d72c41f682122c66f0e4b7ee80be0d41_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d72c41f682122c66f0e4b7ee80be0d41_JaffaCakes118
Size

864KB
MD5

d72c41f682122c66f0e4b7ee80be0d41
SHA1

3093e16e833fa27cdb2e5eaf5c2492d6e4cf3aa7
SHA256

55067ca01bf8d61bd92fc624185a8cf1cdc04180dbb8e359ff67d6d848908aa8
SHA512

9e0bba0c749c6b6ad1c1417a00faa31666ec58296a42813ed60fea9d4ee6aff3d04dbee02d0f57c78a1219f15bc8e55b9cd7b5ff056270a9a36a3233b32f71a8
SSDEEP

12288:/8D94EJ2c64JiNRKH74U62D1i2sp8KnJIGGncjLLBec+hRQcFSPvohlQVYWQ:Kec64J2R474UjxdhKnKQLLBiIo3QVFQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d72c41f682122c66f0e4b7ee80be0d41_JaffaCakes118

Files

d72c41f682122c66f0e4b7ee80be0d41_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e1081b9204a6b83811f65827e6483aad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDateFormatW
LockFile
GlobalAlloc
GetVolumeNameForVolumeMountPointA
GetPrivateProfileSectionNamesA
EnumerateLocalComputerNamesA
EnumResourceLanguagesW
WritePrivateProfileSectionA
GetEnvironmentStringsA
HeapSize
QueryActCtxW
GetCurrentThreadId
Module32FirstW
VDMOperationStarted
UnhandledExceptionFilter
GlobalFree
GetFirmwareEnvironmentVariableA
InvalidateConsoleDIBits
GetDefaultCommConfigW
SetLocalPrimaryComputerNameA
GlobalFlags
EnumLanguageGroupLocalesA
SetLastError
GetProcessShutdownParameters
FindActCtxSectionStringA
GetCurrentThread
SetFileApisToANSI
SetFileAttributesA
ConsoleMenuControl
GetFileAttributesA
GetTimeFormatW
GetProfileStringA
GetConsoleAliasExesA
LoadLibraryA
WaitCommEvent
SetConsoleMaximumWindowSize
GetConsoleTitleA
IsValidLocale
VirtualAlloc
CopyLZFile
GenerateConsoleCtrlEvent

user32

GetUpdateRect
LoadLocalFonts
EnableScrollBar
GetWindowModuleFileName
RegisterShellHookWindow
UnregisterMessagePumpHook
ChildWindowFromPoint
ChildWindowFromPointEx
RegisterClassA
EnumThreadWindows
OpenWindowStationA
AttachThreadInput
OpenDesktopA
RegisterRawInputDevices
DdeCreateStringHandleW
GetCursorFrameInfo
SetDlgItemInt
SendDlgItemMessageW
DdeGetData
OemToCharA
GetMenuItemInfoW
IsCharAlphaW
RemovePropW
DestroyCaret
EndDeferWindowPos
ResolveDesktopForWOW
DestroyCursor
LoadImageA
GetKeyboardLayoutNameA
DdeGetQualityOfService
SetLayeredWindowAttributes
CharPrevA
IsDlgButtonChecked
GetDCEx
UnpackDDElParam
IsRectEmpty
FindWindowW
SendMessageA
KillTimer
LoadCursorA
EndDialog
LockWorkStation

crypt32

I_CryptTouchLruEntry
CryptEnumOIDFunction
CryptMsgEncodeAndSignCTL
CertGetCTLContextProperty
CryptHashMessage
I_CryptFindSmartCardCertInStore
CryptRegisterOIDFunction
CertAlgIdToOID
CryptUninstallDefaultContext
CertIsRDNAttrsInCertificateName
CertGetIssuerCertificateFromStore
CertCloseStore
CertFindCTLInStore
CryptMsgVerifyCountersignatureEncodedEx
RegCreateHKCUKeyExU
I_CryptInstallAsn1Module
CryptAcquireContextU
CertGetPublicKeyLength
CertDeleteCertificateFromStore
CryptUnregisterOIDInfo
CryptVerifyDetachedMessageHash
CryptMemFree
CryptVerifyDetachedMessageSignature
RegOpenHKCUKeyExU
I_CryptUninstallAsn1Module
I_CryptSetTls

