c8381366fcb3b196d51f08bbbc36c9fb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c8381366fcb3b196d51f08bbbc36c9fb_JaffaCakes118
Size

868KB
MD5

c8381366fcb3b196d51f08bbbc36c9fb
SHA1

fc8dc7c263370b79d1a9b4b191f2e296e7146e22
SHA256

cab7703a79567b8cfe051492d153ba32c28d05a97a0126b09deaadd9f0ad453a
SHA512

7ab6e3b4e2ac322983299f6432313193306b77483c1d8f09c4536177cb68e8aadf4b4abf7172295c852471cc885a677a4daf820f8e219b945e5c77410565ce36
SSDEEP

24576:/Vl3mu6oyImkJhi2AS/k1DopxMXwibXA1e:/VlDDyFkJhi2Az1DouAw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8381366fcb3b196d51f08bbbc36c9fb_JaffaCakes118

Files

c8381366fcb3b196d51f08bbbc36c9fb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

79e49ea2b0bd2599b8d32ba716a4d424

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wctime
__winitenv
??2@YAPAXI@Z
_ismbcalnum
_mbsninc
tmpfile
_safe_fdiv
_flsbuf
_mbsncpy
iswpunct
_except_handler2
_mbctoupper
_wexecvpe
_adj_fptan
_mbsnicoll
atoi
wcscat
_snwscanf
puts
_sys_errlist
qsort
wcstod
_ismbchira
_wtempnam
_getdllprocaddr
__p__osver
strrchr
_gmtime64
_sopen
__CxxUnregisterExceptionObject
_mbsicmp
_ismbbkpunct
isspace
_aligned_offset_malloc
ispunct
_tzname
_wpgmptr
floor
_wspawnlp
swprintf
_wstat
_mktemp
_beginthreadex
_set_SSE2_enable
_chdrive
_mbscmp
_filelength
__p___initenv
time
_tolower
_clearfp
_spawnle
atexit
_wexeclp
_initterm
frexp
??0bad_cast@@QAE@ABV0@@Z
_wsplitpath
_rotl
putchar
isalnum
??_Gexception@@UAEPAXI@Z
??9type_info@@QBEHABV0@@Z
vfwprintf
_wstat64
acos
_mbsncmp
??0bad_typeid@@QAE@ABV0@@Z
_commit
_mbctombb
__iscsym
atof

shlwapi

StrCmpIW
StrStrW
PathRemoveBlanksW
SHRegWriteUSValueA
SHLoadIndirectString
StrTrimA
SHGetValueA
PathFindSuffixArrayW
StrIsIntlEqualA
StrCpyNW
PathSearchAndQualifyW
PathIsUNCServerW
PathAddExtensionW
SHRegGetUSValueW
StrCSpnIW
StrCmpNW
PathGetDriveNumberW
PathRemoveArgsW
StrCmpLogicalW
UrlIsNoHistoryW
PathCompactPathExW
PathSearchAndQualifyA
PathCompactPathW
PathUnmakeSystemFolderA
SHDeleteKeyA
UrlIsOpaqueA
PathCanonicalizeW
StrCmpNA
StrChrIW
PathCreateFromUrlA
SHStrDupW
StrToInt64ExW
PathIsNetworkPathW
StrToInt64ExA
IntlStrEqWorkerA
SHRegDeleteEmptyUSKeyW
ColorRGBToHLS
SHQueryValueExW
PathUnmakeSystemFolderW
PathIsDirectoryW

query

?ChangeCurrentScope@CCatState@@QAEXPBG@Z
??0CStandardPropMapper@@QAE@XZ
?GetBrowserCodepage@@YGKAAVCWebServer@@K@Z
?_ImpersonateIf@CImpersonateRemoteAccess@@AAEHPBG0K@Z
?StopCI@CMachineAdmin@@QAEHXZ
?Marshall@CNatLanguageRestriction@@QBEXAAVPSerStream@@@Z
??1CScopeRestriction@@QAE@XZ
??1CDbProp@@QAE@XZ
??1CSynRestriction@@QAE@XZ
?AddCatalog@CMachineAdmin@@QAEXPBG0@Z
?MinPageInUse@CBufferCache@@QAEHAAK@Z
?AcquireRead@CPropertyStore@@AAEXAAVCReadWriteLockRecord@@@Z
?Remove@CDbSortSet@@QAEXI@Z
?Marshall@CNodeRestriction@@QBEXAAVPSerStream@@@Z
?SetSortProp@CCatState@@QAEXPBGW4SORTDIR@@I@Z
??0CPropNameArray@@QAE@I@Z
?Start@CCatalogAdmin@@QAEHXZ
?SetNumberOfColumns@CCatState@@QAEXI@Z
??0CRangeRestriction@@QAE@XZ
??1CPidLookupTable@@QAE@XZ
?InitializeForWrite@CDynStream@@QAEXK@Z
?SetEndKey@CRangeRestriction@@QAEXABVCKeyBuf@@@Z
?OpenExclusive@CMmStream@@QAEXPAGH@Z
?Empty@CRcovStrmWriteTrans@@QAEXXZ
?BeginTransaction@CPropStoreManager@@QAEKXZ
?GetStringDbRestriction@@YGPAVCDbRestriction@@PBGKPAUIColumnMapper@@K@Z
??0CPropStoreManager@@QAE@K@Z
??0CDynStream@@QAE@PAVPMmStream@@@Z
??8CDbColId@@QBEHABV0@@Z
?RemoveScope@CCatalogAdmin@@QAEXPBG@Z
?_dwLastCheckMoment@CGlobalPropFileRefresher@@0KA
?IsStopped@CCatalogAdmin@@QAEHXZ

