d6c8343e1cc5620feab8c67c4de12f48_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d6c8343e1cc5620feab8c67c4de12f48_JaffaCakes118
Size

126KB
MD5

d6c8343e1cc5620feab8c67c4de12f48
SHA1

f56867bd435e7e2060ca85919dd073a135589408
SHA256

b8240f9ceedde72c4e9e9634f936abe57ea75bd92b5eaee816727453c05a6fc4
SHA512

59e0c91ca8bce61310a4908476677fc5d5f89dead7848e1d83eb15e137bce81b97d70d3c24bf44264ee597cbcb1546c1cc976a6274a0d9fa00d1986f8db962a6
SSDEEP

3072:2yIjeU5c0fnyFSb8fPzVA7d0Iv09MPY9eorv0CAjjIBMsyTm5cI:TIiU+0fn8kv80Y9eoVAHIBPyi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6c8343e1cc5620feab8c67c4de12f48_JaffaCakes118

Files

d6c8343e1cc5620feab8c67c4de12f48_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7e49feec3a68f021a5899c5bff4862e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
SetConsoleCtrlHandler
VirtualAlloc
ReadConsoleOutputCharacterW
GetTempPathW
FindNextVolumeA
LockResource
RemoveLocalAlternateComputerNameA
GetSystemTimeAsFileTime
lstrlenW
Thread32First
GetDateFormatW
FormatMessageA
LocalLock
GetCurrentProcessId
FatalExit
SetConsoleCursorMode
GetDateFormatA
GetConsoleProcessList
VirtualQuery
FileTimeToSystemTime
EnumerateLocalComputerNamesW
CompareFileTime
VerifyVersionInfoW
LoadLibraryA
WriteProfileSectionA
EnumLanguageGroupLocalesA
VDMOperationStarted
InitializeCriticalSectionAndSpinCount
UnregisterConsoleIME
SetFileApisToOEM
RequestDeviceWakeup
UTRegister
SetConsoleMenuClose
GetDiskFreeSpaceExW
ReleaseSemaphore

crtdll

iswspace
_setjmp
_dup2
towupper
_mkdir
fmod
_errno
_execlp
fgetwc
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_wcsdup
_tzset
_CItanh
strcpy
localeconv
atan2
__threadid
_mbctombb
_wcsnicmp
_gcvt
_mbsnset
_amsg_exit
_mbsncat
_lseek
_fputchar
_exit
isspace
difftime
_CIasin
toupper
_finite
_nextafter
_putch
_strninc
strxfrm
_cprintf
_fpclass
fputc
vswprintf
_ismbclower
_mbstrlen
qsort
atof
_setsystime

davclnt

NPGetCaps
NPGetResourceInformation
NPGetUser
DllGetClassObject
DavFreeUsedDiskSpace
NPCloseEnum
DavGetDiskSpaceUsage
NPEnumResource
NPCancelConnection
NPFormatNetworkName
NPAddConnection3
NPAddConnection
DllMain
NPGetConnection
NPGetUniversalName
NPGetResourceParent
NPOpenEnum
DllCanUnloadNow

ntdll

RtlSetUserValueHeap
NtQueryInformationAtom
RtlTraceDatabaseFind
ZwQueryBootOptions
LdrSetDllManifestProber
RtlTraceDatabaseValidate
NlsMbCodePageTag
_snwprintf
NtPowerInformation
ZwExtendSection
wcstoul
ZwSetDefaultHardErrorPort
RtlSetSaclSecurityDescriptor
ZwSetInformationObject
NtAddBootEntry
RtlInitializeCriticalSection
NtSetInformationDebugObject
NtMapViewOfSection
RtlAddCompoundAce
RtlConvertLongToLargeInteger
ZwUnlockVirtualMemory
LdrGetProcedureAddress
NtSecureConnectPort
RtlUpperString
RtlGetOwnerSecurityDescriptor
RtlDecompressFragment
RtlCopyLuidAndAttributesArray
RtlEnlargedIntegerMultiply
RtlAppendUnicodeStringToString
NtSetThreadExecutionState
RtlLockHeap
RtlDestroyEnvironment
RtlPrefixString
NtDeleteBootEntry
NtQueryDirectoryObject
NtOpenMutant
RtlGetNtVersionNumbers
NtWriteVirtualMemory
RtlClearBits
NtSetBootEntryOrder
isalnum
RtlAddAuditAccessObjectAce
NtCreateTimer
ZwQueryDirectoryObject
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
ZwAllocateUserPhysicalPages
RtlQueryInformationActiveActivationContext
RtlZeroHeap
NtNotifyChangeMultipleKeys
RtlSetTimeZoneInformation
RtlCreateRegistryKey
NtCreateDebugObject
RtlDumpResource
LdrAddRefDll
LdrVerifyImageMatchesChecksum
ZwAllocateLocallyUniqueId
RtlLengthRequiredSid
CsrIdentifyAlertableThread
RtlAddAtomToAtomTable
_i64toa
RtlTimeFieldsToTime
RtlIpv6AddressToStringA
ZwDeleteBootEntry
sscanf
ZwCompactKeys

