b4feebdc48f7ddd54af1c265c8697319_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b4feebdc48f7ddd54af1c265c8697319_JaffaCakes118
Size

825KB
MD5

b4feebdc48f7ddd54af1c265c8697319
SHA1

a50f2f84f7f49238579ac29dad9fd84810c5f414
SHA256

f98c5bc6e4bae271d3addf1cf109caa8977f28b86922b49880f9c10a90655b9e
SHA512

fbd7fe9f5475f45df6efe2c170ee9956c3f51006962f0f7e210faaa47cc8c99da75ed4aba612d8c3f9f5836e7bdef6e9b261698e059858e066d2ecb54e63e159
SSDEEP

12288:KAuTECnsiA/N4NuopT+2BumFczdyqLsr0EqdqSfcCpRU0nrIcpVXlaS1mSLWo+G+:xwEQAEuoMyqLsWdbfr3/1ayNLWOt4b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4feebdc48f7ddd54af1c265c8697319_JaffaCakes118

Files

b4feebdc48f7ddd54af1c265c8697319_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4c5b1c6720a85b1a0aea6cacbe5aa98e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mshtml

MatchExactGetIDsOfNames
ShowHTMLDialogEx
PrintHTML
ShowHTMLDialog
CreateHTMLPropertyPage
DllEnumClassObjects
DllCanUnloadNow
RunHTMLApplication
ShowModelessHTMLDialog
DllGetClassObject
ShowModalDialog

dnsapi

DnsQuery_UTF8
DnsQuery_A
Dns_WriteDottedNameToPacket
DnsNotifyResolver
DnsValidateName_A
DnsModifyRecordsInSet_W
DnsValidateName_W
DnsQueryExUTF8
Dns_ReadRecordStructureFromPacket
Dns_WriteRecordStructureToPacketEx
DnsMapRcodeToStatus
Dns_SkipToRecord
DnsAllocateRecord
DnsFlushResolverCacheEntry_A
Dns_UpdateLibEx
DnsValidateName_UTF8
DnsFreeConfigStructure
DnsNameCompareEx_W
Dns_ReadPacketName
Dns_InitializeMsgRemoteSockaddr
DnsQuery_W
DnsIsAMailboxType
DnsNameCompare_W
DnsModifyRecordsInSet_A
DnsIsStatusRcode
DnsDhcpSrvRegisterTerm
NetInfo_IsForUpdate
DnsUpdateTest_W
Dns_UpdateLib
DnsDhcpSrvRegisterHostName
DnsCopyStringEx
Dns_GetRandomXid
DnsIpv6StringToAddress
DnsRecordStringForType
DnsRecordSetCompare
DnsDhcpSrvRegisterInitialize
DnsExtractRecordsFromMessage_UTF8
DnsGetPrimaryDomainName_A
Dns_CreateSocketEx
DnsUpdate
Dns_CleanupWinsock
DnsRecordTypeForName

msvcrt40

??1ostrstream@@UAE@XZ
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??_Elogic_error@@UAEPAXI@Z
_safe_fdivr
wcschr
_mbbtype
??4iostream@@IAEAAV0@PAVstreambuf@@@Z
fflush
bsearch
??5istream@@QAEAAV0@AAI@Z
??_8stdiostream@@7Bostream@@@
??_Estrstreambuf@@UAEPAXI@Z
??_Gistream@@UAEPAXI@Z
_mbsnicoll
asctime
_mbsupr
??6ostream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
_mbsspn
??_E__non_rtti_object@@UAEPAXI@Z
sscanf
__STRINGTOLD
_ismbcsymbol
??_Gifstream@@UAEPAXI@Z
perror
??0fstream@@QAE@PBDHH@Z
_mbsinc
_swab
_CIfmod
iswpunct
??0Iostream_init@@QAE@XZ
remove
?rdstate@ios@@QBEHXZ
?width@ios@@QAEHH@Z
__p__fmode
?endl@@YAAAVostream@@AAV1@@Z
?sgetc@streambuf@@QAEHXZ
fwrite

