
wglUseFontOutlinesW
glRasterPos3iv
glGetBooleanv
glPixelMapusv
glTexCoord3s
glRasterPos4d
glRasterPos3s
glIndexPointer
glRasterPos2f
glIndexdv
glPointSize
glEdgeFlagv
glCopyTexSubImage1D
glVertex4d
glStencilOp
glEvalCoord2dv
glEdgeFlagPointer
glEvalCoord2f
glColor4sv
glColor4d
glFrontFace
glEnable
wglChoosePixelFormat

oledlg

OleUIPasteSpecialA
OleUIAddVerbMenuW
OleUIConvertW
OleUICanConvertOrActivateAs
OleUIBusyW
OleUIChangeSourceW
OleUIEditLinksW
OleUIInsertObjectW
OleUIInsertObjectA
OleUIChangeIconA
OleUIObjectPropertiesA
OleUIAddVerbMenuA
OleUIPromptUserA
OleUIObjectPropertiesW
OleUIUpdateLinksA
OleUIPasteSpecialW
OleUIEditLinksA
OleUIChangeIconW
OleUIChangeSourceA
OleUIUpdateLinksW
OleUIConvertA
OleUIPromptUserW
OleUIBusyA

kernel32

Beep
ReadConsoleInputA
GetNativeSystemInfo
GetConsoleAliasExesLengthA
ReplaceFile
OpenMutexA
MulDiv
FindActCtxSectionGuid
BackupRead
lstrcmpA
LoadLibraryA
InvalidateConsoleDIBits
UpdateResourceA
GetVersion
Sleep
SetCriticalSectionSpinCount
GetPrivateProfileStringA
GetConsoleAliasesW
GetFullPathNameW
GetExpandedNameA
SetFileAttributesA
GetNamedPipeHandleStateW
LocalFlags
PostQueuedCompletionStatus
EnumDateFormatsA
WriteConsoleInputW
VirtualAlloc
WritePrivateProfileStringA

pdh

PdhGetFormattedCounterArrayA
PdhGetLogFileSize
PdhGetCounterInfoA
PdhBindInputDataSourceW
PdhRelogA
PdhTranslateLocaleCounterW
PdhEnumObjectsW
PdhOpenLogW
PdhCloseQuery
PdhExpandWildCardPathW
PdhVbUpdateLog
PdhVbOpenQuery
PdhGetDefaultPerfObjectHA
PdhVbGetCounterPathFromList
PdhTranslate009CounterW
PdhGetDefaultPerfCounterW
PdhGetRawCounterArrayW
PdhLookupPerfIndexByNameW
PdhGetFormattedCounterArrayW
PdhVbGetDoubleCounterValue
PdhMakeCounterPathW
PdhSetCounterScaleFactor
PdhVbAddCounter
PdhGetDefaultPerfCounterHA
PdhCollectQueryData
PdhExpandWildCardPathHW
PdhOpenQuery
PdhEnumMachinesA
PdhGetDataSourceTimeRangeH
PdhTranslateLocaleCounterA
PdhCloseLog
PdhTranslate009CounterA
PdhExpandWildCardPathA
PdhEnumObjectItemsA
PdhVerifySQLDBW
PdhCreateSQLTablesW
PdhIsRealTimeQuery
PdhBrowseCountersHW

user32

SetFocus

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e5fa4ba9a8ecdf530d1b9e6599443c6a

Headers

DLL Characteristics

File Characteristics

Imports

rtm

msvcp60

ir41_qc

ulib

dispex

opengl32

oledlg

kernel32

pdh

user32

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 1KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1KB - Virtual size: 1KB