c10d081396b4fbd5808ad1b5339dcd03_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c10d081396b4fbd5808ad1b5339dcd03_JaffaCakes118
Size

826KB
MD5

c10d081396b4fbd5808ad1b5339dcd03
SHA1

cd451e50ed51b3c1f614402a37dadb1d0e2b009b
SHA256

747c6ede2a745550d238f5bd73664692bc011693f7f37a9729d53937b1ef7d7e
SHA512

98d821969dbc8ded007774816b6d063da7abae1ebe8e9dcfe1151da7c2b52c96385cf0de7db179efeefb4890ea623d679e5a1127f5ff717a1624cd813dabc878
SSDEEP

24576:IjqqDlRsimQ5KN90rC0p1skxra5D8OuArr:IdDlR4N9msqrm8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c10d081396b4fbd5808ad1b5339dcd03_JaffaCakes118

Files

c10d081396b4fbd5808ad1b5339dcd03_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a8acda9fc8d27e8a3557a2bcea56faf2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SignalObjectAndWait
VirtualAlloc
WaitForMultipleObjects
GetTempFileNameW
RaiseException
lstrcmpiA
CreateToolhelp32Snapshot
FindVolumeMountPointClose
SetFileApisToANSI
VDMOperationStarted
PrivMoveFileIdentityW
WriteConsoleInputA
FindResourceExA
GetSystemWindowsDirectoryW
FindCloseChangeNotification
UnregisterWaitEx
WritePrivateProfileStringW
SetCalendarInfoW
SetFileShortNameA
DeleteTimerQueue
GetTapeStatus
LocalFlags
GetModuleHandleA
WriteConsoleOutputCharacterA
SetComputerNameExA
ContinueDebugEvent
EndUpdateResourceA
GetVolumeInformationW
Thread32First
WriteProfileStringW
LoadLibraryA
GetCompressedFileSizeW
InitializeCriticalSection
AddAtomA
LocalAlloc
GetAtomNameA
GlobalSize
WriteConsoleInputW
QueryDosDeviceA
TlsGetValue
BuildCommDCBW
SetTimeZoneInformation
SetConsoleCP
GetCurrentDirectoryW
GetNamedPipeHandleStateA

adsldpc

SortAndRemoveDuplicateOIDs
FreeADsMem
LdapCompareExt
LdapTypeToAdsTypeDNWithString
LdapFirstEntry
ADSICloseDSObject
ADsSetSearchPreference
LdapNextEntry
LdapcKeepHandleAround
?SetFSlashDisabler@CLexer@@QAEXH@Z
LdapCacheAddRef
LdapOpenObject
BerBvFree
LdapGetDn
GetSyntaxOfAttribute
ADSIOpenDSObject
ADsWriteClassDefinition
ConvertSidToString
BuildLDAPPathFromADsPath
ReallocADsMem
ADsCreateAttributeDefinition
LdapValueFree
ADSIFreeColumn
ReadSecurityDescriptorControlType
AllocADsMem
LdapModifyS
?SetAtDisabler@CLexer@@QAEXH@Z
ADsHelperGetCurrentRowMessage
GetDisplayName
ReadServerSupportsIsADControl
BuildLDAPPathFromADsPath2
LdapGetValues
LdapSearchInitPage
ADsGetNextColumnName
FreeObjectInfo

clbcatq

CheckMemoryGates
DllCanUnloadNow
GetComputerObject
CLSIDFromStringByBitness
ActivatorUpdateForIsRouterChanges
SetSetupOpen
UpdateFromComponentChange
DllGetClassObject
ComPlusMigrate
GetCatalogObject
InprocServer32FromString
DowngradeAPL
UpdateFromAppChange
GetCatalogObject2
DllUnregisterServer
OpenComponentLibraryOnMemEx
SetupOpen
ServerGetApplicationType
OpenComponentLibraryOnStreamEx
DllRegisterServer
DeleteAllActivatorsForClsid
GetSimpleTableDispenser
SetSetupSave
CreateComponentLibraryEx
CoRegCleanup
OpenComponentLibraryEx
SetupSave

mswsock

NPLoadNameSpaces
GetTypeByNameA
GetNameByTypeA
EnumProtocolsW
rcmd
GetServiceW
GetTypeByNameW
getnetbyname
GetAddressByNameW
SetServiceA
StopWsdpService
rresvport
NSPStartup
EnumProtocolsA
SetServiceW
dn_expand
WSPStartup
MigrateWinsockConfiguration
AcceptEx
GetServiceA
sethostname
GetNameByTypeW
rexec
WSARecvEx
GetAcceptExSockaddrs
GetAddressByNameA
inet_network
TransmitFile
StartWsdpService
s_perror

