dc1396e73d1bb75b43b30a0feaeb8fba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dc1396e73d1bb75b43b30a0feaeb8fba_JaffaCakes118
Size

825KB
MD5

dc1396e73d1bb75b43b30a0feaeb8fba
SHA1

4c55d84e4911f847b2b9dc9ed6b669f3062d9672
SHA256

771a7ddb9de7914451c2471a8768b9cc6217745aa8bddf137518663682aec92e
SHA512

7f55ff4227da63f0187067f2eae5c30fca4d3d2626caa173098340abf2a55be256ef5d98072cf54d5d685153453875f11040f6af27fa8c165d393942856933ff
SSDEEP

12288:U/ASUvKVOne/hrLYJXFwiEVZROAOuPwB3+Kja873Ds9846XULGX1MZNT/u8eW:pSdMe/Vo5EvROUy3++I65IXd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc1396e73d1bb75b43b30a0feaeb8fba_JaffaCakes118

Files

dc1396e73d1bb75b43b30a0feaeb8fba_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6ddb8cee0ad335bc27d5a4897b71f53e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwTerminateProcess
RtlInitAnsiString
RtlInterlockedFlushSList
ZwRemoveProcessDebug
RtlEnterCriticalSection
RtlpNtSetValueKey
ZwCreateEventPair
ZwRaiseException
RtlpNtOpenKey
NlsMbCodePageTag
NtReplyWaitReplyPort
wcslen
RtlGetVersion
ZwModifyBootEntry
RtlpNtMakeTemporaryKey
ZwEnumerateKey
NtFlushWriteBuffer
_aullrem
RtlDosPathNameToNtPathName_U
NtCompactKeys
NtSetInformationJobObject
ZwAllocateLocallyUniqueId
wcscmp
ZwOpenMutant
RtlAddAccessAllowedAceEx
RtlSetSecurityDescriptorRMControl
NtCompareTokens
ZwOpenSemaphore
RtlConvertUiListToApiList
RtlDoesFileExists_U

adsldpc

ADSISetSearchPreference
ConvertSidToU2Trustee
MapLDAPTypeToADSType
ADsEncodeBinaryData
PathName
LdapNextEntry
SchemaGetPropertyInfoByIndex
Component
ADsGetLastError
LdapcSetStickyServer
FreeADsMem
ADsSetSearchPreference
?SetExclaimnationDisabler@CLexer@@QAEXH@Z
LdapMakeSchemaCacheObsolete
ADsWriteClassDefinition
ADsGetColumn
FindSearchTableIndex
LdapSearchInitPage
LdapDeleteExtS
ReallocADsMem
ADsEnumAttributes
AdsTypeToLdapTypeCopyConstruct
ADSIAbandonSearch
SchemaOpen
ADsGetNextRow
ADsDeleteDSObject
LdapTypeCopyConstruct
LdapModifyS
IsGCNamespace
ADSIExecuteSearch
LdapResult
LdapSearchAbandonPage
SchemaGetObjectCount
LdapGetValues
ADsSetObjectAttributes
LdapGetNextPageS
SortAndRemoveDuplicateOIDs
LdapReadAttribute2
AdsTypeToLdapTypeCopyDNWithString
ReadServerSupportsIsADControl
SchemaAddRef
LdapCountEntries
LdapRenameExtS
SchemaGetPropertyInfo
LdapTypeToAdsTypeUTCTime
LdapReadAttributeFast
BuildLDAPPathFromADsPath
AllocADsStr
BuildADsPathFromLDAPPath2
ReadSecurityDescriptorControlType
ADsCreateDSObjectExt
LdapIsClassNameValidOnServer
LdapCompareExt
GetDomainDNSNameForDomain
ADsWriteAttributeDefinition
LdapGetSubSchemaSubEntryPath
ADSIGetFirstRow
BuildADsParentPathFromObjectInfo
LdapTypeFreeLdapObjects
ADSIModifyRdn
ADSIGetObjectAttributes
ADsCreateDSObject
LdapInitializeSearchPreferences
FreeADsStr
ADSIDeleteDSObject
LdapParsePageControl
LdapSearchExtS

hhsetup

?GetLangId@CCollection@@QAEGPBD@Z
?Close@CCollection@@QAEKXZ
?DeleteFolder@CCollection@@QAEKPAVCFolder@@@Z
?WriteFolders@CCollection@@AAEHPAPAVCFolder@@@Z
?SetId@CTitle@@QAEXPBD@Z
?AddFolder@CCollection@@QAEPAVCFolder@@PBDKPAKG@Z
?SetMasterCHM@CCollection@@QAEXPBGG@Z
?GetVolume@CLocation@@QAEPADXZ
?AllocCopyValue@CCollection@@AAEKPAVCParseXML@@PADPAPAD@Z
?GetNextFolder@CFolder@@QAEPAV1@XZ
?NewTitle@CCollection@@AAEPAVCTitle@@XZ
?SetFindMergedCHMS@CCollection@@QAEXH@Z
?GetRefTitleCount@CCollection@@QAEKXZ
?GetFirstTitle@CCollection@@QAEPAVCTitle@@XZ
??4CTitle@@QAEAAV0@ABV0@@Z
?bIsVisable@CFolder@@QAEHXZ
?DeleteLocation@CCollection@@AAEKPAVCLocation@@@Z
?GetTitleW@CFolder@@QAEPBGXZ
??4CCollection@@QAEAAV0@ABV0@@Z
?MergeKeywords@CCollection@@QAEHPAG@Z
?GetPath@CLocation@@QAEPADXZ
?SetPath@CLocation@@QAEXPBG@Z
??0CPointerList@@QAE@XZ
?AddFolder@CCollection@@QAEPAVCFolder@@PBGKPAKG@Z
?SetId@CTitle@@QAEXPBG@Z
?CheckTitleRef@CCollection@@AAEKPBDG@Z
?DecrementRefTitleCount@CCollection@@QAEXXZ
??1CCollection@@QAE@XZ
?AddTail@CFIFOString@@QAEKPAD@Z
?FindTitle@CCollection@@QAEPAVCTitle@@PBGG@Z
?GetId@CLocation@@QBEPADXZ
?Save@CCollection@@QAEKXZ
?DeleteLocalFiles@CCollection@@AAEXPAULocationHistory@@PAVCTitle@@@Z
?HandleCollectionEntry@CCollection@@AAEKPAVCParseXML@@PAD@Z
?GetOrder@CFolder@@QAEKXZ
?HandleFolder@CCollection@@AAEKPAVCParseXML@@PAD@Z

msvcrt40

??_E__non_rtti_object@@UAEPAXI@Z
?is_open@filebuf@@QBEHXZ
__p__winminor
?get@istream@@QAEAAV1@PACHD@Z
??1ios@@UAE@XZ
?_query_new_handler@@YAP6AHI@ZXZ
?flush@ostream@@QAEAAV1@XZ
_wsearchenv
wcsspn
_stricoll
_read
_wexecle
??8type_info@@QBEHABV0@@Z
_adj_fprem1
iswalnum
_wcsdup
?lockptr@ios@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
_iob
_execvp
??9type_info@@QBEHABV0@@Z
_wfsopen
??_Eistream@@UAEPAXI@Z
?get@istream@@QAEAAV1@PAEHD@Z
_heapwalk
_close
?setbuf@strstreambuf@@UAEPAVstreambuf@@PADH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
??_8ofstream@@7B@
?open@ifstream@@QAEXPBDHH@Z
__p__dstbias
_endthread
??1logic_error@@UAE@XZ
_CIatan2
??_8fstream@@7Bostream@@@
_onexit
gmtime
_ismbbalpha
_errno
strftime
_CItan
??_7iostream@@6B@

advapi32

SetEntriesInAclW
MD5Init
AccessCheckByTypeResultListAndAuditAlarmW
TreeResetNamedSecurityInfoW
SystemFunction033
ConvertSecurityDescriptorToAccessW
LsaOpenTrustedDomain
CryptGetHashParam
DuplicateTokenEx
IsTokenRestricted
CryptEnumProviderTypesW
ElfOldestRecord
CryptEncrypt
GetAce
GetSecurityInfo
GetOldestEventLogRecord
EnumDependentServicesA
GetSecurityDescriptorControl
SystemFunction002
GetTrusteeNameA
LookupPrivilegeDisplayNameW
RegLoadKeyW
I_ScGetCurrentGroupStateW
SetServiceObjectSecurity
AbortSystemShutdownW
AddAccessDeniedAceEx
CancelOverlappedAccess
ElfReadEventLogA
GetCurrentHwProfileW
CryptHashData
GetWindowsAccountDomainSid
AccessCheckAndAuditAlarmW

