d515fa84df1722876aa4a9d73fcbe642_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d515fa84df1722876aa4a9d73fcbe642_JaffaCakes118
Size

135KB
MD5

d515fa84df1722876aa4a9d73fcbe642
SHA1

50b31be86b86900d0e043223037f07c6779db799
SHA256

b1fb24e3c566427f0db98a56da92368168304a3ae1a388898c040f6618953f6f
SHA512

98ed8aaf10e8275518a342e321a21f7bdd70ba521b80debd62de814d109719dd6ad49d770493b367a5598109a75d7d76d52637696ae0765e4598b326c192975f
SSDEEP

3072:aIP7KyJDSznH9nP16SXf/3koWxTPEsvW7Y35v+bWuXYvAQ4Sy9Jmg:7j/Md5v/3WxTPrJv+iuI4QDGmg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d515fa84df1722876aa4a9d73fcbe642_JaffaCakes118

Files

d515fa84df1722876aa4a9d73fcbe642_JaffaCakes118
.exe windows:5 windows x86 arch:x86

67109e5ed79170c92b558cc97e3fc30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

inetcomm

MimeEditViewSource
MimeOleParseRfc822Address
EssReceiptRequestEncodeEx
HrAttachDataFromFile
MimeOleSMimeCapsFull
MimeOleAlgStrengthFromSMimeCap
EssKeyExchPreferenceEncodeEx
MimeOleGetFileExtension
MimeOleSMimeCapGetHashAlg
EssKeyExchPreferenceDecodeEx
MimeOleGetPropA
MimeGetAddressFormatW
CreateRASTransport
MimeOleSetPropW
MimeOleParseMhtmlUrl
MimeOleObjectFromMoniker
CreateIMAPTransport
MimeOleSetBodyPropW
MimeOleGetCertsFromThumbprints
MimeOleGetRelatedSection
HrGetLastOpenFileDirectoryW
MimeOleClearDirtyTree
MimeOleGetPropW
EssSignCertificateDecodeEx
HrAthGetFileNameW
MimeOleUnEscapeStringInPlace
HrDoAttachmentVerb
MimeOleCreatePropertySet
MimeOleStripHeaders
MimeOleDecodeHeader
MimeOleSMimeCapRelease
EssReceiptRequestDecodeEx
GetDllMajorVersion
MimeOleCreateMessage
MimeEditIsSafeToRun
MimeOleOpenFileStream
MimeOleCreateHeaderTable
MimeEditGetBackgroundImageUrl
HrSaveAttachmentAs
HrSaveAttachToFile
MimeOleCreateBody

untfs

?Read@NTFS_FRS_STRUCTURE@@UAEEXZ
??0NTFS_UPCASE_TABLE@@QAE@XZ
??1NTFS_CLUSTER_RUN@@UAE@XZ
?Initialize@NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@E@Z
?ResetIterator@NTFS_INDEX_TREE@@QAEXXZ
?QueryAttributeList@NTFS_FRS_STRUCTURE@@QAEEPAVNTFS_ATTRIBUTE_LIST@@@Z
?Flush@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_BITMAP@@PAVNTFS_INDEX_TREE@@E@Z
??1NTFS_UPCASE_TABLE@@UAE@XZ
??0NTFS_ATTRIBUTE_LIST@@QAE@XZ
FormatEx
?Initialize@NTFS_UPCASE_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?CompareFileName@NTFS_MFT_INFO@@SGEPAXKPAU_FILE_NAME@@PAG@Z
?Save@NTFS_INDEX_TREE@@QAEEPAVNTFS_FILE_RECORD_SEGMENT@@@Z
?QueryFileReference@NTFS_INDEX_TREE@@QAEEKPAXKPAU_MFT_SEGMENT_REFERENCE@@PAE@Z
?Initialize@NTFS_MFT_INFO@@QAEEVBIG_INT@@PAVNTFS_UPCASE_TABLE@@EE_K@Z
??1NTFS_FRS_STRUCTURE@@UAE@XZ
?Initialize@NTFS_BOOT_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Write@NTFS_ATTRIBUTE@@UAEEPBXVBIG_INT@@KPAKPAVNTFS_BITMAP@@@Z
??0NTFS_SA@@QAE@XZ
?QueryAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAEKPBVWSTRING@@@Z
Extend
??0NTFS_REFLECTED_MASTER_FILE_TABLE@@QAE@XZ
?Relocate@NTFS_CLUSTER_RUN@@QAEXVBIG_INT@@@Z
?MakeNonresident@NTFS_ATTRIBUTE@@UAEEPAVNTFS_BITMAP@@@Z
?Initialize@NTFS_MFT_INFO@@QAEEXZ
??1NTFS_MFT_FILE@@UAE@XZ
?QueryNumberOfExtents@NTFS_EXTENT_LIST@@QBEKXZ
?WriteRemainingBootCode@NTFS_SA@@QAEEXZ
??0NTFS_INDEX_TREE@@QAE@XZ
??0NTFS_MFT_INFO@@QAE@XZ
??0NTFS_MFT_FILE@@QAE@XZ
?QueryName@NTFS_ATTRIBUTE_RECORD@@QBEEPAVWSTRING@@@Z
?QuerySegmentReference@NTFS_MFT_INFO@@SG?AU_MFT_SEGMENT_REFERENCE@@PAX@Z
?Initialize@NTFS_ATTRIBUTE_RECORD@@QAEEPAVIO_DP_DRIVE@@PAX@Z
??0NTFS_UPCASE_FILE@@QAE@XZ
?ComputeDupInfoSignature@NTFS_MFT_INFO@@CGXPAU_DUPLICATED_INFORMATION@@QAE@Z
?ComputeFileNameSignature@NTFS_MFT_INFO@@CGXKPAU_FILE_NAME@@QAE@Z