kernel32

HeapCreate
SetFilePointer
GetLastError
FindFirstFileW
GetDiskFreeSpaceExA
lstrcmp
WriteConsoleW
EnumUILanguagesA
SearchPathA
CreateConsoleScreenBuffer
ReleaseSemaphore
GlobalFindAtomW
GetNamedPipeHandleStateA
OutputDebugStringA
CreateTimerQueue
InterlockedIncrement
VirtualAlloc
VerifyConsoleIoHandle
RemoveLocalAlternateComputerNameA
GetDevicePowerState
SetThreadLocale
GetStartupInfoW
SetComputerNameA
LoadLibraryA
DebugBreakProcess
RtlFillMemory
GetVolumeInformationW
GetWindowsDirectoryA
GetPrivateProfileSectionW
RegisterWaitForInputIdle
EnumCalendarInfoExA
GetBinaryTypeA
QueryPerformanceCounter
GetComputerNameExW
SetFirmwareEnvironmentVariableW
SetConsoleCursorInfo
GetExitCodeThread

ntdll

NtQueryInstallUILanguage
NtSetSystemEnvironmentValue
ZwResumeProcess
RtlEqualPrefixSid
ZwIsProcessInJob
RtlReleaseActivationContext
RtlFirstEntrySList
NtQueryDirectoryFile
ZwSetInformationThread
NtQuerySystemEnvironmentValue
RtlSetLastWin32Error
RtlOemToUnicodeN
ZwCreateDebugObject
NtDuplicateObject
_allrem
NtAccessCheckByTypeAndAuditAlarm
RtlSelfRelativeToAbsoluteSD
NtSetVolumeInformationFile
NtReadVirtualMemory
RtlCreateUnicodeStringFromAsciiz
RtlDeNormalizeProcessParams
NtOpenSection
_wtoi64
RtlDestroyAtomTable
DbgPrint
RtlNewInstanceSecurityObject
ZwSetHighEventPair
RtlTraceDatabaseCreate
RtlWriteRegistryValue
RtlCopyUnicodeString
RtlInitializeRXact
LdrUnlockLoaderLock
NtQueryVolumeInformationFile

advapi32

LsaEnumerateTrustedDomainsEx
AccessCheckAndAuditAlarmA
BuildImpersonateTrusteeW
SaferiCompareTokenLevels
CryptGetKeyParam
GetNamedSecurityInfoW
GetAccessPermissionsForObjectW
ElfOldestRecord
LsaLookupPrivilegeName
RegReplaceKeyW
RegUnLoadKeyA
QueryServiceStatus
RegFlushKey
RegQueryValueA
SystemFunction034
TreeResetNamedSecurityInfoA
IsValidSid
SystemFunction026
LsaDelete
InitializeAcl
IsTextUnicode
RegOpenUserClassesRoot
SystemFunction017
SystemFunction015
GetTrusteeFormA
CryptGetDefaultProviderW
I_ScPnPGetServiceName
CryptGenKey

user32

EndDialog

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 428KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79e49ea2b0bd2599b8d32ba716a4d424

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

shlwapi

query

kernel32

ntdll

advapi32

user32

Sections

.text Size: 140KB - Virtual size: 140KB

.rdata Size: 296KB - Virtual size: 296KB

.data Size: 428KB - Virtual size: 1.9MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 140KB - Virtual size: 140KB

.rdata
Size: 296KB - Virtual size: 296KB

.data
Size: 428KB - Virtual size: 1.9MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB