c8450516a3cc4e45043d2ec7af9349eb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c8450516a3cc4e45043d2ec7af9349eb_JaffaCakes118
Size

81KB
MD5

c8450516a3cc4e45043d2ec7af9349eb
SHA1

4b39805a2ebf8a69618d94fd3848b6e989216fd1
SHA256

6457090a4516f5bcd9ea38e9243fd15e833d07d30af58ad1007a04e1ce73ac54
SHA512

031683646d84e7af6e9a6cf0a54c58ff1cab6c6ab23b3605f8e914b61658448fcefb8b7318e74ed75fa88a4fe5541a78a2f11e2a77be23c9b463e0f32d2c8052
SSDEEP

1536:6Fd+oYMrNQC/AcdAyi4DV6+Hx1Idp0ma3qq3fvJs:hqQC/bnXSphoqq5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8450516a3cc4e45043d2ec7af9349eb_JaffaCakes118

Files

c8450516a3cc4e45043d2ec7af9349eb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

58b658b753265c0ee4d3ab98cb11295a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

ReadOleStg
HACCEL_UserSize
CLSIDFromOle1Class
IsValidPtrOut
ReadClassStg
CoReleaseMarshalData
ReadStringStream
STGMEDIUM_UserFree
HBITMAP_UserMarshal
OleInitializeWOW
HMENU_UserFree
CreateStdProgressIndicator
CoGetCallerTID
CoRegisterSurrogate
HICON_UserSize
OleSave
MonikerCommonPrefixWith
GetRunningObjectTable
OleRun
CoQueryProxyBlanket
CoGetClassObject
CoRegisterMessageFilter
HBRUSH_UserMarshal
CreateObjrefMoniker
OleLoadFromStream
CLIPFORMAT_UserSize
SNB_UserSize
CoWaitForMultipleHandles
StgCreateStorageEx
SetErrorInfo
HICON_UserMarshal
CoTaskMemRealloc
IIDFromString
CoUnmarshalInterface
CoSwitchCallContext
HGLOBAL_UserMarshal
HBITMAP_UserFree
HPALETTE_UserUnmarshal
OleLoad
OleIsCurrentClipboard
OleCreateLinkFromDataEx
IsEqualGUID
CoRegisterChannelHook
HGLOBAL_UserFree
ComPs_NdrDllRegisterProxy
HDC_UserMarshal
CoGetClassVersion
CoGetStandardMarshal
OleDestroyMenuDescriptor
CoResumeClassObjects
CLSIDFromProgID
OleRegEnumVerbs
OleQueryLinkFromData
CoRegisterMallocSpy
CoFreeUnusedLibraries
ReadFmtUserTypeStg
WdtpInterfacePointer_UserMarshal
ReadClassStm
OleCreateLinkEx
CoCreateFreeThreadedMarshaler
OleInitialize
HPALETTE_UserSize
OleQueryCreateFromData
GetDocumentBitStg
StgConvertPropertyToVariant
STGMEDIUM_UserSize
OleRegEnumFormatEtc
CoGetDefaultContext
CoGetInterceptor
SetDocumentBitStg
PropSysAllocString
HACCEL_UserUnmarshal
OleCreateFromDataEx
PropVariantCopy
PropVariantChangeType
GetHookInterface
CoImpersonateClient
CoFreeLibrary
CoMarshalHresult
WriteStringStream
CoSetState
CLIPFORMAT_UserMarshal

kernel32

DefineDosDeviceW
GetPrivateProfileStringW
DnsHostnameToComputerNameA
DeleteFileA
FindNextVolumeA
EnterCriticalSection
CallNamedPipeA
CreateDirectoryW
SetComputerNameA
LoadLibraryA
SetConsoleLocalEUDC
GetConsoleCursorMode
FindResourceA
GetStartupInfoA
LeaveCriticalSection
RtlFillMemory
ConvertFiberToThread
SetFileApisToOEM
FreeResource
FindNextFileA
WriteConsoleInputVDMW
DeleteCriticalSection
OpenSemaphoreW
FindFirstChangeNotificationW
SetConsoleInputExeNameA
LocalFlags
GetDevicePowerState
ReadConsoleOutputAttribute
CreateMailslotW
WritePrivateProfileStringA
VirtualAlloc
GetTempPathA