msorcl32

SQLSpecialColumns
SQLExecute
SQLExtendedFetch
LoadByOrdinal
SQLParamData
SQLGetData
ConfigDSN
SQLProcedures
SQLConnect
SQLTransact
SQLSetPos
SQLExecDirect
SQLBrowseConnect
SQLNumResultCols
SQLPrepare
SQLBindCol
SQLGetConnectOption
SQLStatistics
SQLDriverConnect
SQLAllocConnect
SQLTables
SQLFreeConnect
SQLAllocStmt
SQLColumns
SQLSetScrollOptions
SQLGetStmtOption
SQLSetCursorName
SQLSetConnectOption
SQLProcedureColumns
SQLDisconnect
SQLDescribeParam
SQLCancel
SQLFreeEnv
SQLSetStmtOption
SQLGetInfo
SQLColAttributes
SQLPrimaryKeys
SQLPutData

cmutil

?Banner@CmLogFile@@QAEXXZ
CmStrtokW
CmStrTrimW
??0CmLogFile@@QAE@XZ
?Log@CmLogFile@@QAAXW4_CMLOG_ITEM@@ZZ
ReleaseBold
??_FCIniW@@QAEXXZ
WzToSzWithAlloc
?GPPI@CIniW@@QBEKPBG0K@Z
CmWinHelp
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBD@Z
?Write@CmLogFile@@AAEJPAG@Z
?SetICSDataPath@CIniA@@QAEXPBD@Z
?Init@CRandom@@QAEXK@Z
??4CRandom@@QAEAAV0@ABV0@@Z
?WPPS@CIniW@@QAEXPBG00@Z
?GetRegPath@CIniA@@QBEPBDXZ
CmStrCatAllocA
CmFmtMsgA
CmStrrchrW
?GetSection@CIniW@@QBEPBGXZ
CmFree
?GPPS@CIniW@@QBEPAGPBG00@Z
?FormatWrite@CmLogFile@@AAEXW4_CMLOG_ITEM@@PAG@Z
CmStripFileNameW
?SetParams@CmLogFile@@QAEJHKPBG@Z
?SetReadICSData@CIniW@@QAEXH@Z
?CIniA_GetEntryFromReg@CIniA@@IBEPAEPAUHKEY__@@PBD1KK@Z
?GPPS@CIniA@@QBEPADPBD00@Z
CmStrrchrA
GetOSMajorVersion
?SetFile@CIniW@@QAEXPBG@Z
GetOSBuildNumber
?WPPI@CIniW@@QAEXPBG0K@Z
?GetRegPath@CIniW@@QBEPBGXZ
CmStripPathAndExtW
?SetSection@CIniW@@QAEXPBG@Z

