d73c9719280299f9747d05f834ddcd2b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d73c9719280299f9747d05f834ddcd2b_JaffaCakes118
Size

869KB
MD5

d73c9719280299f9747d05f834ddcd2b
SHA1

a7ee6760998a227fe322fc6afd958be23a0b3de5
SHA256

fe17853a797b7b45715ff4be29bfd1ee5906c2d7b59709ab41f5ef4950b9f1eb
SHA512

d13ec4a9ae77b8ee5c65a7b086989578fe8811441cadc4de627aa35d145ded7529fc3ef1e423e100e591d3daa37b6453e7753f91f451d58a9353e99080b34a69
SSDEEP

24576:LnI4+nbctiBXxSl2TCiO53RxKkYdR9zkb/d:DuBXxI2miO17KNdRyd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d73c9719280299f9747d05f834ddcd2b_JaffaCakes118

Files

d73c9719280299f9747d05f834ddcd2b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

adf3a2fc7078e813f41ca540817493a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

_safe_fdivr
??_Gistrstream@@UAEPAXI@Z
_mbctoupper
wcsncmp
??0istream@@IAE@XZ
??6ostream@@QAEAAV0@PBX@Z
ctime
?gcount@istream@@QBEHXZ
_mbscat
?pword@ios@@QBEAAPAXH@Z
?clrlock@streambuf@@QAEXXZ
_searchenv
towupper
_mbsnicoll
_findfirsti64
?close@filebuf@@QAEPAV1@XZ
_safe_fprem1
srand
_mbsrchr
?writepad@ostream@@AAEAAV1@PBD0@Z
_beep
?is_open@ifstream@@QBEHXZ
_mbschr
_fpieee_flt
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??0streambuf@@QAE@ABV0@@Z
log
fgetpos
_strlwr
wcsstr
fgetws
_mktemp
?eback@streambuf@@IBEPADXZ
_getws
localtime
??6ostream@@QAEAAV0@PBE@Z
_utime
??1stdiostream@@UAE@XZ
_mbsnbcmp
_adjust_fdiv
_global_unwind2
_ftime
??0ifstream@@QAE@HPADH@Z

msvcrt

iswcntrl
_lock
setvbuf
fputwc
fflush
rand
__set_app_type
exit
_isatty
_mbctype
__fpecode
__getmainargs
__iscsymf
_mbcjmstojis
_wfindfirsti64
_j0
isprint
_open
__p__mbctype
_wperror
_mbsicmp
__lc_collate_cp
perror
_stricmp
strtoul
_yn
fputws
??_V@YAXPAX@Z
_wfindfirst
_sys_nerr
_strnset
??9type_info@@QBEHABV0@@Z
_wfopen
_copysign
__p__commode
??0bad_typeid@@QAE@ABV0@@Z
_safe_fdiv
_wexecvp
_ismbcalnum
_ftime
sqrt
__crtCompareStringW
_adj_fpatan
modf
_snscanf
_tzname
_filelength
_wsystem

cmutil

SzToWz
?SetRegPath@CIniW@@QAEXPBG@Z
?CIni_SetFile@CIniW@@KGXPAPAGPBG@Z
?SetEntry@CIniW@@QAEXPBG@Z
CmFmtMsgA
?IsEnabled@CmLogFile@@QAEHXZ
?CIniA_GetEntryFromReg@CIniA@@IBEPAEPAUHKEY__@@PBD1KK@Z
?WPPS@CIniA@@QAEXPBD00@Z
ReleaseBold
?SetParams@CmLogFile@@QAEJHKPBG@Z
IsFarEastNonOSR2Win95
?SetPrimaryFile@CIniW@@QAEXPBG@Z
CmMalloc
CmLoadSmallIconA
CmConvertRelativePathW
?Start@CmLogFile@@QAEJH@Z
??_FCIniA@@QAEXXZ
?GetHInst@CIniA@@QBEPAUHINSTANCE__@@XZ
??1CIniA@@QAE@XZ
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBG@Z
?SetPrimaryRegPath@CIniW@@QAEXPBG@Z
?LoadEntry@CIniA@@IBEPADPBD@Z
?GetFile@CIniW@@QBEPBGXZ
?SetParams@CmLogFile@@QAEJHKPBD@Z
CmStripFileNameW
??4CmLogFile@@QAEAAV0@ABV0@@Z
CmBuildFullPathFromRelativeW
?SetEntryFromIdx@CIniW@@QAEXK@Z
?SetICSDataPath@CIniW@@QAEXPBG@Z
?LoadEntry@CIniW@@IBEPAGPBG@Z
?SetWriteICSData@CIniW@@QAEXH@Z
CmLoadIconW

