c117486815f7a7c84927c86bc5730665_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c117486815f7a7c84927c86bc5730665_JaffaCakes118
Size

827KB
MD5

c117486815f7a7c84927c86bc5730665
SHA1

7b18d8d214d7701b468741c75baafedaa27ffeb9
SHA256

a491edc2667fdcf6a5117c1c6e0cbbc09581929e5b17949e468c8728b76c3c52
SHA512

f5ac71df2835fc0d918f484e10f37015300bd2a372bc0d9beefd4bda20f6e58395847f67671fbdafab953390319ff1ee6b47186542780aa90c124872749b7b0f
SSDEEP

12288:6choTNq1VAg87668D2ud/DDMaAhrnYJgR5+ho7gRKIL1HffJxULLTgWt6ig7W:nh9wXjaZZ8aA5JCKC3JSLLTVg7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c117486815f7a7c84927c86bc5730665_JaffaCakes118

Files

c117486815f7a7c84927c86bc5730665_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fcf88ad2e6fe7ebd854bf78f866ccf34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

DeleteColorSpace
SetBitmapBits
GdiSwapBuffers
ExtTextOutW
GdiEntry2
PlayEnhMetaFile
GetHFONT
GdiEndDocEMF
XLATEOBJ_iXlate
EngGetPrinterDataFileName
BRUSHOBJ_pvGetRbrush
GetEnhMetaFilePaletteEntries
PlayMetaFileRecord
GetTextExtentPoint32A
CreateFontA
GdiGetSpoolFileHandle
GetCharWidthW
CheckColorsInGamut
GdiGetDC
AnyLinkedFonts
GetRgnBox
EngAssociateSurface
GetViewportExtEx
StartFormPage
cGetTTFFromFOT
AddFontResourceA
GetDeviceGammaRamp
GetDCPenColor
PolyBezierTo
bMakePathNameW
GdiEntry11
DdEntry16
CreatePenIndirect
CreateDIBPatternBrush
ExtTextOutA
GdiAlphaBlend
SetDIBits
GdiDeleteLocalDC
GetSystemPaletteEntries
CreateDIBitmap
GdiSetPixelFormat
GdiDllInitialize
DdEntry0
GdiDeleteSpoolFileHandle
DdEntry10
CopyEnhMetaFileW
RemoveFontResourceTracking
GetFontUnicodeRanges
CreateBrushIndirect
GetTextFaceA
GetCharacterPlacementW
DdEntry6
GetICMProfileW
DdEntry30
GetBkColor
ExtSelectClipRgn
DdEntry48
DdEntry25
OffsetClipRgn
AddFontResourceExA
CreateICW
DdEntry34
SelectBrushLocal
FloodFill
GetCharABCWidthsI
GetTransform
GdiResetDCEMF
GdiGetLocalFont
SetBoundsRect
SetStretchBltMode
FlattenPath
RestoreDC
SetBitmapAttributes
CombineRgn
SetFontEnumeration
SetBrushOrgEx
STROBJ_vEnumStart
DescribePixelFormat
GdiQueryFonts
HT_Get8BPPMaskPalette
SetBkColor
GetEnhMetaFileW
SetWinMetaFileBits

dhcpsapi

DhcpSetClientInfo
DhcpServerBackupDatabase
DhcpRemoveSubnetElementV4
DhcpSetOptionInfo
DhcpScanDatabase
DhcpAuditLogSetParams
DhcpDeleteMScope
DhcpModifyClass
DhcpEnumMScopeClients
DhcpRemoveSubnetElement
DhcpEnumSubnetElementsV4
DhcpCreateOption
DhcpEnumSubnetElements
DhcpDsInit
DhcpServerSetConfigV4
DhcpCreateClientInfo
DhcpGetOptionValueV5
DhcpSetOptionInfoV5
DhcpEnumClasses
DhcpGetClientInfo
DhcpRemoveOptionV5
DhcpServerSetDnsRegCredentials
DhcpGetSubnetInfo
DhcpGetOptionInfoV5
DhcpEnumSubnetClientsV4
DhcpSetOptionValueV5
DhcpDeleteSuperScopeV4
DhcpEnumMScopes
DhcpSetClientInfoV4
DhcpServerQueryDnsRegCredentials
DhcpDsCleanup
DhcpRemoveOptionValue
DhcpCreateSubnet
DhcpDeleteSubnet
DhcpGetClientOptions
DhcpRemoveMScopeElement
DhcpCreateClientInfoV4
DhcpServerQueryAttribute
DhcpServerSetConfig

