d24878aefb39496811c9b549dfeb2307_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d24878aefb39496811c9b549dfeb2307_JaffaCakes118
Size

28KB
MD5

d24878aefb39496811c9b549dfeb2307
SHA1

bf68574f539fed3f6ef439e2388879ab35045d33
SHA256

a47b3bdb5bc53da110a327d320e652ebc6a0b3fd0bf03f495b32a25474f88ad3
SHA512

a6653be807e8dfdeefe3b4e0e3f53e5e42817a7fc05fa532470efe402c47b28f1c6aa373d9e46e16dee0b69033d5e38ad7d87985b0dd98ce7de02afd989fcc46
SSDEEP

384:Rj+gFh/TFRjnZKII5e3FU+17mP/JGMqAZcDGpiTTK4pP3U/qWaTH0aPh0bkPtq:Rjlh/H4kFUD0RAZ/iTK4dWab0aPh0bT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d24878aefb39496811c9b549dfeb2307_JaffaCakes118

Files

d24878aefb39496811c9b549dfeb2307_JaffaCakes118
.exe windows:5 windows x86 arch:x86

52fc078e640608c4224345e1134e218a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

vssapi

?GetBackupType@CVssWriter@@IBG?AW4_VSS_BACKUP_TYPE@@XZ
?GetCurrentLevel@CVssWriter@@IBG?AW4_VSS_APPLICATION_LEVEL@@XZ
?GetCurrentSnapshotSetId@CVssWriter@@IBG?AU_GUID@@XZ
?OnBackOffIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?OnIdentify@CVssJetWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
?OnPrepareBackupBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareBackup@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?Subscribe@CVssWriter@@QAGJK@Z
?OnContinueIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?OnThawBegin@CVssJetWriter@@UAG_NXZ
?OnVSSShutdown@CVssWriter@@UAG_NXZ
?OnPostRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
??1CVssJetWriter@@UAE@XZ
?OnPostSnapshot@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPreRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
??0CVssJetWriter@@QAE@XZ
?Uninitialize@CVssJetWriter@@QAGXXZ
?OnVSSApplicationStartup@CVssWriter@@UAG_NXZ
?Unsubscribe@CVssWriter@@QAGJXZ
??0CVssWriter@@QAE@XZ
?OnFreezeEnd@CVssJetWriter@@UAG_N_N@Z
?OnPostSnapshot@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
VssFreeSnapshotProperties
?OnPostRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnIdentify@CVssWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z

msvcrt40

__STRINGTOLD
_ismbclower
_wspawnvp
?sync@filebuf@@UAEHXZ
_rmtmp
?clrlock@ios@@QAAXXZ
?ws@@YAAAVistream@@AAV1@@Z
_toupper
?openprot@filebuf@@2HB
??5istream@@QAEAAV0@PAD@Z
??_Gexception@@UAEPAXI@Z
?lockptr@ios@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
_y1
_mtlock
_ismbbkalnum
?sync@istream@@QAEHXZ
??_7istrstream@@6B@
isalpha
div
_eof
_strnicmp
iswxdigit
_commode
__lconv_init
setbuf
_wmkdir
?ipfx@istream@@QAEHH@Z
?clog@@3Vostream_withassign@@A
?open@filebuf@@QAEPAV1@PBDHH@Z
??0ifstream@@QAE@ABV0@@Z
strftime
_strupr
iswctype
_getws
??_7strstreambuf@@6B@

kernel32

AddLocalAlternateComputerNameA
SetConsoleInputExeNameW
GetModuleHandleW
GetEnvironmentVariableA
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
CreateIoCompletionPort
ReadFileEx
Sleep
LocalShrink
GetVolumeInformationA
EnumDateFormatsW
LoadLibraryW
GetCommConfig
GetProcessWorkingSetSize
lstrcpynA
AddAtomA
GetConsoleAliasExesLengthW
FindActCtxSectionStringW
WriteProfileStringA
SetCommTimeouts
lstrcpy
ReadFile
ExpandEnvironmentStringsA
WritePrivateProfileStringA
GetVersion
GetProfileStringW
SetWaitableTimer
FindClose
VerifyVersionInfoW
GetProcessShutdownParameters
SetLastConsoleEventActive
WaitNamedPipeA
GetDefaultCommConfigW
LZOpenFileA
lstrcpyW
SetPriorityClass
Beep
VirtualAlloc
CopyLZFile