ieakeng

BToolbar_Edit
DoReboot
MoveDownFavorite
BuildPalette
GetFavoritesNumber
CanDeleteADM
CheckField
CreateADMWindow
ModifyAuthCode
ModifyRatings
DisplayADMItem
GetFavoritesMaxNumber
NewFolder
GetAdmWindowHandle
CheckForDupKeys
SaveADMItem
SelectADMItem
MoveADMWindow
IsFavoriteItem
ModifyZones
ErrorMessageBox
ProcessFavSelChange
ShowInetcpl
ShowADMWindow
DestroyADMWindow
MoveUpFavorite
BToolbar_Remove

mprapi

MprGetUsrParams
MprAdminUpgradeUsers
MprAdminSendUserMessage
MprDomainQueryRasServer
MprAdminMIBServerConnect
MprConfigTransportCreate
MprConfigServerConnect
MprAdminUserClose
MprAdminPortDisconnect
MprInfoDuplicate
MprAdminPortEnum
MprConfigInterfaceSetInfo
MprConfigInterfaceTransportRemove
MprConfigGetGuidName
MprAdminInterfaceGetCredentialsEx
MprAdminUserServerDisconnect
MprInfoRemoveAll
MprAdminInterfaceSetInfo
MprAdminInterfaceTransportGetInfo
MprAdminPortGetInfo
MprAdminInterfaceGetInfo
MprAdminUserReadProfFlags
MprAdminConnectionEnum
MprAdminMIBBufferFree
MprAdminUserWrite

netapi32

NetApiBufferFree
NetShareGetInfo
NetpwNameCompare
NetUserGetGroups
NetpOpenConfigData
NetReplExportDirSetInfo
I_NetLogonSamLogoff
DsRoleServerSaveStateForUpgrade
NetLogonGetTimeServiceParentDomain
NetServerComputerNameAdd
NetDfsGetClientInfo
NetDfsManagerGetConfigInfo
NetAuditRead
I_NetDfsIsThisADomainName
NetGroupDel
NetEnumerateTrustedDomains
NetShareCheck
I_NetLogonUasLogoff
NetDfsManagerSendSiteInfo
NetDfsRemoveFtRootForced
NetErrorLogClear
NetGroupEnum
NetUserGetLocalGroups
NetConfigSet
NetGroupSetInfo
NetSessionEnum
NetMessageNameGetInfo
NetReplImportDirAdd
NetLocalGroupDelMember
NetpGetConfigBool
NetServerEnumEx
DsRoleGetDatabaseFacts
I_NetLogonSamLogonWithFlags
NetpGetConfigValue
NetGroupAdd
NetUserSetGroups
NetServiceGetInfo
NetReplExportDirDel

wtsapi32

WTSEnumerateServersA
WTSLogoffSession
WTSSetSessionInformationW
WTSSendMessageA
WTSQuerySessionInformationA
WTSSetSessionInformationA
WTSQuerySessionInformationW
WTSFreeMemory
WTSEnumerateProcessesA
WTSShutdownSystem
WTSDisconnectSession
WTSWaitSystemEvent
WTSCloseServer
WTSTerminateProcess
WTSSetUserConfigW
WTSVirtualChannelPurgeOutput
WTSQueryUserConfigW
WTSQueryUserConfigA
WTSVirtualChannelRead
WTSRegisterSessionNotification
WTSVirtualChannelClose
WTSSetUserConfigA
WTSEnumerateServersW
WTSOpenServerA
WTSEnumerateSessionsA
WTSEnumerateProcessesW
WTSVirtualChannelWrite
WTSVirtualChannelOpen
WTSUnRegisterSessionNotification
WTSVirtualChannelQuery
WTSVirtualChannelPurgeInput
WTSEnumerateSessionsW
WTSSendMessageW
WTSOpenServerW
WTSQueryUserToken

