b0c9ab29ab6958b54e0078ffbaeb5e43_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b0c9ab29ab6958b54e0078ffbaeb5e43_JaffaCakes118
Size

140KB
MD5

b0c9ab29ab6958b54e0078ffbaeb5e43
SHA1

f3d0c43e6775a23a5d3d2c68318eb4df3dc69f4e
SHA256

84cba5fa06ce8e59d8e8002d0a29213702449ff201887395421caed75a814e17
SHA512

ca85fbd263afa78cadace1ed0345265f6b83aaa5c7c5960043390625f95394cca7a7088092daddbb10c1d59e5d6c962030bbc7257c70a8c9805798cb55a7e0d7
SSDEEP

3072:DFZasDz45mwIkbfugKqKwnPWoyKpcvWaqbqvGxm1R:5ZL4wwHf9NtKv+uuQ1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0c9ab29ab6958b54e0078ffbaeb5e43_JaffaCakes118

Files

b0c9ab29ab6958b54e0078ffbaeb5e43_JaffaCakes118
.exe windows:5 windows x86 arch:x86

33367578ec43813c122e8247c5f18455

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcirt

??0ostream_withassign@@QAE@XZ
?opfx@ostream@@QAEHXZ
?width@ios@@QBEHXZ
?pword@ios@@QBEAAPAXH@Z
??4istrstream@@QAEAAV0@ABV0@@Z
??_8iostream@@7Bostream@@@
??0fstream@@QAE@ABV0@@Z
??_Gstdiobuf@@UAEPAXI@Z
?tellp@ostream@@QAEJXZ
?sgetc@streambuf@@QAEHXZ
?setbuf@strstreambuf@@UAEPAVstreambuf@@PADH@Z
?eatwhite@istream@@QAEXXZ
??_7strstreambuf@@6B@
??5istream@@QAEAAV0@PAD@Z
??5istream@@QAEAAV0@AAI@Z
??0strstreambuf@@QAE@ABV0@@Z
??0ostream@@QAE@PAVstreambuf@@@Z
??1istream_withassign@@UAE@XZ
??_8istream@@7B@
?xsgetn@streambuf@@UAEHPADH@Z
_mtlock
?overflow@strstreambuf@@UAEHH@Z
?put@ostream@@QAEAAV1@E@Z
?attach@fstream@@QAEXH@Z
??_Eostream@@UAEPAXI@Z
??5istream@@QAEAAV0@AAO@Z
??_7ofstream@@6B@
?close@ofstream@@QAEXXZ
?sgetn@streambuf@@QAEHPADH@Z
?cerr@@3Vostream_withassign@@A
??_8strstream@@7Bistream@@@
??4streambuf@@QAEAAV0@ABV0@@Z
??_Gexception@@UAEPAXI@Z
??4ifstream@@QAEAAV0@ABV0@@Z
?rdstate@ios@@QBEHXZ
?seekp@ostream@@QAEAAV1@J@Z
?unlock@ios@@QAAXXZ

kernel32

GetSystemDirectoryA
LoadLibraryA
GetProcessHeaps
GetGeoInfoA
ReplaceFileW
GetEnvironmentVariableA
WriteFile
DebugBreak
GetModuleFileNameW
SetCurrentDirectoryW
CancelTimerQueueTimer
HeapCreate
GetStringTypeExW
_llseek
FlushConsoleInputBuffer
VirtualAlloc
GetShortPathNameA
TlsSetValue
GetFirmwareEnvironmentVariableA
SetStdHandle
QueryDosDeviceA
GetPrivateProfileStringA
CreateTapePartition
GetFileType
RegisterWowBaseHandlers
GetStartupInfoW
GetVolumePathNameW
GetFileAttributesExW
UnhandledExceptionFilter
Toolhelp32ReadProcessMemory
LocalAlloc
SetFilePointerEx
SearchPathW
ResumeThread
ContinueDebugEvent
GetLocaleInfoW
OpenThread
SetUserGeoID
SetupComm
GetConsoleMode
FoldStringW
GetConsoleScreenBufferInfo
ZombifyActCtx
GetVolumePathNameA

psbase

SPCloseItem
SPReleaseContext
SPOpenItem
SPDeleteItem
SPGetSubtypeInfo
SPProviderInitialize
SPReadItem
SPSetProvParam
SPEnumItems
SPGetProvInfo
SPEnumTypes
SPDeleteSubtype
SPGetTypeInfo
SPWriteItem
SPCreateType
SPCreateSubtype
SPDeleteType
SPEnumSubtypes
FPasswordChangeNotify
SPGetProvParam
SPAcquireContext