query

?LocaleToCodepage@@YGKK@Z
?ciDelete@@YGXPAX@Z
?AddArg@CEventItem@@QAEXPBG@Z
?SetLogonInfo@CScopeAdmin@@QAEXPBG0AAVCCatalogAdmin@@@Z
?SkipLong@CMemDeSerStream@@UAEXXZ
?IsCIPaused@CMachineAdmin@@QAEHXZ
??1CMemSerStream@@UAE@XZ
??1CRangeRestriction@@QAE@XZ
??1CContentRestriction@@QAE@XZ
??1CCatalogAdmin@@QAE@XZ
?Release@CEnumWorkid@@UAGKXZ
??1SStorageObject@@QAE@XZ
?IsValid@CRestriction@@QBEHXZ
??1CPidLookupTable@@QAE@XZ
?Clone@CEnumString@@UAGJPAPAUIEnumString@@@Z
?Marshall@CRestriction@@QBEXAAVPSerStream@@@Z
?GetULong@CMemDeSerStream@@UAEKXZ
?BeginTransaction@CPropStoreManager@@QAEKXZ
?SetDefaultProperty@CCatState@@QAEXPBG@Z
?GetByte@CMemDeSerStream@@UAEEXZ
?FormQueryTree@@YGPAVCDbCmdTreeNode@@AAV1@AAVCCatState@@PAUIColumnMapper@@HH@Z
??0CRcovStrmTrans@@IAE@AAVPRcovStorageObj@@W4RcovOpType@@@Z
??1CQueryUnknown@@QAE@XZ
?MakeBackupCopy@CPhysStorage@@QAEXAAV1@AAVPSaveProgressTracker@@@Z
??1CPhysStorage@@UAE@XZ
?GetDouble@CMemDeSerStream@@UAENXZ
DoneCIPerformanceData
?MinPageInUse@CPhysStorage@@QAEHAAK@Z
?SkipDouble@CMemDeSerStream@@UAEXXZ
?GetVolumeName@CDriveInfo@@QAEPBGH@Z
DllUnregisterServer
?SetWeight@CDbCmdTreeNode@@QAEXJ@Z
?ChangeCurrentCatalog@CCatState@@QAEXPBG@Z
?StrLen@CKey@@QBEIXZ
?Get@CRegAccess@@QAEKPBG@Z
SetupCacheEx
?ClearList@CCombinedPropertyList@@QAEXXZ
??0CPropertyRestriction@@QAE@KABVCFullPropSpec@@ABVCStorageVariant@@@Z
?SetSortProp@CCatState@@QAEXPBGW4SORTDIR@@I@Z
?RemoveChild@CNodeRestriction@@QAEPAVCRestriction@@I@Z
??1CWordRestriction@@QAE@XZ
?SkipULong@CMemDeSerStream@@UAEXXZ
CITextToFullTreeEx
?DoFailTest@@YGXJ@Z
??1CParseCommandTree@@QAE@XZ
?SkipWChar@CMemDeSerStream@@UAEXK@Z
?QueryInterface@CQueryUnknown@@UAGJABU_GUID@@PAPAX@Z
?VT_VARIANT_NE@@YGHABUtagPROPVARIANT@@0@Z
?IsIISAdminUp@CMetaDataMgr@@SGHAAH@Z
?FPSToPROPID@CPidConverter@@UAEJABVCFullPropSpec@@AAK@Z
?DisableVPathNotify@CMetaDataMgr@@QAEXXZ
?GetPropInfo@CEmptyPropertyList@@QAEHABVCDbColId@@PAPBGPAGPAI@Z
??0CDbColumnNode@@QAE@ABUtagDBID@@H@Z
?ReadProperty@CPropertyStore@@QAEHAAVCPropRecordNoLock@@KPAUtagPROPVARIANT@@PAI@Z
?GetStringDbRestriction@@YGPAVCDbRestriction@@PBGKPAUIColumnMapper@@K@Z
CollectCIISAPIPerformanceData
?Marshall@CPropertyRestriction@@QBEXAAVPSerStream@@@Z
??4CDbColId@@QAEAAV0@ABV0@@Z
?URLEscapeW@@YGXPBGAAVCVirtualString@@KH@Z
??0CFwEventItem@@QAE@GKGKPAX@Z
?SetUI4@CStorageVariant@@QAEXKI@Z
?UpdateContentIndex@@YGKPBG00H@Z
?AddRef@CFwPropertyMapper@@UAGKXZ
??0CRangeKeyRepository@@QAE@XZ
??1CFwAsyncWorkItem@@UAE@XZ
DoneFILTERPerformanceData