duser

GetDebug
WaitMessageEx
GetMessageExA
UtilBuildFont
GetActionTimeslice
SetGadgetFillF
SetActionTimeslice
BuildInterpolation
RegisterGadgetMessage
SetGadgetRotation
IsInsideContext
GetGadgetMessageFilter
ForwardGadgetMessage
RegisterGadgetProperty
GetMessageExW
DUserInstanceOf
CreateGadget
EnumGadgets
GetStdColorPenF
SetGadgetOrder
GetGadgetSize
GetGadgetRgn
GetGadgetFocus
SetGadgetFocus
GetGadgetBufferInfo
DUserGetScalePRID
RemoveGadgetProperty
FindGadgetFromPoint
GetStdColorName
DUserCastClass
SetGadgetProperty
AddGadgetMessageHandler
DUserBuildGadget
SetGadgetFillI
SetGadgetCenterPoint
SetGadgetStyle
DUserRegisterGuts
GetStdColorI
DUserGetRotatePRID
RemoveGadgetMessageHandler
DUserGetGutsData
DUserCastDirect
GetGadget
InvalidateGadget

expsrv

GetMem1
rtcSpaceVar
__vbaRedimVar2
__vbaError
__vbaFpI2
__vbaFileLock
__vbaVarTextCmpLe
__vbaVarMove
__vbaAryDestruct
rtcRgb
__vbaRedimVar
Zombie_GetTypeInfoCount
__vbaStrFixstr
__vbaNextEachCollObj
__vbaVarCmpGt
__vbaRefVarAry
rtcSaveSetting
rtcMidCharVar
rtcVarDateFromVar
__vbaVargUnkAddref
__vbaDateStr
GetMemObj
rtcInputCharCountVar
__vbaLateMemNamedCall
__vbaHresultCheckObj

msvcp60

??1?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
?copyfmt@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEAAV12@ABV12@@Z
?date_order@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBEHXZ
??4?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$codecvt@GDH@std@@UAE@XZ
?do_hash@?$collate@G@std@@MBEJPBG0@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
_Exp
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAN@Z
??_7?$basic_ifstream@GU?$char_traits@G@std@@@std@@6B@
??1_Winit@std@@QAE@XZ
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?do_thousands_sep@?$numpunct@D@std@@MBEDXZ
?is_open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
?truename@?$numpunct@G@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??Zstd@@YAAAV?$complex@O@0@AAV10@ABV10@@Z
?infinity@?$numeric_limits@O@std@@SAOXZ
?_Psum@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPAGPAGI@Z
_LExp
??8std@@YA_NABV?$complex@M@0@ABM@Z
??_F?$complex@N@std@@QAEXXZ
?eq@?$char_traits@G@std@@SA_NABG0@Z
?pow@std@@YA?AV?$complex@N@1@ABV21@ABN@Z
?_Init@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
?_Init@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z

ntdll

RtlRaiseStatus
NtFlushWriteBuffer
RtlRemoveVectoredExceptionHandler
RtlAllocateHandle
sqrt
RtlQueryDepthSList
NtNotifyChangeMultipleKeys
ZwOpenFile
RtlIsActivationContextActive
RtlStringFromGUID
NtSystemDebugControl
RtlInitializeBitMap
RtlSplay
NtSaveKey
RtlDowncaseUnicodeChar
RtlCheckRegistryKey
NtSetDefaultUILanguage
RtlAbortRXact
RtlConvertToAutoInheritSecurityObject
RtlGetElementGenericTable
ZwOpenTimer
strcat
RtlIdentifierAuthoritySid
NtQuerySystemEnvironmentValueEx
NtCreateToken
NtQueryInformationFile
RtlGetLastNtStatus
RtlZeroHeap
RtlUpcaseUnicodeStringToAnsiString

msvcrt40

wcsftime
_wfullpath
??_Gistrstream@@UAEPAXI@Z
_strncoll
_chdrive
_XcptFilter
??_Eistream@@UAEPAXI@Z
??6ostream@@QAEAAV0@F@Z
_atodbl
?sync@streambuf@@UAEHXZ
strtod
_chmod
mbtowc
?lockbuf@ios@@QAAXXZ
strxfrm
?sh_read@filebuf@@2HB
?osfx@ostream@@QAEXXZ
_wsplitpath
?is_open@ofstream@@QBEHXZ
_cprintf
_CIcosh
memcpy
_fdopen
??5istream@@QAEAAV0@AAF@Z
acos
floor

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 722KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8acda9fc8d27e8a3557a2bcea56faf2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

adsldpc

clbcatq

mswsock

duser

expsrv

msvcp60

ntdll

msvcrt40

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 72KB - Virtual size: 72KB

.data Size: 722KB - Virtual size: 2.0MB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 328B

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 722KB - Virtual size: 2.0MB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 328B