w32topl

ToplEdgeDisassociate
ToplSTHeapExtractMin
ToplDeleteSpanningTreeEdges
ToplEdgeAssociate
ToplListRemoveElem
ToplScheduleImport
ToplGraphDestroy
ToplScheduleValid
ToplFree
ToplGraphInit
ToplGraphMakeRing
ToplIterFree
ToplScheduleCacheCreate
ToplGraphSetVertexIter
ToplGraphFree
ToplEdgeSetWeight
ToplScheduleIsEqual
ToplVertexNumberOfOutEdges
ToplVertexSetParent
ToplListFree
ToplScheduleCreate
ToplSTHeapDestroy
ToplEdgeGetWeight
ToplGraphNumberOfVertices
ToplIsToplException
ToplHeapDestroy
ToplHeapIsEmpty
ToplHeapCreate
ToplPScheduleValid
ToplGraphRemoveVertex
ToplEdgeDestroy
ToplVertexGetParent
ToplEdgeSetFromVertex
ToplEdgeFree
ToplEdgeGetToVertex
ToplListSetIter
ToplGetSpanningTreeEdgesForVtx
ToplHeapInsert
ToplSTHeapCostReduced
ToplVertexGetOutEdge
ToplDeleteComponents
ToplListAddElem
ToplHeapIsElementOf
ToplAddEdgeSetToGraph

apphelp

SdbGetNextChild
ApphelpFixMsiPackageExe
ShimDumpCache
SdbReadBYTETag
SdbReadQWORDTagRef
SdbCreateMsiTransformFile
AllowPermLayer
SdbQueryData
SdbInitDatabase
SdbQueryApphelpInformation
SdbOpenApphelpInformation
SdbReadStringTag
SdbReadStringTagRef
SdbGrabMatchingInfo
SdbQueryDataEx
SdbTagToString
SdbFindNextTag
SdbGrabMatchingInfoEx
SdbReadBinaryTag
ApphelpFreeFileAttributes
SdbCloseApphelpInformation
ApphelpUpdateCacheEntry
ApphelpCheckExe
ApphelpCheckIME
SdbReadWORDTagRef
SetPermLayers
SdbEnumMsiTransforms
SdbOpenDatabase
SdbGetDatabaseID
SdbFindFirstNamedTag
SdbTagIDToTagRef
SdbFindFirstTag

msvcirt

??_Diostream@@QAEXXZ
?lock@ios@@QAAXXZ
??1exception@@UAE@XZ
??_7istrstream@@6B@
?precision@ios@@QBEHXZ
?attach@ofstream@@QAEXH@Z
??1logic_error@@UAE@XZ
?sgetc@streambuf@@QAEHXZ
?cin@@3Vistream_withassign@@A
?ends@@YAAAVostream@@AAV1@@Z
??_7filebuf@@6B@
??4streambuf@@QAEAAV0@ABV0@@Z
?sync@strstreambuf@@UAEHXZ
?fd@filebuf@@QBEHXZ
?is_open@ofstream@@QBEHXZ
?width@ios@@QAEHH@Z
?adjustfield@ios@@2JB
??_Dstrstream@@QAEXXZ
?sh_none@filebuf@@2HB
??4stdiostream@@QAEAAV0@AAV0@@Z
??_Eistream@@UAEPAXI@Z
??_8ofstream@@7B@
?unlockbuf@ios@@QAAXXZ
??4ofstream@@QAEAAV0@ABV0@@Z
??_8strstream@@7Bostream@@@
??_Elogic_error@@UAEPAXI@Z
?freeze@strstreambuf@@QAEXH@Z
??0ostream@@IAE@XZ
?hex@@YAAAVios@@AAV1@@Z
?rdbuf@strstream@@QBEPAVstrstreambuf@@XZ
??5istream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
??0ofstream@@QAE@ABV0@@Z
??0iostream@@QAE@PAVstreambuf@@@Z
??_Glogic_error@@UAEPAXI@Z

kernel32

SetThreadAffinityMask
LZCopy
LoadLibraryA
CreateMutexA
FlushViewOfFile
SetUnhandledExceptionFilter
OutputDebugStringA
SetLocalPrimaryComputerNameA
GetConsoleKeyboardLayoutNameW
GetCurrentProcess
GetConsoleCommandHistoryLengthW
GlobalLock
SetupComm
GetEnvironmentStringsW
EnumTimeFormatsW
QueryPerformanceFrequency
SetProcessShutdownParameters
GetUserDefaultUILanguage
GetConsoleNlsMode
VirtualProtectEx
GetCommMask
LZInit
SetNamedPipeHandleState
SetHandleInformation
WriteConsoleA
SetTapePosition
CompareFileTime
IsProcessInJob
VirtualAlloc
lstrcmpiW
RequestWakeupLatency
WriteFileEx
CreateMailslotA
MoveFileWithProgressA
GetProfileStringA
GlobalFree
GetComPlusPackageInstallStatus
EraseTape
GetProcAddress
ReadDirectoryChangesW
ZombifyActCtx
DeleteFileW
GetACP
GetComputerNameExA
SetSystemPowerState
GetEnvironmentStrings
UnlockFile
QueueUserWorkItem
IsBadStringPtrW
FormatMessageA
FindFirstVolumeA
GetCommModemStatus
LockFile
SetConsoleKeyShortcuts
IsSystemResumeAutomatic
SetProcessPriorityBoost
BuildCommDCBA
SetComputerNameExA
lstrcpy
InitAtomTable
HeapAlloc
GetUserGeoID
RemoveLocalAlternateComputerNameA
GetCurrentDirectoryA
GetVolumePathNameW
EnumResourceLanguagesW
CancelIo
GetThreadPriorityBoost
SetConsoleCtrlHandler
_llseek
GetOEMCP
HeapSetInformation
ReadFileScatter
OpenThread
GetModuleHandleExW