msdart

?_TryLock@CSpinLock@@AAE_NXZ
?IsWriteLocked@CReaderWriterLock2@@QBE_NXZ
?sm_dblDfltSpinAdjFctr@CSpinLock@@1NA
?IsReadUnlocked@CReaderWriterLock2@@QBE_NXZ
?IsReadLocked@CLKRHashTable@@QBE_NXZ
?sm_pfnTryEnterCriticalSection@CCriticalSection@@0P6GHPAU_RTL_CRITICAL_SECTION@@@ZA
?SetDefaultSpinCount@CReaderWriterLock3@@SGXG@Z
?ReadUnlock@CSpinLock@@QAEXXZ
?RemoveTail@CDoubleList@@QAEQAVCListEntry@@XZ
?WriteUnlock@CSpinLock@@QAEXXZ
?SetSpinCount@CSpinLock@@QAE_NG@Z
??0CLockedDoubleList@@QAE@XZ
?Pop@CSingleList@@QAEQAVCSingleListEntry@@XZ
?WriteLock@CReaderWriterLock2@@QAEXXZ
?ConvertExclusiveToShared@CLKRLinearHashTable@@QBEXXZ
?_InsertThisIntoGlobalList@CLKRHashTable@@AAEXXZ
?IsReadUnlocked@CLKRHashTable@@QBE_NXZ
?GetDefaultSpinCount@CReaderWriterLock2@@SGGXZ
?sm_pfnSetCriticalSectionSpinCount@CCriticalSection@@0P6GKPAU_RTL_CRITICAL_SECTION@@K@ZA
?ReadUnlock@CReaderWriterLock3@@QAEXXZ
?WriteLock@CReaderWriterLock3@@QAEXXZ
?ReadLock@CReaderWriterLock2@@QAEXXZ
?TryWriteLock@CReaderWriterLock3@@QAE_NXZ
MPInitializeCriticalSection
?SetSpinCount@CFakeLock@@QAE_NG@Z
?First@CDoubleList@@QBEQAVCListEntry@@XZ
?RemoveEntry@CDoubleList@@SGXQAVCListEntry@@@Z
?TryWriteLock@CSmallSpinLock@@QAE_NXZ
?_DeleteRecord@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@PBXK@Z
?ReadLock@CReaderWriterLock@@QAEXXZ
?DeleteIf@CLKRLinearHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1@Z
?ConvertSharedToExclusive@CSpinLock@@QAEXXZ
?CheckTable@CLKRHashTable@@QBEHXZ
?GetDefaultSpinCount@CSpinLock@@SGGXZ
?_EqualKeys@CLKRLinearHashTable@@ABE_NKK@Z
??4CMdVersionInfo@@QAEAAV0@ABV0@@Z
?IsReadUnlocked@CSmallSpinLock@@QBE_NXZ
?GetDefaultSpinCount@CCritSec@@SGGXZ
?ReadUnlock@CFakeLock@@QAEXXZ
?IsWriteLocked@CLKRHashTable@@QBE_NXZ
?DeleteRecord@CLKRLinearHashTable@@QAE?AW4LK_RETCODE@@PBX@Z
??4CCritSec@@QAEAAV0@ABV0@@Z
?IsWriteLocked@CSpinLock@@QBE_NXZ

ntdll

NtSetDefaultUILanguage
RtlAnsiCharToUnicodeChar
ZwQueryOpenSubKeys
NtExtendSection
NtReplyWaitReceivePortEx
ZwEnumerateValueKey
NtCreateDebugObject
LdrFindEntryForAddress
RtlRegisterWait
ZwRaiseException
NtImpersonateClientOfPort
NtQueryDebugFilterState
RtlFindLeastSignificantBit
NtUnloadKey
NtEnumerateKey
ZwQueryIoCompletion
RtlFormatMessage
RtlDosSearchPath_U
RtlIsTextUnicode
RtlInterlockedPopEntrySList
RtlDoesFileExists_U
RtlDnsHostNameToComputerName
RtlAbortRXact
RtlInitNlsTables
RtlMakeSelfRelativeSD
RtlDuplicateUnicodeString
RtlFindClearBitsAndSet
NtQueryDefaultLocale
ZwRemoveProcessDebug
RtlCreateUserThread
RtlSetHeapInformation
RtlGetGroupSecurityDescriptor
NtCreateProfile
LdrInitShimEngineDynamic
ZwUnlockVirtualMemory
RtlpUnWaitCriticalSection
RtlUniform
RtlLookupElementGenericTableAvl
RtlReAllocateHeap
log

msvcrt20

isspace
?getline@istream@@QAEAAV1@PACHD@Z
_mbsupr
calloc
?delbuf@ios@@QAEXH@Z
??_Gostream@@UAEPAXI@Z
_mbctombb
wctomb
_CIexp
_wputenv
__threadid
?setrwbuf@stdiobuf@@QAEHHH@Z
mblen
_umask
fscanf
_getche
?seekoff@stdiobuf@@UAEJJW4seek_dir@ios@@H@Z
_tzname
iscntrl
_wsopen
??5istream@@QAEAAV0@AAC@Z
??1ios@@UAE@XZ
_stricmp
wcscoll
??6ostream@@QAEAAV0@K@Z
time
?rdstate@ios@@QBEHXZ
_stat
_wfindnext
__p__commode
_fpieee_flt
_wexecve
_spawnlpe
??0strstream@@QAE@PADHH@Z
??5istream@@QAEAAV0@PAD@Z
_swab
_fcvt
_wexecl
_ismbcprint
wcscat

shlwapi

UrlGetLocationW
PathUnExpandEnvStringsA
PathCompactPathExW
PathSearchAndQualifyW
SHRegSetPathW
PathBuildRootW
StrCatW
DelayLoadFailureHook
AssocQueryStringA
PathRemoveArgsW
UrlIsOpaqueW
PathUnquoteSpacesA
StrChrA
UrlIsA
SHRegSetUSValueA
StrCatBuffW
SHGetValueA
SHAutoComplete
SHRegQueryInfoUSKeyA
ChrCmpIA
StrCmpLogicalW
StrRStrIA
PathRemoveBlanksA
StrToIntW
PathCompactPathW
StrFormatByteSize64A
PathSetDlgItemPathA
PathIsContentTypeW
StrDupA
PathSearchAndQualifyA
SHRegGetBoolUSValueW
PathIsRelativeW
PathIsUNCServerShareW
StrCSpnIA
PathIsRootA
PathStripToRootA
PathRelativePathToA
StrStrW
SHRegEnumUSValueW

kernel32

GetUserDefaultLangID
SetConsoleMaximumWindowSize
OpenJobObjectA
GetPrivateProfileSectionNamesA
WriteConsoleOutputAttribute
GetCommConfig
CreateSemaphoreW
RegisterConsoleIME
RemoveDirectoryA
WriteConsoleOutputCharacterA
OpenThread
ReadFileEx
GetPrivateProfileStructW
SetComputerNameExA
SetMailslotInfo
WideCharToMultiByte
FindFirstFileExW
GetModuleHandleA
GetConsoleAliasExesW
LoadLibraryA
GetNextVDMCommand
RegisterConsoleOS2
SetComputerNameA
LeaveCriticalSection
GetLocaleInfoW
SetConsolePalette
lstrlen
MapUserPhysicalPages
EnumSystemCodePagesW
SetConsoleKeyShortcuts
GetModuleFileNameA
SetThreadExecutionState
SetVolumeLabelA
GetCommTimeouts
AddVectoredExceptionHandler
GetDateFormatA
EnumLanguageGroupLocalesA
GetShortPathNameW
HeapSummary
VirtualAlloc
GetVolumePathNamesForVolumeNameA
RemoveDirectoryW
CreateFiber
lstrcmpiW
CreateNamedPipeA
SetPriorityClass
UpdateResourceA
EnumUILanguagesA

user32

MessageBoxTimeoutA
GetCursor
RegisterUserApiHook
IsCharAlphaNumericA
DestroyWindow
DdeSetUserHandle
DrawCaptionTempA
DdeAccessData
GetKeyNameTextA
RegisterClipboardFormatW
GetWindowInfo
SetSysColors
OpenIcon
DrawIconEx
GetMenuItemInfoW
SendMessageW
DdeFreeStringHandle
GetMessageA
DefWindowProcA
RegisterDeviceNotificationW
GetTabbedTextExtentW
SetMenuInfo
CreateCaret
RecordShutdownReason
CharUpperBuffA
SendIMEMessageExA
wsprintfA
GetRawInputBuffer
ShowWindowAsync

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 690KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcf88ad2e6fe7ebd854bf78f866ccf34

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

dhcpsapi

msdart

ntdll

msvcrt20

shlwapi

kernel32

user32

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 690KB - Virtual size: 2.0MB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 344B

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 690KB - Virtual size: 2.0MB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 344B