msvcrt40

??_8istrstream@@7B@
??_7stdiobuf@@6B@
??4ostream_withassign@@QAEAAV0@ABV0@@Z
_exit
strtok
_j0
?set_unexpected@@YAP6AXXZP6AXXZ@Z
??1bad_cast@@UAE@XZ
_CIatan
_wfindfirst
sscanf
??6ostream@@QAEAAV0@PBD@Z
?x_maxbit@ios@@0JA
??_Dfstream@@QAEXXZ
_wfreopen
?getdouble@istream@@AAEHPADH@Z
_tzset
_aexit_rtn
_amsg_exit
_write
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
_wmakepath
_wctime
_ismbblead
_stati64
?overflow@stdiobuf@@UAEHH@Z
ldiv
_execve
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
__p__winminor

wintrust

WTHelperGetAgencyInfo
CryptCATCDFEnumAttributes
WTHelperCheckCertUsage
WinVerifyTrust
GenericChainCertificateTrust
CryptCATGetCatAttrInfo
CryptCATAdminEnumCatalogFromHash
TrustFindIssuerCertificate
WintrustRemoveActionID
WVTAsn1SpcFinancialCriteriaInfoDecode
CryptCATVerifyMember
CryptCATCDFEnumCatAttributes
HTTPSCertificateTrust
WTHelperGetProvSignerFromChain
FindCertsByIssuer
CryptSIPGetRegWorkingFlags
SoftpubDefCertInit
CryptCATAdminReleaseCatalogContext
SoftpubCheckCert
CryptSIPPutSignedDataMsg
CryptCATEnumerateMember
WVTAsn1SpcIndirectDataContentEncode
CryptCATAdminAcquireContext
WTHelperOpenKnownStores
WVTAsn1SpcIndirectDataContentDecode
CryptCATOpen
CryptSIPVerifyIndirectData
CryptCATCDFClose
SoftpubDllRegisterServer
WTHelperProvDataFromStateData
HTTPSFinalProv
CryptSIPCreateIndirectData
WTHelperGetFileHash
SoftpubFreeDefUsageCallData

msvcp60

??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?to_int_type@?$char_traits@G@std@@SAGABG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
??Ostd@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??_0?$_Complex_base@N@std@@QAEAAV01@ABN@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBEHXZ
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
??0facet@locale@std@@IAE@I@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?pow@std@@YA?AV?$complex@O@1@ABV21@ABO@Z
?infinity@?$numeric_limits@H@std@@SAHXZ
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?sync@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?overflow@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@MAEHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@XZ
?epsilon@?$numeric_limits@D@std@@SADXZ
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
?real@std@@YANABV?$complex@N@1@@Z
?widen@?$ctype@D@std@@QBEPBDPBD0PAD@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??1underflow_error@std@@UAE@XZ
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??_8?$basic_ofstream@GU?$char_traits@G@std@@@std@@7B@
?conj@std@@YA?AV?$complex@O@1@ABV21@@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?overflow@?$basic_filebuf@GU?$char_traits@G@std@@@std@@MAEGG@Z
?sqrt@?$_Ctr@O@std@@SAOO@Z
?readsome@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHPADH@Z
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
?putback@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?eq@?$char_traits@G@std@@SA_NABG0@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?epsilon@?$numeric_limits@N@std@@SANXZ
?_Isnan@?$_Ctr@O@std@@SA_NO@Z
?toupper@?$ctype@D@std@@QBEDD@Z
?imag@?$_Complex_base@O@std@@QAEOABO@Z
?max@?$numeric_limits@D@std@@SADXZ
?infinity@?$numeric_limits@C@std@@SACXZ
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_N@Z
??_7domain_error@std@@6B@
?quiet_NaN@?$numeric_limits@G@std@@SAGXZ
?do_widen@?$ctype@G@std@@MBEGD@Z
??4?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
?_Init@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
?tolower@?$ctype@G@std@@QBEPBGPAGPBG@Z
?_Nomemory@std@@YAXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
_Nan
?not_eof@?$char_traits@D@std@@SAHABH@Z
??4bad_alloc@std@@QAEAAV01@ABV01@@Z
?infinity@?$numeric_limits@I@std@@SAIXZ
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??_F?$moneypunct@G$00@std@@QAEXXZ
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
?do_close@?$messages@G@std@@MBEXH@Z
??1?$basic_ifstream@GU?$char_traits@G@std@@@std@@UAE@XZ
?sqrt@std@@YA?AV?$complex@N@1@ABV21@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDF@Z
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
?quiet_NaN@?$numeric_limits@N@std@@SANXZ
?pubsetbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEPAV12@PAGH@Z
?isfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
??Gstd@@YA?AV?$complex@M@0@ABV10@@Z
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Getname@_Locinfo@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@@Z
??_7?$moneypunct@D$00@std@@6B@
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?sinh@std@@YA?AV?$complex@M@1@ABV21@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXF@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e49feec3a68f021a5899c5bff4862e9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crtdll

davclnt

ntdll

msvcrt40

wintrust

msvcp60

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 62KB - Virtual size: 152KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 420B

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 62KB - Virtual size: 152KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 420B