msvcrt20

??4istream@@IAEAAV0@PAVstreambuf@@@Z
?seekoff@stdiobuf@@UAEJJW4seek_dir@ios@@H@Z
_tell
_CItan
??_Eios@@UAEPAXI@Z
atan
atoi
_timezone
?sgetn@streambuf@@QAEHPADH@Z
_wfdopen
?sync@strstreambuf@@UAEHXZ
towupper
?sync@streambuf@@UAEHXZ
??0istream@@IAE@ABV0@@Z
_mbsstr
?rdbuf@strstream@@QBEPAVstrstreambuf@@XZ
__p__wenviron
?pptr@streambuf@@IBEPADXZ
?xalloc@ios@@SAHXZ
_findfirst
?clog@@3Vostream_withassign@@A
_ismbslead
_j1
_sys_nerr
_chdir
fgetpos
fwrite
??5istream@@QAEAAV0@PAE@Z
?read@istream@@QAEAAV1@PACH@Z
?seekoff@filebuf@@UAEJJW4seek_dir@ios@@H@Z

odbccp32

SQLGetInstalledDrivers
SQLPostInstallerErrorW
SQLGetTranslator
SQLWriteDSNToIniW
SQLInstallTranslator
SQLCreateDataSource
SQLInstallerError
SQLInstallDriverManagerW
SQLGetInstalledDriversW
SQLConfigDataSourceW
SQLValidDSNW
SQLGetPrivateProfileString
SQLInstallerErrorW
SQLRemoveTranslatorW
SQLRemoveDriverManager
SQLInstallTranslatorEx
SQLCreateDataSourceExW
SQLWriteFileDSN
SQLRemoveDriverW
SQLInstallDriverExW
SQLGetPrivateProfileStringW
SQLInstallDriver
SQLWriteFileDSNW
SQLManageDataSources
SQLConfigDriverW
SQLReadFileDSNW
SQLPostInstallerError
SQLGetConfigMode
SQLSetConfigMode
SQLReadFileDSN
SQLRemoveDefaultDataSource
SQLInstallDriverW
SQLCreateDataSourceEx
SQLInstallTranslatorW
SQLInstallODBC
SQLLoadDataSourcesListBox
SQLLoadDriverListBox
SQLValidDSN
SQLWriteDSNToIni
SQLRemoveDriver
SQLGetAvailableDriversW

msvcp60

??8std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
?widen@?$ctype@G@std@@QBEPBDPBD0PAG@Z
?round_error@?$numeric_limits@I@std@@SAIXZ
?log@std@@YA?AV?$complex@M@1@ABV21@@Z
??1facet@locale@std@@UAE@XZ
?max@?$numeric_limits@F@std@@SAFXZ
??4?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0codecvt_base@std@@QAE@I@Z
??Pstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?to_char_type@?$char_traits@G@std@@SAGABG@Z
?id@?$numpunct@D@std@@2V0locale@2@A
??4?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@G@std@@QAEAAV01@ABV01@@Z
??4?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?_Getyes@_Locinfo@std@@QBEPBDXZ
?sqrt@std@@YA?AV?$complex@O@1@ABV21@@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXPAGIG@Z
_Eps
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAE@Z
?_Doraise@out_of_range@std@@MBEXXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAPAX@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?putback@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@G@Z
?osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58b658b753265c0ee4d3ab98cb11295a

Headers

File Characteristics

Imports

ole32

kernel32

ieakeng

mprapi

netapi32

wtsapi32

msvcrt20

odbccp32

msvcp60

Sections

.text Size: 43KB - Virtual size: 42KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 5KB - Virtual size: 62KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 908B

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 5KB - Virtual size: 62KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 908B