d2444d89a8da7f0bacb55b9b1a737381_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d2444d89a8da7f0bacb55b9b1a737381_JaffaCakes118
Size

863KB
MD5

d2444d89a8da7f0bacb55b9b1a737381
SHA1

a4dc218922a884019b160cbb1813bd78d1b50710
SHA256

a1149d5018fbc74443e906165ede43296e8906d68514b2f8fc82eb3615942d04
SHA512

509e53d0012d96bacaf1979a3b4c6489afe3e5ec118467b6591561b41ff2a58f95e71416d11fdaa69cd7ecb36cd63cf77eed112a008119606d82e9ee24024728
SSDEEP

24576:ghZQw8FJCwOs6qRjRMJX48wQMmf4qR1jwkgWKJ6OTaR:gEjTCwO7qR2JbwK1jwnWKbTaR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2444d89a8da7f0bacb55b9b1a737381_JaffaCakes118

Files

d2444d89a8da7f0bacb55b9b1a737381_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c587b697ca4fb189d0b588aaacf12a52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

nddeapi

NDdeGetShareSecurityA
NDdeShareDelA
NDdeSpecialCommandW
NDdeShareAddA
NDdeGetErrorStringW
NDdeTrustedShareEnumW
NDdeShareEnumW
NDdeSetTrustedShareA
NDdeShareSetInfoA
NDdeShareSetInfoW
NDdeGetTrustedShareA
NDdeTrustedShareEnumA
NDdeSetShareSecurityA
NDdeIsValidAppTopicListW
NDdeShareEnumA
NDdeShareAddW
NDdeGetShareSecurityW
NDdeSpecialCommandA
NDdeSetTrustedShareW
NDdeShareGetInfoA
NDdeGetErrorStringA
NDdeSetShareSecurityW
NDdeIsValidAppTopicListA
NDdeIsValidShareNameW
NDdeShareDelW

gdi32

GdiGetLocalDC
GetCharacterPlacementW
EngCreatePalette
GetTextExtentExPointA
PathToRegion
SetAbortProc
RoundRect
EngCreateSemaphore
PolyPatBlt
XLATEOBJ_cGetPalette
CloseFigure
DdEntry51
GetGlyphOutlineWow
StartPage
EngUnlockSurface
Polygon
Rectangle
DdEntry17
SelectObject
DdEntry45
Ellipse
AddFontResourceExA
CreatePen
GetRandomRgn
GetHFONT
EnumFontFamiliesW
GetFontUnicodeRanges
EngAcquireSemaphore
DdEntry30
RectVisible
ResetDCW
GetCurrentObject
CreateCompatibleDC
CreateDIBPatternBrushPt
FONTOBJ_cGetGlyphs
BRUSHOBJ_hGetColorTransform

msi

MsiVerifyDiskSpace
MsiGetFeatureInfoW
MsiViewClose
MsiUseFeatureW
MsiEnumProductsA
MsiSetFeatureStateA
MsiAdvertiseProductExW
MsiSummaryInfoPersist
MsiSetComponentStateA
MsiGetFeatureCostW
MsiDatabaseGetPrimaryKeysW
MsiPreviewBillboardA
MsiViewModify
MsiRecordSetStreamA
MsiCreateAndVerifyInstallerDirectory
MsiGetFeatureStateW
MsiPreviewDialogW
MsiEvaluateConditionW
MsiProvideComponentA
MsiPreviewBillboardW
MsiGetMode
MsiEnableLogW
MsiGetFileSignatureInformationA
MsiGetPropertyW
MsiEnumProductsW
MsiGetShortcutTargetW
MsiInstallProductW
MsiGetFeatureUsageW
MsiGetPatchInfoA
MsiSourceListForceResolutionA
MsiConfigureFeatureFromDescriptorW
MsiGetProductCodeW
MsiAdvertiseScriptA
MsiRecordGetStringA
MsiEnumFeaturesA