user32

FillRect
SetProgmanWindow
DefWindowProcW
DdeGetLastError
DrawStateA
EnumDisplaySettingsExA
IsCharUpperA
wvsprintfW
IMPSetIMEA
LoadAcceleratorsA
GetUserObjectSecurity
SetWindowPos
CascadeWindows
IMPGetIMEA
DefFrameProcW
OemToCharBuffA
BroadcastSystemMessageA
GetTaskmanWindow
GetWindowInfo
GetMenuInfo
EditWndProc
MsgWaitForMultipleObjects
SetRectEmpty
TrackPopupMenuEx
keybd_event
GetAltTabInfoA
SetWindowStationUser
IMPQueryIMEA
IsWindowInDestroy
GetClassNameW
GetDialogBaseUnits

kernel32

GetHandleInformation
VirtualAlloc
SetMessageWaitingIndicator
GetConsoleAliasesW
UnregisterConsoleIME
RegisterConsoleIME
GetHandleContext
CreateDirectoryExW
SetCalendarInfoW
EnumLanguageGroupLocalesA
ReadConsoleOutputCharacterA
GetProfileStringW
SetTermsrvAppInstallMode
HeapUnlock
VDMOperationStarted
OpenWaitableTimerA
AddLocalAlternateComputerNameW
SetCurrentDirectoryA
LZSeek
SetProcessShutdownParameters
CancelDeviceWakeupRequest
InvalidateConsoleDIBits
GenerateConsoleCtrlEvent
CreateActCtxA
GetCurrentProcessId
GetOEMCP
GetACP
CreateActCtxW
DeleteVolumeMountPointA
EnumTimeFormatsW
RtlUnwind
EnumResourceTypesA
GetEnvironmentStringsW
HeapCreate
VerSetConditionMask
GetAtomNameA
OutputDebugStringW
lstrcpynA
_lopen
OutputDebugStringA
GetLongPathNameW
Process32NextW
GlobalAddAtomW
GetCurrentActCtx
ExitProcess
GetProcessAffinityMask
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetTempFileNameA
GetConsoleProcessList
_lread
GetConsoleCursorMode
UTUnRegister
CreateWaitableTimerW
LocalFlags
UnregisterWait
LocalUnlock
InterlockedExchange
QueryActCtxW
SetConsoleCursorMode
GetSystemTimeAsFileTime
SetUserGeoID
GetPriorityClass
AttachConsole
ExpungeConsoleCommandHistoryA
SetConsoleMaximumWindowSize
FlushFileBuffers
lstrcmpiW
SetSystemTime
GetConsoleWindow
SetVolumeMountPointW

netapi32

I_NetDatabaseRedo
NetWkstaUserEnum
NetApiBufferFree
NetServerTransportAdd
NetErrorLogWrite
DsRoleDnsNameToFlatName
NetpCloseConfigData
NetWkstaTransportDel
NetQueryDisplayInformation
I_BrowserResetNetlogonState
NetGroupDel
I_NetLogonSamLogonWithFlags
DsGetDcCloseW
NetSessionDel
NetGetJoinInformation
NetGetDisplayInformationIndex
DsAddressToSiteNamesA
NetUserModalsGet
NetWkstaTransportEnum
NetDfsGetInfo
NetGroupAdd
NetServerSetInfo
I_NetDfsIsThisADomainName
DsEnumerateDomainTrustsA
NetReplExportDirDel
DsRoleServerSaveStateForUpgrade
NetUserGetLocalGroups
NetReplGetInfo

mfcsubs

?AfxW2AHelper@@YGPADPADPBGH@Z
??O@YG_NABVCString@@0@Z
??_7CMapStringToPtr@@6B@
??4CString@@QAEABV0@PBD@Z
??P@YG_NPBGABVCString@@@Z
?Format@CString@@QAAXIZZ
?FormatMessageW@CString@@QAAXPBGZZ
?data@CPlex@@QAEPAXXZ
??_7CSyncObject@@6B@
?CompareNoCase@CString@@QBEHPBG@Z
?GetAt@CString@@QBEGH@Z
?InsertAt@CStringArray@@QAEXHPBGH@Z
??ACString@@QBEGH@Z
??N@YG_NABVCString@@PBG@Z
??8@YG_NABVCString@@0@Z
?SafeStrlen@CString@@KGHPBG@Z
?ElementAt@CStringArray@@QAEAAVCString@@H@Z
?Create@CPlex@@SGPAU1@AAPAU1@II@Z
??_7CStringArray@@6B@
??0CString@@QAE@XZ
??0CString@@QAE@PBE@Z
??H@YG?AVCString@@PBGABV0@@Z
??9@YG_NABVCString@@PBG@Z
?LoadStringW@CString@@QAEHI@Z
?Compare@CString@@QBEHPBG@Z
??0CString@@QAE@GH@Z
?GetUpperBound@CStringArray@@QBEHXZ
?Unlock@CSyncObject@@UAEHJPAJ@Z
?Release@CString@@IAEXXZ
??P@YG_NABVCString@@PBG@Z
?AfxLoadString@@YGHIPAGI@Z
??0CString@@QAE@ABV0@@Z
?FindOneOf@CString@@QBEHPBG@Z
??9@YG_NPBGABVCString@@@Z
?GetHashTableSize@CMapStringToPtr@@QBEIXZ
?Copy@CStringArray@@QAEXABV1@@Z
??9@YG_NABVCString@@0@Z
?Find@CString@@QBEHG@Z
?GetData@CString@@IBEPAUCStringData@@XZ
??0CStringArray@@QAE@XZ
?UnlockBuffer@CString@@QAEXXZ
?IsEmpty@CMapStringToPtr@@QBEHXZ

