daa5a8dbdf38b5fe032014232311907a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

daa5a8dbdf38b5fe032014232311907a_JaffaCakes118
Size

387KB
MD5

daa5a8dbdf38b5fe032014232311907a
SHA1

d47b6f3b620f5473f22891c04f0ffa89e2fd3c57
SHA256

c7cbbcd059e7814f713dbe993f6e441d0d197032bb5b4d5bda78a856afd1ff35
SHA512

bef3d0a7412da5915a2f18dd2d3fc65f3fca90a43ef73f747deab8d28e4eed6efcd4adff57c2bf6fa101ea624c49561727724fd9aac3c994cfc6361edebab3fe
SSDEEP

6144:EVXdadV2SAcDwYbZDSqSf9zKXaieJIhLRdYuKZZTdTV0UeFbeeWUQvdVlmvOo3+M:Lwpf6sFmaGDYuKZZTduUiqeGLlFIFi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
daa5a8dbdf38b5fe032014232311907a_JaffaCakes118

Files

daa5a8dbdf38b5fe032014232311907a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

23596415511b5a7ab8f0e50295443ded

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCompressedFileSizeA
GetSystemDefaultLCID
HeapCreate
EnumSystemLocalesA
GetVolumePathNamesForVolumeNameW
CreateToolhelp32Snapshot
GetLastError
SetDefaultCommConfigW
ReadConsoleInputA
_lwrite
WritePrivateProfileStringW
SetConsoleDisplayMode
IsValidCodePage
BuildCommDCBA
HeapUnlock
RegisterWowExec
SetLocalTime
FreeEnvironmentStringsA
ExpungeConsoleCommandHistoryA
lstrlen
CreateDirectoryExA
EraseTape
GetSystemDefaultUILanguage
ExitVDM
SetTermsrvAppInstallMode
SetFileApisToANSI
GetUserGeoID
WriteConsoleInputVDMA
MultiByteToWideChar
FindClose
SetComPlusPackageInstallStatus
CreateFileA
ReadConsoleW
GetCPInfo
LoadModule
DisconnectNamedPipe
GetSystemWow64DirectoryW
IsDBCSLeadByteEx
RemoveLocalAlternateComputerNameW
GetComputerNameA
SetMessageWaitingIndicator
GetComputerNameExW
InterlockedExchange
VirtualFreeEx
VirtualAlloc
QueryPerformanceCounter
LoadLibraryA
Process32Next
SetComputerNameA
GetCurrentActCtx
GetStartupInfoA
InterlockedExchangeAdd
WaitForMultipleObjectsEx
SetCommState
FindActCtxSectionGuid
VerifyVersionInfoA
OpenJobObjectA
DuplicateHandle
_lclose
UpdateResourceA
SetThreadPriority
SetTapePosition
GetBinaryType
QueryPerformanceFrequency
CreateThread
GlobalFindAtomA
SetProcessPriorityBoost
GetTimeFormatW
SetFileAttributesA
SetFileShortNameA
RegisterWaitForInputIdle
RaiseException
GetProfileStringW
LockResource
VerifyConsoleIoHandle
ZombifyActCtx
SetConsoleMode
SetupComm
QueueUserWorkItem
FindResourceExA
MapViewOfFileEx
WTSGetActiveConsoleSessionId
GetSystemTime
GetExitCodeThread
_hwrite
ReleaseActCtx
FindFirstVolumeMountPointW
FatalAppExitA
GetConsoleAliasExesLengthA

untfs

?CompareFileName@NTFS_MFT_INFO@@SGEPAXKPAU_FILE_NAME@@PAG@Z
?QueryNumberOfExtents@NTFS_EXTENT_LIST@@QBEKXZ
?QueryEntry@NTFS_INDEX_TREE@@QAEEKPAXKPAPAU_INDEX_ENTRY@@PAPAVNTFS_INDEX_BUFFER@@PAE@Z
?Initialize@NTFS_BOOT_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Initialize@NTFS_BAD_CLUSTER_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?IsDosName@NTFS_SA@@SGEPBU_FILE_NAME@@@Z
??1NTFS_LOG_FILE@@UAE@XZ
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MFT_FILE@@@Z
?Initialize@NTFS_LOG_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
??0NTFS_MFT_FILE@@QAE@XZ
??1NTFS_ATTRIBUTE_RECORD@@UAE@XZ
??0NTFS_BAD_CLUSTER_FILE@@QAE@XZ
??0NTFS_EXTENT_LIST@@QAE@XZ
??0NTFS_BITMAP@@QAE@XZ
?Create@NTFS_FILE_RECORD_SEGMENT@@QAEEPBU_STANDARD_INFORMATION@@G@Z
?QuerySegmentReference@NTFS_MFT_INFO@@SG?AU_MFT_SEGMENT_REFERENCE@@PAX@Z
??0NTFS_FILE_RECORD_SEGMENT@@QAE@XZ
??1NTFS_UPCASE_FILE@@UAE@XZ
FormatEx
?Write@NTFS_BITMAP@@QAEEPAVNTFS_ATTRIBUTE@@PAV1@@Z
?ComputeDupInfoSignature@NTFS_MFT_INFO@@CGXPAU_DUPLICATED_INFORMATION@@QAE@Z
?IsAttributePresent@NTFS_FILE_RECORD_SEGMENT@@QAEEKPBVWSTRING@@E@Z
?QueryAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAEKPBVWSTRING@@@Z
??0NTFS_BITMAP_FILE@@QAE@XZ
??1NTFS_MFT_INFO@@UAE@XZ
?SetVolumeFlag@NTFS_SA@@QAEEGPAE@Z
?IsFree@NTFS_BITMAP@@QBEEVBIG_INT@@0@Z
?QueryExtent@NTFS_EXTENT_LIST@@QBEEKPAVBIG_INT@@00@Z
?Extend@NTFS_MASTER_FILE_TABLE@@QAEEK@Z
?ReadAgain@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
ChkdskEx
?GetNext@NTFS_INDEX_TREE@@QAEPBU_INDEX_ENTRY@@PAKPAEE@Z
??0NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAE@XZ
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEXZ
??1NTFS_ATTRIBUTE_LIST@@UAE@XZ