msdart

?_TryWriteLock@CReaderWriterLock3@@AAE_NJ@Z
?TryWriteLock@CCritSec@@QAE_NXZ
?IsUsable@CLKRLinearHashTable@@QBE_NXZ
??1CSmallSpinLock@@QAE@XZ
?SetDefaultSpinCount@CFakeLock@@SGXG@Z
UMSEnterCSWraper
?sm_dblDfltSpinAdjFctr@CSpinLock@@1NA
?IsWriteLocked@CSmallSpinLock@@QBE_NXZ
?IsUnlocked@CLockedDoubleList@@QBE_NXZ
??1CReaderWriterLock@@QAE@XZ
?IsWriteUnlocked@CFakeLock@@QBE_NXZ
?IsValid@CLKRLinearHashTable@@QBE_NXZ
??4CCritSec@@QAEAAV0@ABV0@@Z
?sm_wDefaultSpinCount@CReaderWriterLock@@1GA
?FindKey@CLKRHashTable@@QBE?AW4LK_RETCODE@@KPAPBX@Z
?IsReadLocked@CLKRLinearHashTable@@QBE_NXZ
??1CSpinLock@@QAE@XZ
?Push@CLockedSingleList@@QAEXQAVCSingleListEntry@@@Z
??4CReaderWriterLock@@QAEAAV0@ABV0@@Z
?IsWin9x@CMdVersionInfo@@SAHXZ
?_ReadOrWriteLock@CLKRLinearHashTable@@ABE_NXZ
?GetDefaultSpinAdjustmentFactor@CFakeLock@@SGNXZ
??0CCritSec@@QAE@XZ
?_PredTrue@CLKRLinearHashTable@@CG?AW4LK_PREDICATE@@PBXPAX@Z
?WriteUnlock@CLKRLinearHashTable@@QBEXXZ
?s_aBucketSizes@?1??BucketSizes@CLKRHashTableStats@@SGPBJXZ@4QBJB
?WriteUnlock@CFakeLock@@QAEXXZ
?ConvertExclusiveToShared@CCritSec@@QAEXXZ
?ReadOrWriteUnlock@CSpinLock@@QAEX_N@Z
?GetDefaultSpinCount@CSpinLock@@SGGXZ
?IsReadLocked@CCritSec@@QBE_NXZ
?Apply@CLKRLinearHashTable@@QAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@@Z
?Push@CSingleList@@QAEXQAVCSingleListEntry@@@Z
?IsValid@CLKRHashTable@@QBE_NXZ
?BucketSize@CLKRHashTableStats@@SGJJ@Z

cmutil

?WPPS@CIniW@@QAEXPBG00@Z
CmLoadSmallIconW
?GPPB@CIniW@@QBEHPBG0H@Z
?LoadSection@CIniA@@QBEPADPBD@Z
??_FCIniA@@QAEXXZ
??4CRandom@@QAEAAV0@ABV0@@Z
?SetWriteICSData@CIniA@@QAEXH@Z
CmEndOfStrW
?WPPI@CIniW@@QAEXPBG0K@Z
?GetPrimaryRegPath@CIniW@@QBEPBGXZ
?IsEnabled@CmLogFile@@QAEHXZ
?CIniA_WriteEntryToReg@CIniA@@IBEHPAUHKEY__@@PBD1PBEKK@Z
?GetRegPath@CIniA@@QBEPBDXZ
CmRealloc
CmLoadIconA
?Clear@CIniW@@QAEXXZ
?GPPB@CIniA@@QBEHPBD0H@Z
?SetRegPath@CIniA@@QAEXPBD@Z
CmAtolA
?SetSection@CIniA@@QAEXPBD@Z
?SetEntry@CIniA@@QAEXPBD@Z
??0CIniW@@QAE@PAUHINSTANCE__@@PBG111@Z
CmStrrchrW
CmStrCpyAllocA
WzToSz
CmWinHelp
CmStripPathAndExtW
?GetHInst@CIniA@@QBEPAUHINSTANCE__@@XZ
?SetICSDataPath@CIniA@@QAEXPBD@Z
CmLoadImageW
?CIni_SetFile@CIniA@@KGXPAPADPBD@Z
?GetSection@CIniA@@QBEPBDXZ
?SetPrimaryRegPath@CIniA@@QAEXPBD@Z
ReleaseBold
?SetPrimaryFile@CIniW@@QAEXPBG@Z

netapi32

DsRoleDemoteDc
DsRoleGetDcOperationResults
NetpNetBiosStatusToApiStatus
I_NetServerReqChallenge
DsGetDcNextA
NetValidateName
NetServiceInstall
NetConnectionEnum
NetUserDel
NetGetJoinInformation
NetapipBufferAllocate
NetWkstaTransportAdd
NetMessageNameAdd
NetWkstaTransportDel
NetGroupAddUser
I_NetLogonSendToSam
NetSetPrimaryComputerName
I_NetLogonSamLogon
I_NetlogonComputeClientDigest
NetDfsRemoveStdRoot
NetReplImportDirAdd
NetUseAdd
DsGetSiteNameA
RxNetAccessEnum
NetpGetFileSecurity
NetUnjoinDomain
DsRoleAbortDownlevelServerUpgrade
DsValidateSubnetNameA
NetpDbgPrint
NetGroupSetUsers
RxNetAccessDel
I_NetServerPasswordSet2

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33367578ec43813c122e8247c5f18455

Headers

DLL Characteristics

File Characteristics

Imports

msvcirt

kernel32

psbase

msdart

cmutil

netapi32

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 59KB - Virtual size: 179KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 364B

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 59KB - Virtual size: 179KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 364B