b63008977c207dee6cab4007443e707d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b63008977c207dee6cab4007443e707d_JaffaCakes118
Size

509KB
MD5

b63008977c207dee6cab4007443e707d
SHA1

fdd8ad86bf1461f21e883bad6e35dd344ac026d9
SHA256

92d4a116c319c1aa09f3325c40eb8d1ab874fb06415483d0e9a5d1c6f1ed87b5
SHA512

e118e737cbba47e04dcfb6dcb6488f273c5bd146f6b70d21bac0a66a19be61bbd49710a43bbf5eeffe60cabd2ff10b59f35878cd8ace784ff528c1a95e9c6c81
SSDEEP

12288:s/f/4Rxm5uyyKQ9lZlYAhdc4W/f5lZR09MGCR1YokC0F:ifwrmnQ9lXn3DDi9R75u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b63008977c207dee6cab4007443e707d_JaffaCakes118

Files

b63008977c207dee6cab4007443e707d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

97c222081f80adb0d7edc50092db6eb0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSARecvEx
getnetbyname
getservbyport
WSACleanup
rcmd
SetServiceA
socket
GetAddressByNameW
gethostbyname
shutdown
ioctlsocket
EnumProtocolsW
GetAddressByNameA
WSAAsyncGetServByName
gethostname
WSASetLastError
GetNameByTypeA
htonl
GetNameByTypeW
rresvport
WSAAsyncGetHostByAddr
WSAAsyncSelect
WSAAsyncGetProtoByName
WSApSetPostRoutine
connect
getpeername
select
send
inet_ntoa
sendto
rexec
getservbyname
EnumProtocolsA
WSAGetLastError
closesocket
GetServiceA
WSACancelAsyncRequest
WSAIsBlocking
bind
inet_network
htons
NPLoadNameSpaces
s_perror

scecli

SceGetScpProfileDescription
SceDcPromoteSecurity
SceSvcGetInformationTemplate
DeltaNotify
SceAddToNameList
SceGetDatabaseSetting
SceSysPrep
SceRollbackTransaction
SceIsSystemDatabase
SceSetDatabaseSetting
SceStartTransaction
SceDcPromoCreateGPOsInSysvolEx
SceSetupUnwindSecurityFile
SceGetTimeStamp
SceSetupGenerateTemplate
SceEnforceSecurityPolicyPropagation
SceOpenPolicy
SceNotifyPolicyDelta
SceUpdateObjectInfo
SceSetupConfigureServices
SceConfigureSystem
SceSvcSetInformationTemplate
SceGetObjectSecurity
InitializeChangeNotify
SceFreeProfileMemory
SceDcPromoCreateGPOsInSysvol
SceSvcUpdateInfo
SceCompareSecurityDescriptors
SceAnalyzeSystem
SceSetupRootSecurity
SceProcessSecurityPolicyGPO
SceSvcConvertTextToSD
SceAddToNameStatusList
SceGenerateRollback
SceDcPromoteSecurityEx
SceGetAreas
SceRegisterRegValues
DllRegisterServer

authz

AuthzAddSidsToContext
AuthziInitializeAuditQueue
AuthziInitializeAuditParamsWithRM
AuthzFreeAuditEvent
AuthziLogAuditEvent
AuthzInitializeContextFromToken
AuthziFreeAuditQueue
AuthzInitializeContextFromAuthzContext
AuthzFreeHandle
AuthzInitializeResourceManager
AuthzInitializeContextFromSid
AuthziAllocateAuditParams
AuthzInitializeObjectAccessAuditEvent
AuthzCachedAccessCheck
AuthziModifyAuditEvent
AuthziFreeAuditParams
AuthzFreeResourceManager
AuthziModifyAuditQueue
AuthzFreeContext
AuthziModifyAuditEventType
AuthzOpenObjectAudit
AuthziInitializeAuditParamsFromArray
AuthzGetInformationFromContext
AuthzAccessCheck
AuthziInitializeAuditEvent
AuthziInitializeAuditParams