rpcrt4

RpcIfInqId
RpcBindingSetAuthInfoW
RpcEpRegisterNoReplaceW
NdrPointerUnmarshall
NDRSContextUnmarshall
RpcServerUseProtseqEpW
RpcMgmtEpEltInqNextW
NdrConformantArrayBufferSize
NdrpGetProcFormatString
I_RpcFree
RpcBindingVectorFree
NdrConformantStringBufferSize
NdrComplexStructBufferSize
RpcAsyncCompleteCall
NdrpCreateStub
NdrDcomAsyncClientCall
RpcSsGetContextBinding
NdrContextHandleInitialize
RpcSsSwapClientAllocFree
CStdStubBuffer_CountRefs
RpcEpRegisterNoReplaceA
NdrComplexStructUnmarshall
RpcEpRegisterA
I_RpcTransServerNewConnection
NdrpCreateProxy
NdrMesSimpleTypeAlignSize
RpcBindingServerFromClient
RpcCertGeneratePrincipalNameA
I_RpcServerUseProtseqEp2A
RpcBindingInqObject
NdrComplexStructMarshall
NDRSContextMarshall
I_RpcSendReceive
NdrMesTypeDecode2
NdrUserMarshalSimpleTypeConvert
NdrConformantArrayFree
NdrServerInitializeNew
RpcImpersonateClient
I_RpcExceptionFilter
RpcServerUseProtseqExA
RpcServerInqCallAttributesW
RpcObjectSetType
I_RpcNegotiateTransferSyntax
RpcMgmtInqServerPrincNameA

spoolss

DeletePrinterKeyW
SplPromptUIInUsersSession
SpoolerFreePrinterNotifyInfo
ReplyPrinterChangeNotification
RouterFindNextPrinterChangeNotification
DeletePrinterDataExW
GetPrinterDriverExW
SplShutDownRouter
FormatPrinterForRegistryKey
InitializeRouter
GetJobW
StartPagePrinter
bSetDevModePerUser
IsNamedPipeRpcCall
EnumPrintProcessorDatatypesW
AbortPrinter
PrinterMessageBoxW
GetNetworkId
OpenPrinterW
RouterFreeBidiMem
SetPrinterDataExW
GetPrinterDataExW
EndPagePrinter
BuildOtherNamesFromMachineName
PackStrings
GetPrinterW
EndDocPrinter
RouterAllocBidiResponseContainer
EnumPrinterDataW
SpoolerHasInitialized
GetPrinterDataW
ReplyClosePrinter
AppendPrinterNotifyInfoData
AdjustPointers
SpoolerFindFirstPrinterChangeNotification

msorcl32

SQLDriverConnect
SQLStatistics
SQLGetStmtOption
SQLTables
LoadByOrdinal
ConfigDSN
SQLRowCount
DllMain
SQLDescribeParam
DllRegisterServer
SQLAllocStmt
SQLCancel
SQLAllocEnv
SQLConnect
SQLGetInfo
SQLForeignKeys
SQLFreeConnect
SQLFreeStmt
SQLGetData
SQLAllocConnect
SQLFetch
SQLFreeEnv
SQLGetConnectOption
SQLProcedureColumns
SQLNumResultCols
SQLTransact
SQLExecDirect
SQLColumns
SQLSetStmtOption
SQLBrowseConnect
SQLBindParameter
SQLPutData
SQLNativeSql
SQLProcedures
SQLGetCursorName

opengl32

glNormal3d
glTexEnviv
glLightModelf
glEdgeFlagPointer
glGetTexEnvfv
glRasterPos4iv
glGetMapiv
glFogfv
glEvalCoord2f
glGetTexParameteriv
glPopClientAttrib
wglGetCurrentDC
glTexGeniv
glRenderMode
glPixelStoref
glMultMatrixf
glRasterPos2i
glColor3usv
glRasterPos3sv
glColor3ubv
glVertex2d
wglGetDefaultProcAddress
wglUseFontBitmapsW
glFinish
glIsTexture
glColor4ubv
glEdgeFlag

ntlanman

NPGetConnection
NPGetResourceInformation
NPCancelConnection
NPGetConnectionPerformance
NPAddConnection3
NPGetCaps
NPAddConnection
NPGetResourceParent
DllMain
NPGetConnection3
I_SystemFocusDialog
NPGetUniversalName
NPGetReconnectFlags
NPCloseEnum
NPFormatNetworkName
NPGetUser
NPEnumResource
NPOpenEnum

user32

SetFocus

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

52fc078e640608c4224345e1134e218a

Headers

DLL Characteristics

File Characteristics

Imports

vssapi

msvcrt40

kernel32

query

rpcrt4

spoolss

msorcl32

opengl32

ntlanman

user32

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 1024B - Virtual size: 3KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 3KB