msvcrt40

_fgetwchar
??0istream@@QAE@PAVstreambuf@@@Z
tolower
??1streambuf@@UAE@XZ
_utime
??_Eifstream@@UAEPAXI@Z
_heapchk
_local_unwind2
?attach@ifstream@@QAEXH@Z
??_8ostrstream@@7B@
_mbsnbcat
??5istream@@QAEAAV0@AAG@Z
wcsftime
qsort
?ws@@YAAAVistream@@AAV1@@Z
?get@istream@@QAEAAV1@AAE@Z
_inpd
?setp@streambuf@@IAEXPAD0@Z
?flags@ios@@QBEJXZ
_ismbcalnum
_itoa
?text@filebuf@@2HB
??1strstream@@UAE@XZ
??4Iostream_init@@QAEAAV0@ABV0@@Z
??_Efilebuf@@UAEPAXI@Z
_mbscpy

msvcrt

_daylight
??0bad_cast@@AAE@PBQBD@Z
fgetc
_mbsncmp
__STRINGTOLD
?before@type_info@@QBEHABV1@@Z
_filbuf
_i64tow
__winitenv
?terminate@@YAXXZ
__p__wcmdln
_mbcjmstojis
??0bad_typeid@@QAE@PBD@Z
putchar
_mbsset
__p__pwctype
_setjmp3
ceil
__p___wargv
_open
_rmdir
sinh
_adj_fdiv_r
memcmp
wcsncmp
_wstrdate
tan
strcpy
_wexecle
_fpieee_flt
_stat64
_ismbcgraph
_itow

ntdll

NtQuerySystemEnvironmentValue
wcsncpy
ZwReplaceKey
RtlLargeIntegerArithmeticShift
RtlImpersonateSelf
RtlRealSuccessor
NtSetInformationThread
_aullrem
__iscsymf
ZwFreeVirtualMemory
RtlSetThreadPoolStartFunc
ZwSetDebugFilterState
RtlSetAttributesSecurityDescriptor
RtlTraceDatabaseEnumerate
RtlTraceDatabaseDestroy
RtlDosPathNameToNtPathName_U
RtlAssert
memcmp
RtlDowncaseUnicodeChar
RtlCreateAcl
DbgUiConnectToDbg
RtlUpperChar
NtQueryMultipleValueKey
RtlDestroyHandleTable
RtlSetProcessIsCritical
RtlImageRvaToSection
NtAdjustPrivilegesToken
NtGetDevicePowerState
NtLoadDriver
wcsstr
NtAllocateVirtualMemory
NtOpenJobObject

sqlunirl

_DrawText@20
_lstrcmp_@8
_LoadLibraryEx_@12
_ReportEvent_@36
_GetEnhMetaFile_@4
_CallMsgFilter_@8
_QueryServiceConfig_@16
_GetLogColorSpace_@12
_OpenEventLog_@8
_GetSaveFileName@4
_RegQueryValueEx_@24
_LoadBitmap@8
_GlobalAddAtom_@4
_FindWindow_@8
_FindExecutable_@12
_GetUserObjectInformation_@20
_DispatchMessage_@4
_GetClassInfo@12
_EnumWindowStations_@8
_CreateIC_@16
_GetCharWidth32_@16
_InitiateSystemShutdown_@20
__lwrite_@12
_SetEnvironmentVariable_@8
_DefDlgProc_@16
_GetCommandLine_@0
_OpenWaitableTimer_@12
_RegisterClipboardFormat_@4
_DefFrameProc_@20
_IsBadStringPtr_@8
_NDdeTrustedShareEnum_@24
_CreateService_@52
_FindWindowEx_@16
_LoadCursorFromFile_@4

user32

EndDialog

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23596415511b5a7ab8f0e50295443ded

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

untfs

msvcrt40

msvcrt

ntdll

sqlunirl

user32

Sections

.text Size: 105KB - Virtual size: 105KB

.rdata Size: 240KB - Virtual size: 240KB

.data Size: 23KB - Virtual size: 437KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 105KB - Virtual size: 105KB

.rdata
Size: 240KB - Virtual size: 240KB

.data
Size: 23KB - Virtual size: 437KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 1024B - Virtual size: 1024B