kernel32

ReadConsoleOutputA
GetNamedPipeInfo
Toolhelp32ReadProcessMemory
GetEnvironmentStrings
VerSetConditionMask
LoadResource
SearchPathW
GetHandleInformation
TlsGetValue
FreeEnvironmentStringsA
GetCurrentThreadId
SetFilePointerEx
GetCommandLineW
SetFileAttributesW
GlobalAlloc
ContinueDebugEvent
GetProfileStringA
GetStdHandle
WritePrivateProfileStructA
RegisterWaitForSingleObjectEx
LoadLibraryA
GenerateConsoleCtrlEvent
SetConsoleNumberOfCommandsW
GetConsoleAliasA
FatalAppExitA
lstrcpynA
GetConsoleAliasExesLengthW
SetCommBreak
SetConsoleMode
FindNextChangeNotification
GetLongPathNameA
EscapeCommFunction
SetEndOfFile
OpenEventW
IsBadHugeReadPtr
CommConfigDialogA
CallNamedPipeA
PulseEvent
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
EnumResourceTypesW
SetFileApisToANSI
RaiseException
WritePrivateProfileStructW
GetConsoleCursorMode
ExpandEnvironmentStringsW
GetSystemDirectoryW
SetConsoleWindowInfo
VirtualAlloc
ReadConsoleOutputCharacterA
GetFileAttributesA
GetCommState
GetCurrentProcessId
GetConsoleInputExeNameA
QueryInformationJobObject
GetTempPathA
FlushConsoleInputBuffer
FindFirstVolumeMountPointW
FlushViewOfFile
GetConsoleAliasesA
GetAtomNameA

sqlunirl

_WriteProfileSection_@8
_FindResourceEx_@16
_SetDlgItemText@12
_SendDlgItemMessage@20
_GetCharABCWidthsFloat_@16
_LookupPrivilegeValue_@12
_GetTempFileName_@16
_GetComputerName@8
_tsystem
_CreatePropertySheetPage_@4
_SetWindowsHook_@8
_RegEnumKey_@16
_ttof
_OutputDebugString_@4
_UnregisterClass_@8
_GlobalFindAtom_@4
_GetDlgItemText@16
__lopen_@8
_SetFileAttributes_@8
_GetProp@8
_GetShortPathName_@12
newMultiByteFromWideCharSize
_GetTabbedTextExtent_@20
_RemoveFontResource_@4
_EnumWindowStations_@8
_LoadBitmap@8
_SHBrowseForFolder_@4
_IsCharUpper_@4
_NDdeSetShareSecurity_@16
_EnumDependentServices_@24
_SendNotifyMessage_@16
_GetProfileString_@20
_CreateFontIndirect@4
_DragQueryFile_@16
_CharToOemBuff_@12
_lstrcpyn_@12
_CopyAcceleratorTable_@12
_GetEnvironmentStrings_@4
_GetCurrentHwProfile_@4
_GetPrivateProfileInt_@16
_ChangeMenu_@20

ntdll

ZwAddBootEntry
ZwSetHighEventPair
ZwAlertThread
PfxInsertPrefix
ZwRequestPort
NtAddBootEntry
NtPrivilegedServiceAuditAlarm
RtlTraceDatabaseCreate
ZwRegisterThreadTerminatePort
strcspn
RtlFindClearBits
RtlFreeHeap
RtlIsTextUnicode
RtlLargeIntegerToChar
RtlTraceDatabaseEnumerate
RtlEnumerateGenericTableWithoutSplayingAvl
wcscpy
RtlLookupAtomInAtomTable
RtlIsDosDeviceName_U
RtlInitializeSid
RtlCreateProcessParameters
atol
isprint
_chkstk
NtQueryEvent
RtlSetTimer
RtlAddAuditAccessAce
ZwRaiseException
NtCancelIoFile
ZwCompareTokens
PfxInitialize
RtlFindClearRuns
RtlTryEnterCriticalSection
DbgUiConvertStateChangeStructure
ZwClose
NtQueryQuotaInformationFile
RtlDeleteSecurityObject
NtGetDevicePowerState
RtlAddAce
RtlUnicodeStringToOemString
ZwSetSystemInformation
RtlInitializeSListHead
RtlIpv6StringToAddressA
NtOpenProcessTokenEx
ZwSetLowWaitHighEventPair

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 573KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c5b1c6720a85b1a0aea6cacbe5aa98e

Headers

DLL Characteristics

File Characteristics

Imports

mshtml

dnsapi

msvcrt40

kernel32

sqlunirl

ntdll

Sections

.text Size: 118KB - Virtual size: 118KB

.rdata Size: 125KB - Virtual size: 125KB

.data Size: 573KB - Virtual size: 1.9MB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 384B

.text
Size: 118KB - Virtual size: 118KB

.rdata
Size: 125KB - Virtual size: 125KB

.data
Size: 573KB - Virtual size: 1.9MB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 384B