wininet

CreateUrlCacheContainerW
InternetOpenUrlW
CommitUrlCacheEntryW
FtpGetFileEx
DeleteIE3Cache
InternetConnectW
FtpGetCurrentDirectoryA
ParseX509EncodedCertificateForListBoxEntry
InternetGetPerSiteCookieDecisionW
InternetDial
FindCloseUrlCache
FindNextUrlCacheEntryA
FtpGetFileA
InternetSetCookieExA
InternetOpenA
InternetReadFile
HttpSendRequestA
GopherGetLocatorTypeW
InternetShowSecurityInfoByURLW
InternetGetCookieExW
FindNextUrlCacheGroup
InternetGetLastResponseInfoW
SetUrlCacheEntryGroup
ShowX509EncodedCertificate
RetrieveUrlCacheEntryFileA
InternetSetCookieA
InternetDialA
FtpGetCurrentDirectoryW
FindNextUrlCacheContainerA
InternetSetDialState

esent

JetIntersectIndexes
JetCreateInstance2
JetTruncateLogInstance
JetCommitTransaction@8
JetCreateTableColumnIndex2
JetInit@4
JetInit3
JetGetCounter
JetCompact
JetRollback@8
JetExternalRestore
JetGetLock
JetRestore
JetCreateDatabase2
JetCreateIndex2
JetEndExternalBackup
JetPrepareToCommitTransaction
JetAddColumn
JetGetLogInfoInstance2
JetEndSession@8
JetEndSession
JetCreateInstance
JetGetVersion
JetGetObjectInfo
JetUnregisterCallback
JetDetachDatabase
JetBeginExternalBackup
JetTerm
JetPrepareUpdate
JetOpenTempTable2

kernel32

GetStdHandle
BaseCleanupAppcompatCacheSupport
HeapDestroy
VirtualAlloc
GetNamedPipeInfo
SetFileShortNameW
GetConsoleScreenBufferInfo
LoadLibraryA
GetSystemWow64DirectoryA
GlobalFindAtomW
GlobalAddAtomW
WriteConsoleOutputAttribute
Process32NextW
CreateTimerQueue
SetVolumeMountPointA
GetLogicalDriveStringsW
DeleteCriticalSection
EnterCriticalSection
SetComputerNameW
RequestDeviceWakeup
GetNumaNodeProcessorMask
InterlockedPopEntrySList
WTSGetActiveConsoleSessionId
WriteProfileStringW
GetNamedPipeHandleStateW
SetSystemTimeAdjustment
LeaveCriticalSection
SetMailslotInfo
GetWindowsDirectoryA
FindAtomW
GetOverlappedResult
SetConsoleMaximumWindowSize
GenerateConsoleCtrlEvent

msvcp60

?curr_symbol@?$_Mpunct@G@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??4_Winit@std@@QAEAAV01@ABV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??Gstd@@YA?AV?$complex@N@0@ABNABV10@@Z
?intl@?$moneypunct@G$00@std@@2_NB
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@O@0@@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAPAX@Z
?do_narrow@?$ctype@G@std@@MBEDGD@Z
??9std@@YA_NABV?$complex@N@0@ABN@Z
wcrtomb
?real@std@@YAMABV?$complex@M@1@@Z
?polar@std@@YA?AV?$complex@O@1@ABO@Z
?falsename@?$numpunct@G@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??_7?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@6B@
?frac_digits@?$_Mpunct@D@std@@QBEHXZ
?imag@?$_Complex_base@M@std@@QAEMABM@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?do_toupper@?$ctype@D@std@@MBEDD@Z
??_7out_of_range@std@@6B@
??1?$basic_fstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAF@Z

cewmdm

DllGetClassObject

msvcrt

exit

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 377KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c587b697ca4fb189d0b588aaacf12a52

Headers

DLL Characteristics

File Characteristics

Imports

nddeapi

gdi32

msi

wininet

esent

kernel32

msvcp60

cewmdm

msvcrt

Sections

.text Size: 164KB - Virtual size: 164KB

.rdata Size: 317KB - Virtual size: 317KB

.data Size: 377KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1020B

.text
Size: 164KB - Virtual size: 164KB

.rdata
Size: 317KB - Virtual size: 317KB

.data
Size: 377KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1020B