oleaut32

VarCyFromUI2
VarDecFromR4
VarDecFromStr
VarIdiv
SafeArrayGetUBound
VarR8FromStr
VarR4FromI8
VarBstrCat
VarI4FromDec
VarI1FromR8
VarI8FromBool
VarDecFromI8
VarDateFromStr
VarR8FromDate
VarUI8FromI1
VectorFromBstr
VarCyMulI8
BSTR_UserMarshal
VarNumFromParseNum
VarUI2FromI4
SysAllocString
VarI2FromR4
VarCyFromDate
VarI4FromI8
VarFormatDateTime
CreateTypeLib
VarR8FromI4
ClearCustData
VarI8FromR4
VarI4FromDate
SysAllocStringLen
OleSavePictureFile
VarAbs

imm32

ImmWINNLSGetIMEHotkey
ImmIMPGetIMEW
ImmRequestMessageW
ImmGetDescriptionA
ImmGetCompositionStringA
ImmConfigureIMEA
ImmEscapeA
ImmGetRegisterWordStyleA
ImmAssociateContext
ImmGetCompositionWindow
ImmGetHotKey
ImmGetVirtualKey
ImmSetCompositionStringW
ImmIsUIMessageW
ImmEnumInputContext
ImmCallImeConsoleIME
ImmEnumRegisterWordA
ImmGetProperty
ImmUnlockClientImc
ImmFreeLayout
ImmActivateLayout
ImmPutImeMenuItemsIntoMappedFile
ImmUnlockImeDpi
ImmGetIMCCSize
ImmInstallIMEW
ImmGetImeMenuItemsW
ImmWINNLSEnableIME
ImmReleaseContext
ImmGetContext
ImmUnregisterWordW
ImmIMPSetIMEW
ImmLockIMC
ImmCreateSoftKeyboard
ImmSetCompositionFontA
ImmGetConversionStatus
ImmSetHotKey

dciman32

GetDCRegionData
DCIOpenProvider
DCIBeginAccess
DCICreateOverlay
DCICloseProvider
WinWatchNotify
DCIDraw
WinWatchDidStatusChange
DCICreateOffscreen
DCISetClipList
DCIEnum
DCIEndAccess
WinWatchClose
WinWatchOpen
DCICreatePrimary
GetWindowRegionData
WinWatchGetClipList
DCISetSrcDestClip
DCIDestroy
DCISetDestination

odbcjt32

SQLSetScrollOptions
SQLSetConnectAttrW
SelectUIdxDlgProc
ConfigDSNW
SQLColAttributeW
ConfigDSN
SQLDriverConnectW
SelectIndexDlgProc
SQLMoreResults
SQLFreeHandle
LoadByOrdinal
SQLExecDirectW
SQLTablesW
InitDialogAgain
RepairCompactProc
SQLPutData
SQLFreeEnv
SQLColumnsW
SQLFetchScroll
SQLFetch
InitializeLoginDialog
LoginDialogProc
SQLGetFunctions
SQLParamData
SQLExecute
SQLProceduresW
SQLAllocHandle

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67109e5ed79170c92b558cc97e3fc30f

Headers

DLL Characteristics

File Characteristics

Imports

inetcomm

untfs

msorcl32

cmutil

user32

kernel32

netapi32

mfcsubs

oleaut32

imm32

dciman32

odbcjt32

Sections

.text Size: 67KB - Virtual size: 67KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 29KB - Virtual size: 87KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 29KB - Virtual size: 87KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B