crypt32

CertAddSerializedElementToStore
CryptSIPRemoveSignedDataMsg
CryptMsgCountersign
CertEnumCRLContextProperties
CertSerializeCTLStoreElement
I_CryptGetLruEntryIdentifier
CertOpenStore
CryptMemFree
CertGetCRLContextProperty
CryptDecryptMessage
CryptVerifyDetachedMessageHash
I_CertUpdateStore
PFXImportCertStore
RegDeleteValueU
CertGetCRLFromStore
I_CryptCreateLruCache
CertRegisterSystemStore
RegCreateKeyExU
CertNameToStrA
I_CryptFreeLruCache
CryptFindLocalizedName
CryptQueryObject
CertIsRDNAttrsInCertificateName
CryptMsgCountersignEncoded
CryptGetDefaultOIDDllList
CryptCreateAsyncHandle
CertAddEncodedCertificateToSystemStoreA
CryptStringToBinaryA
CertFindExtension
CryptSIPVerifyIndirectData
CertCreateCRLContext
CertCompareIntegerBlob
CertGetCertificateContextProperty
CryptMsgEncodeAndSignCTL
CertEnumCertificatesInStore
CertComparePublicKeyInfo
I_CryptSetTls
CryptGetDefaultOIDFunctionAddress
CryptBinaryToStringW
CryptMsgGetAndVerifySigner
CertControlStore
CryptEnumProvidersU
CryptStringToBinaryW
CertCloseStore
CertAlgIdToOID
CertFindSubjectInCTL
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertGetIntendedKeyUsage
CryptFindOIDInfo
CryptExportPublicKeyInfo
CryptVerifySignatureU
CertAddEnhancedKeyUsageIdentifier
CertOpenSystemStoreW
CertCreateCTLEntryFromCertificateContextProperties
CryptDecodeObjectEx
PFXExportCertStore
CryptSIPCreateIndirectData
CryptFormatObject
I_CryptReadTrustedPublisherDWORDValueFromRegistry
I_CryptGetAsn1Encoder
I_CryptGetTls
CryptMsgControl
CertStrToNameW
I_CryptInsertLruEntry
CertStrToNameA
CryptVerifyMessageHash
I_CryptGetFileVersion
CertFindAttribute

opengl32

glGetMapfv
glVertex3sv
glEnableClientState
glAreTexturesResident
glColor4bv
glTexCoord4dv
glSelectBuffer
glVertex2f
glTexCoord2f
glTexParameteriv
glGetTexEnvfv
glScissor
glNormal3sv
glTranslated
glTexGeni
glPushClientAttrib
glNormal3i
wglUseFontBitmapsA
glClearStencil
glLightModelfv
glRectsv
glClearIndex
glNormal3f
glTexCoord1s
glGetPointerv
glIndexs
glRasterPos3d

advapi32

CredReadW
GetSecurityInfo
ElfReportEventW
GetExplicitEntriesFromAclW
SaferiRecordEventLogEntry
BuildImpersonateTrusteeW
WmiExecuteMethodA
AccessCheckAndAuditAlarmW
LsaSetTrustedDomainInfoByName
RegQueryMultipleValuesA
SystemFunction041
GetSidSubAuthority
CryptImportKey
GetTrusteeFormW
LsaQueryDomainInformationPolicy
RegisterServiceCtrlHandlerA
QueryAllTracesW
SystemFunction016
AddAccessDeniedObjectAce
I_ScGetCurrentGroupStateW
QueryRecoveryAgentsOnEncryptedFile
LsaEnumerateAccountsWithUserRight
GetLocalManagedApplications
SetSecurityInfo
CryptEnumProviderTypesA
ImpersonateAnonymousToken
CredIsMarshaledCredentialW

user32

RegisterClassW
PostQuitMessage
DefWindowProcW

crtdll

_environ_dll
sqrt
_c_exit
_iob
ispunct
_control87
_strdate
_acmdln_dll
_lrotr
_ismbcdigit
_ftol
_mbsninc
_getdrives
__iscsymf
isprint
_chdrive
_ismbcspace
wcsncmp
time
_mbspbrk
gmtime
__argv_dll
_hypot
iswgraph
iswalpha
_ismbbpunct
_osversion_dll
wcstombs
wcscoll

Sections

.text
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 337KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adf3a2fc7078e813f41ca540817493a2

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

msvcrt

cmutil

w32topl

apphelp

msvcirt

kernel32

crypt32

opengl32

advapi32

user32

crtdll

Sections

.text Size: 334KB - Virtual size: 334KB

.rdata Size: 193KB - Virtual size: 193KB

.data Size: 337KB - Virtual size: 1.8MB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 334KB - Virtual size: 334KB

.rdata
Size: 193KB - Virtual size: 193KB

.data
Size: 337KB - Virtual size: 1.8MB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B