mfcsubs

?FormatMessageW@CString@@QAAXPBGZZ
??H@YG?AVCString@@ABV0@PBG@Z
??0CString@@QAE@PBG@Z
?LookupKey@CMapStringToPtr@@QBEHPBGAAPBG@Z
?Copy@CStringArray@@QAEXABV1@@Z
??0CObject@@IAE@XZ
?FormatMessageW@CString@@QAAXIZZ
?Compare@CString@@QBEHPBG@Z
?MakeLower@CString@@QAEXXZ
?Collate@CString@@QBEHPBG@Z
?FormatV@CString@@IAEXPBGPAD@Z
?GetCount@CMapStringToPtr@@QBEHXZ
??ACStringArray@@QAEAAVCString@@H@Z
??4CString@@QAEABV0@ABV0@@Z
?IsEmpty@CMapStringToPtr@@QBEHXZ
??1CString@@QAE@XZ
?Add@CStringArray@@QAEHPBG@Z
?Release@CString@@IAEXXZ
??H@YG?AVCString@@DABV0@@Z
?Create@CPlex@@SGPAU1@AAPAU1@II@Z
?AllocBeforeWrite@CString@@IAEXH@Z
??YCString@@QAEABV0@G@Z
?MakeUpper@CString@@QAEXXZ
?FindOneOf@CString@@QBEHPBG@Z
??_FCMapStringToPtr@@QAEXXZ
?LoadStringW@CString@@QAEHI@Z
??0CStringArray@@QAE@XZ
?InitHashTable@CMapStringToPtr@@QAEXIH@Z
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
?RemoveAll@CMapStringToPtr@@QAEXXZ
?GetData@CStringArray@@QBEPBVCString@@XZ
??O@YG_NPBGABVCString@@@Z
??0CString@@QAE@PBD@Z
?Right@CString@@QBE?AV1@H@Z
??H@YG?AVCString@@ABV0@0@Z
??H@YG?AVCString@@ABV0@D@Z
??0CSyncObject@@QAE@PBG@Z
?Mid@CString@@QBE?AV1@H@Z
?UnlockBuffer@CString@@QAEXXZ
??4CString@@QAEABV0@PBE@Z
?Mid@CString@@QBE?AV1@HH@Z
??0CString@@QAE@PBGH@Z
?GetAt@CStringArray@@QBE?AVCString@@H@Z
?SpanIncluding@CString@@QBE?AV1@PBG@Z

hhsetup

?SetPath@CLocation@@QAEXPBD@Z
?GetMasterCHM@CCollection@@QAEHPAPADPAG@Z
??1CLocation@@QAE@XZ
?SetNextLocation@CLocation@@QAEXPAV1@@Z
?Close@CCollection@@QAEKXZ
??1CTitle@@QAE@XZ
??0CFIFOString@@QAE@XZ
?AddLocation@CCollection@@QAEPAVCLocation@@PBG000PAK@Z
?SetVersion@CCollection@@QAEXK@Z
?GetCollectionFileName@CCollection@@QAEPBDXZ
?IncrementRefTitleCount@CCollection@@QAEXXZ
??0CFolder@@QAE@XZ
?SetOrder@CFolder@@QAEXK@Z
?GetFirstTitle@CCollection@@QAEPAVCTitle@@XZ
?NewTitle@CCollection@@AAEPAVCTitle@@XZ
?SetTitle@CFolder@@QAEXPBG@Z
?SetSampleLocation@CCollection@@QAEXPBG@Z
?SetTitle@CLocation@@QAEXPBG@Z
?SetMasterCHM@CCollection@@QAEXPBGG@Z
?GetLocation@CTitle@@QAEPAULocationHistory@@K@Z
?GetNextTitle@CTitle@@QAEPAV1@XZ
?AddChildFolder@CFolder@@QAEKPAV1@@Z
?SetSampleLocation@CCollection@@QAEXPBD@Z
?Add@CPointerList@@QAEPAUListItem@@PAX@Z
?IsDirty@CCollection@@QAEHXZ
?SetLanguage@CFolder@@QAEXG@Z
?GetVersion@CCollection@@QAEKXZ
?SetTitle@CFolder@@QAEXPBD@Z
?AddLocationHistory@CTitle@@QAEKKPBG00PBVCLocation@@00H@Z
?GetCollectionFileNameW@CCollection@@QAEPBGXZ
?GetTitleW@CFolder@@QAEPBGXZ
??4CFIFOString@@QAEAAV0@ABV0@@Z
?GetIdW@CLocation@@QAEPBGXZ
?RemoveAll@CFIFOString@@QAEXXZ
?GetId@CTitle@@QAEPADXZ

glmf32

__glsString_assign
glsDataPointer
glsGetCommandFunc
glsLongHigh
glsCaptureFunc
glsBeginGLS
glsGetGLRCi
glsBeginObj
glsIsContext
glsDeleteContext
glsComment
glsNums
glsULongHigh
glsNumfv
glsNumul
__glsString_init
glsGetLayeri
glsGetCommandAlignment
glsUTF8toUCSz
glsGetStreamType
glsULongLow
glsNumsv
glsGetConsti
glsNuml
__glsParser_create
glsChannel
glsNullCommandFunc
glsEnumString
glsGLRC
glsGetAllContexts
glsHeaderi
glsGenContext
glsUTF8toUCS4z
glsUCS4toUTF8z
glsRequireExtension
glsNumusv
glsBeginCapture
glsReadPrefix
glsCommandAPI
glsReadFunc
glsHeaderGLRCi
glsCharubz

kernel32

EnumSystemLocalesA
FindResourceW
FreeLibraryAndExitThread
QueryActCtxW
FindNextVolumeW
CreateMutexA
GetConsoleCursorMode
SetErrorMode
FindFirstVolumeMountPointW
GetConsoleAliasExesA
RtlZeroMemory
SetClientTimeZoneInformation
WaitForMultipleObjectsEx
TlsAlloc
SetFileTime
CloseProfileUserMapping
ScrollConsoleScreenBufferW
EnumResourceLanguagesW
HeapAlloc
ReadConsoleInputExW
EnumCalendarInfoW
UnlockFileEx
GetStringTypeExW
InterlockedFlushSList
GetCompressedFileSizeW
HeapCreate
GetUserDefaultLangID
SetLocalPrimaryComputerNameA
GetVolumeNameForVolumeMountPointW
IsBadWritePtr
IsBadCodePtr
GetSystemTimeAdjustment
OpenProcess
ConsoleMenuControl
WritePrivateProfileStructA
WaitForSingleObjectEx
CompareStringW
DebugBreak
BuildCommDCBAndTimeoutsA
GetBinaryTypeA
WriteConsoleOutputCharacterW
LocalUnlock
GlobalSize
DefineDosDeviceW
WriteFileEx
CompareStringA
AddRefActCtx
ReadConsoleInputA
SetSystemTimeAdjustment
FindNextVolumeA
FindNextFileA
SetUnhandledExceptionFilter
TransactNamedPipe
_lclose
GetConsoleFontSize
BaseDumpAppcompatCache
GetProcessAffinityMask
GetConsoleProcessList
EscapeCommFunction
SetCurrentDirectoryW
ReadDirectoryChangesW
GetTickCount
EnumTimeFormatsA
VerLanguageNameA
LoadLibraryA
UnmapViewOfFile
FreeEnvironmentStringsA
EnumResourceLanguagesA
FindFirstFileExA
CompareFileTime
CreateTapePartition
GetNumberOfConsoleInputEvents
WaitNamedPipeA
GetUserDefaultUILanguage
CreateEventW
GetSystemWow64DirectoryW
SuspendThread
VirtualAlloc
GetLocaleInfoA
AddAtomA
EnumSystemLanguageGroupsA
GetConsoleAliasA
SetCommMask
FindFirstChangeNotificationW
GetProcessVersion
RegisterConsoleIME
GetConsoleInputWaitHandle
Module32Next
ClearCommError
GetSystemTimeAsFileTime
WriteFile
CreateTimerQueue
WriteTapemark
SetConsoleNumberOfCommandsA
SwitchToFiber

gdi32

LineTo
GetTextExtentPoint32A
DPtoLP
GdiSetLastError
SetStretchBltMode
EngBitBlt
CheckColorsInGamut
AnimatePalette
EngLineTo
STROBJ_bEnumPositionsOnly
EngStrokePath
StartDocW
TextOutW
GetTextExtentPoint32W
ColorMatchToTarget
CreateFontIndirectW
GdiCreateLocalMetaFilePict
GetCharWidthFloatA
EngGradientFill
DdEntry42
CreatePatternBrush
BRUSHOBJ_hGetColorTransform
GetTextColor
SetViewportOrgEx
EnableEUDC
SetROP2
GdiEntry11
DdEntry24
GetNearestColor
GdiFlush
SwapBuffers
GdiGetSpoolFileHandle
GdiEntry8

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 620KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97c222081f80adb0d7edc50092db6eb0

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

scecli

authz

mfcsubs

hhsetup

glmf32

kernel32

gdi32

Sections

.text Size: 91KB - Virtual size: 90KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 620KB - Virtual size: 2.0MB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 300B

.text
Size: 91KB - Virtual size: 90KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 620KB - Virtual size: 2.0MB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 300B