cmutil

?SetWriteICSData@CIniW@@QAEXH@Z
CmStrchrW
?SetFile@CIniA@@QAEXPBD@Z
CmStrtokA
??4CIniA@@QAEAAV0@ABV0@@Z
?Clear@CmLogFile@@QAEXH@Z
?GetFile@CIniW@@QBEPBGXZ
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBD@Z
?CIniW_DeleteEntryFromReg@CIniW@@IBEHPAUHKEY__@@PBG1@Z
GetOSVersion
?SetEntry@CIniA@@QAEXPBD@Z
?GPPB@CIniW@@QBEHPBG0H@Z
?WPPI@CIniW@@QAEXPBG0K@Z
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBG@Z
??_FCIniW@@QAEXXZ
CmFmtMsgW
CmConvertRelativePathW
CmLoadSmallIconW
?GPPB@CIniA@@QBEHPBD0H@Z
??0CIniA@@QAE@PAUHINSTANCE__@@PBD111@Z
??0CmLogFile@@QAE@XZ
?GetPrimaryRegPath@CIniW@@QBEPBGXZ
CmMoveMemory
CmLoadStringW
??4CRandom@@QAEAAV0@ABV0@@Z
?DeInit@CmLogFile@@QAEJXZ
??4CmLogFile@@QAEAAV0@ABV0@@Z
GetOSBuildNumber
??0CIniW@@QAE@PAUHINSTANCE__@@PBG111@Z
?FormatWrite@CmLogFile@@AAEXW4_CMLOG_ITEM@@PAG@Z
MakeBold
?SetRegPath@CIniA@@QAEXPBD@Z
CmLoadSmallIconA
?GetLogFilePath@CmLogFile@@QAEPBGXZ
?CIni_SetFile@CIniA@@KGXPAPADPBD@Z
CmIsDigitW
?GetPrimaryFile@CIniW@@QBEPBGXZ
CmStrtokW
?WPPI@CIniA@@QAEXPBD0K@Z
?CIniA_GetEntryFromReg@CIniA@@IBEPAEPAUHKEY__@@PBD1KK@Z
CmParsePathW
?CIniA_WriteEntryToReg@CIniA@@IBEHPAUHKEY__@@PBD1PBEKK@Z
?OpenFile@CmLogFile@@AAEJXZ
IsFarEastNonOSR2Win95
?SetReadICSData@CIniA@@QAEXH@Z
?CloseFile@CmLogFile@@AAEJXZ
?WPPB@CIniA@@QAEXPBD0H@Z
?GetFile@CIniA@@QBEPBDXZ
CmStrchrA
??0CRandom@@QAE@I@Z
?SetICSDataPath@CIniA@@QAEXPBD@Z
?GetHInst@CIniA@@QBEPAUHINSTANCE__@@XZ
?Log@CmLogFile@@QAAXW4_CMLOG_ITEM@@ZZ
GetOSMajorVersion
?GPPI@CIniW@@QBEKPBG0K@Z
?SetParams@CmLogFile@@QAEJHKPBG@Z
?GPPI@CIniA@@QBEKPBD0K@Z
CmStrCatAllocA
CmEndOfStrW
CmStrStrW
?LoadSection@CIniW@@QBEPAGPBG@Z
CmWinHelp

mscms

CloseColorProfile
GetStandardColorSpaceProfileA
SetColorProfileElementReference
DeleteColorTransform
GetPS2ColorSpaceArray
GetStandardColorSpaceProfileW
CreateProfileFromLogColorSpaceW
GetColorDirectoryW
IsColorProfileTagPresent
UnregisterCMMA
OpenColorProfileW
InternalGetPS2ColorRenderingDictionary
DisassociateColorProfileFromDeviceA
InstallColorProfileW
SetColorProfileElement
OpenColorProfileA
SetColorProfileHeader
EnumColorProfilesW
GetColorProfileElementTag
ConvertColorNameToIndex
SetColorProfileElementSize
GetColorProfileElement
UninstallColorProfileW
InstallColorProfileA
ConvertIndexToColorName
GetColorProfileHeader
GetPS2ColorRenderingDictionary
InternalGetDeviceConfig
GetNamedProfileInfo
CheckColors
CreateColorTransformW
InternalSetDeviceConfig
TranslateBitmapBits
CheckBitmapBits
RegisterCMMW
SetStandardColorSpaceProfileA
SetStandardColorSpaceProfileW
GetColorProfileFromHandle

dmocx

DllGetClassObject

Sections

.text
Size: 202KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 559KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1081b9204a6b83811f65827e6483aad

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

crypt32

cmutil

mscms

dmocx

Sections

.text Size: 202KB - Virtual size: 204KB

.rdata Size: 559KB - Virtual size: 560KB

.data Size: 99KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 202KB - Virtual size: 204KB

.rdata
Size: 559KB - Virtual size: 560KB

.data
Size: 99KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB