c28708a73e3e9999b08aeb37e7f3f90d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c28708a73e3e9999b08aeb37e7f3f90d_JaffaCakes118
Size

153KB
MD5

c28708a73e3e9999b08aeb37e7f3f90d
SHA1

9659a8e10e4251c8bbca4bdb6ffccd0c6c4058dd
SHA256

4c34ed715a30719d59e70416469fb4808354edf0e15c325a4896b61f8a43dfee
SHA512

f28b163dc340bfe46440ff9f7ac52691640293df07fd0e421e8c1217d84589ac82b60f84c7db56b0a8bb517798ecf8e243ccb1e5b302594a6f3795d8a99bb4e0
SSDEEP

3072:TKPKjZTLGUd+hz8GEHAuF5dCfhSLiDKAQpO5TZRIK0kvGBtsR:T512y6gGeAMPGaAQpO5PJvb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c28708a73e3e9999b08aeb37e7f3f90d_JaffaCakes118

Files

c28708a73e3e9999b08aeb37e7f3f90d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

384fcbe878a3711d6def9498e536536b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt20

??4ostream_withassign@@QAEAAVostream@@ABV1@@Z
strncmp
fputws
??4ofstream@@QAEAAV0@ABV0@@Z
putwchar
??6ostream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
_control87
rand
?setbuf@fstream@@QAEPAVstreambuf@@PADH@Z
_heapadd
?unbuffered@streambuf@@IAEXH@Z
_aexit_rtn
??_7ostream_withassign@@6B@
_wfreopen
_seterrormode
_putch
_wsystem
_fsopen
?setmode@ofstream@@QAEHH@Z
_commit
??4ifstream@@QAEAAV0@ABV0@@Z
_ismbcpunct
_CIcosh
??0filebuf@@QAE@XZ
_wctime
?rdbuf@ofstream@@QBEPAVfilebuf@@XZ
_locking
_setjmp3
?attach@ifstream@@QAEXH@Z
?get@istream@@QAEAAV1@AAD@Z
??_7ifstream@@6B@
_creat
?str@strstreambuf@@QAEPADXZ
_c_exit
localeconv
?openprot@filebuf@@2HB
__wgetmainargs
wcscmp
?sgetc@streambuf@@QAEHXZ
__lconv_init
__p___mb_cur_max
wctomb
_endthread
setlocale
?setbuf@strstreambuf@@UAEPAVstreambuf@@PADH@Z

wininet

DetectAutoProxyUrl
FtpGetCurrentDirectoryA
InternetQueryOptionW
IsUrlCacheEntryExpiredW
SetUrlCacheGroupAttributeW
FindFirstUrlCacheEntryExA
InternetCreateUrlA
GetUrlCacheConfigInfoA
PrivacySetZonePreferenceW
InternetReadFileExA
FindFirstUrlCacheGroup
InternetSecurityProtocolToStringW
SetUrlCacheEntryGroupW
InternetGoOnlineW
InternetAutodialCallback
InternetTimeFromSystemTimeW
GopherOpenFileW
InternetEnumPerSiteCookieDecisionW
GetUrlCacheGroupAttributeW
GopherFindFirstFileA
InternetSetCookieExA
InternetGetPerSiteCookieDecisionW
InternetConfirmZoneCrossingW
FtpPutFileA
InternetClearAllPerSiteCookieDecisions
FtpCommandW
FtpCreateDirectoryA
FindNextUrlCacheEntryA
SetUrlCacheEntryInfoW
GopherOpenFileA
FindNextUrlCacheEntryW
FtpGetFileA
InternetCreateUrlW
InternetHangUp
RetrieveUrlCacheEntryFileW
FindFirstUrlCacheEntryExW
HttpAddRequestHeadersA
CreateUrlCacheGroup
UnlockUrlCacheEntryFileW
FtpCommandA
FtpRenameFileW
HttpQueryInfoW
InternetWriteFileExW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA
CopySid
StartServiceCtrlDispatcherW
CloseTrace
GetSecurityDescriptorDacl
FreeInheritedFromArray
TraceMessageVa
LsaICLookupNamesWithCreds
A_SHAInit
RegSetValueExA
BuildTrusteeWithObjectsAndNameW
RegSaveKeyExA
CryptDecrypt
LsaEnumerateAccountRights
MD5Final
SetServiceBits
RegisterTraceGuidsA
SaferCloseLevel
QueryServiceStatus
GetUserNameW
AllocateLocallyUniqueId
LsaSetTrustedDomainInformation
SetEntriesInAccessListA
WmiSetSingleItemW
SystemFunction020
IdentifyCodeAuthzLevelW
TreeResetNamedSecurityInfoW
LsaQueryTrustedDomainInfo
ObjectOpenAuditAlarmW
SystemFunction022
CredIsMarshaledCredentialA
WmiQuerySingleInstanceMultipleW
SetEntriesInAuditListW
LsaSetSecurityObject
AddAce
GetManagedApplications
WmiQuerySingleInstanceA
QueryServiceConfigW
RegFlushKey
QueryAllTracesW
WmiReceiveNotificationsA
StopTraceW
SaferSetPolicyInformation
QueryServiceConfigA
GetSidIdentifierAuthority
CryptEnumProviderTypesW
ConvertStringSDToSDRootDomainA
CryptSetProvParam
RegCloseKey
LsaSetSystemAccessAccount
LsaCreateAccount
CryptDestroyHash
RegQueryInfoKeyW
GetFileSecurityW
RegEnumKeyExW
AccessCheckByTypeResultListAndAuditAlarmByHandleA
ElfOpenEventLogW
CryptSetKeyParam
LsaSetInformationTrustedDomain
ElfDeregisterEventSource
StartServiceW
CryptSetProviderW
EnumServicesStatusExA
GetNamedSecurityInfoA
BuildSecurityDescriptorW
IsValidSecurityDescriptor
ImpersonateAnonymousToken
OpenEncryptedFileRawA
CredMarshalCredentialW
InitiateSystemShutdownA
RegQueryInfoKeyA
CredpConvertCredential
AccessCheckByType
QueryServiceConfig2A
RegisterServiceCtrlHandlerW
SystemFunction021
LookupSecurityDescriptorPartsW
ElfBackupEventLogFileA
I_ScSetServiceBitsW
SystemFunction001

kernel32

LeaveCriticalSection
OpenConsoleW
GetModuleHandleExA
VerSetConditionMask
TermsrvAppInstallMode
GetNamedPipeInfo
WaitForSingleObjectEx
CompareStringW
GlobalAddAtomW
GetVersionExW
ProcessIdToSessionId
GetVolumePathNameA
InterlockedPopEntrySList
GetProcessShutdownParameters
SetComputerNameA
GetProcessPriorityBoost
EnumDateFormatsExA
BeginUpdateResourceA
LocalLock
EnumLanguageGroupLocalesW
DosDateTimeToFileTime
lstrcmpW
DuplicateHandle
VirtualAlloc
QueryDosDeviceW
CreateMutexA
EnterCriticalSection
SetTapeParameters
SetLocaleInfoW
SetComPlusPackageInstallStatus
GetConsoleCursorMode
ExpandEnvironmentStringsA
LocalFlags
GetProcessIoCounters
GetConsoleAliasesLengthA
LoadLibraryA
FoldStringA
ReadFileScatter
RtlZeroMemory
LZOpenFileA
CopyFileExA
SetFileAttributesA
DeleteCriticalSection
ClearCommError

msi

MsiViewGetErrorA
MsiConfigureProductExA
MsiSetInternalUI
MsiPreviewBillboardW
MsiSetFeatureStateA
MsiGetComponentStateA
MsiMessageBoxW
MsiIsProductElevatedA
MsiGetFileVersionA
MsiEnumFeaturesW
MsiGetFileHashA
MsiGetProductCodeA
MsiGetComponentPathA
MsiGetFeatureCostA
MsiEvaluateConditionW
MsiEnumComponentQualifiersA
MsiVerifyPackageA
MsiGetTargetPathA
MsiGetTargetPathW
MsiIsProductElevatedW
MsiViewExecute
MsiSourceListAddSourceA
MsiEnumComponentQualifiersW
MsiDatabaseGenerateTransformW
MsiProcessAdvertiseScriptA
MsiProvideQualifiedComponentExA
MsiPreviewDialogW
MsiLoadStringW
MsiDatabaseIsTablePersistentW
DllGetClassObject
MsiSetInstallLevel
MsiProcessAdvertiseScriptW
Migrate10CachedPackagesA
MsiInstallMissingFileA
MsiConfigureFeatureW

avifil32

EditStreamCut
AVIFileEndRecord
AVISave
DllGetClassObject
AVIStreamGetFrameOpen
AVIStreamAddRef
AVISaveOptionsFree
AVIStreamInfo
AVIStreamFindSample
AVIFileCreateStreamW
AVISaveA
AVIStreamBeginStreaming
EditStreamClone
AVIFileInfo
AVIMakeFileFromStreams
AVIGetFromClipboard
AVIMakeCompressedStream
AVIFileReadData
AVIFileGetStream
AVIFileOpen
EditStreamSetName
EditStreamSetNameW
AVIStreamLength
AVIStreamTimeToSample
EditStreamSetInfoW

msvcrt

exit

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

384fcbe878a3711d6def9498e536536b

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt20

wininet

advapi32

kernel32

msi

avifil32

msvcrt

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 58KB - Virtual size: 203KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1016B

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 58KB - Virtual size: 203KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1016B