msvcp60

??Z?$_Complex_base@N@std@@QAEAAV01@ABN@Z
??Y?$_Complex_base@M@std@@QAEAAV01@ABM@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAE@Z
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDF@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?norm@std@@YAOABV?$complex@O@1@@Z
?is_open@?$basic_fstream@GU?$char_traits@G@std@@@std@@QBE_NXZ
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
?sin@?$_Ctr@O@std@@SAOO@Z
??0?$_Complex_base@O@std@@QAE@ABO0@Z
?_Getcat@?$numpunct@D@std@@SAIXZ
??Rlocale@std@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@0@Z
?compare@?$collate@G@std@@QBEHPBG000@Z
??0ios_base@std@@IAE@XZ
?_Getno@_Locinfo@std@@QBEPBDXZ
?id@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?do_out@?$codecvt@GDH@std@@MBEHAAHPBG1AAPBGPAD3AAPAD@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??_7?$_Mpunct@G@std@@6B@
_Eps
??1bad_exception@std@@UAE@XZ
?_Global@_Locimp@locale@std@@0PAV123@A
?do_length@?$codecvt@DDH@std@@MBEHAAHPBD1I@Z
?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?round_error@?$numeric_limits@M@std@@SAMXZ
??Pstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??1_Winit@std@@QAE@XZ
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?pow@std@@YA?AV?$complex@M@1@ABV21@H@Z
?quiet_NaN@?$numeric_limits@G@std@@SAGXZ
?id@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAG@Z
??0?$complex@N@std@@QAE@ABN0@Z
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$moneypunct@D$00@std@@QAE@ABV_Locinfo@1@I@Z
?find_last_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??1?$basic_fstream@DU?$char_traits@D@std@@@std@@UAE@XZ
__Wcrtomb_lk
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?to_int_type@?$char_traits@G@std@@SAGABG@Z
?_Getcat@?$codecvt@GDH@std@@SAIXZ
?pubseekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@V32@H@Z
?precision@ios_base@std@@QBEHXZ
?infinity@?$numeric_limits@E@std@@SAEXZ
??4overflow_error@std@@QAEAAV01@ABV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_fstream@GU?$char_traits@G@std@@@std@@UAE@XZ
??Gstd@@YA?AV?$complex@M@0@ABV10@@Z
?flush@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@1@AAV21@@Z
??1codecvt_base@std@@UAE@XZ
??_7domain_error@std@@6B@
??4underflow_error@std@@QAEAAV01@ABV01@@Z

kernel32

SetTimerQueueTimer
GlobalWire
WritePrivateProfileStringW
FlushViewOfFile
CreateMutexW
WriteFile
VirtualAlloc
RemoveLocalAlternateComputerNameW
ReadConsoleA
RemoveDirectoryA
Process32First
FlushFileBuffers
GetShortPathNameA
FormatMessageW
GetDriveTypeA
SetConsoleTitleA
BeginUpdateResourceA
SetDefaultCommConfigA
SetCalendarInfoW
BuildCommDCBA
ResetEvent
ReadConsoleOutputAttribute
PurgeComm
GetConsoleCP
GetCurrentProcessId
GetThreadSelectorEntry
LCMapStringW
FormatMessageA
SetInformationJobObject
SetTapePosition
SetHandleContext
DebugBreakProcess
GetModuleHandleExW
GetConsoleOutputCP
ReplaceFileW
OpenProfileUserMapping
ReleaseActCtx
LoadLibraryA
UnhandledExceptionFilter
RemoveLocalAlternateComputerNameA
SetProcessAffinityMask
GetSystemTimeAsFileTime
SetThreadPriority
MoveFileExW

shfolder

SHGetFolderPathW
SHGetFolderPathA

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 565KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ddb8cee0ad335bc27d5a4897b71f53e

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

adsldpc

hhsetup

msvcrt40

advapi32

msvcp60

kernel32

shfolder

Sections

.text Size: 83KB - Virtual size: 83KB

.rdata Size: 169KB - Virtual size: 168KB

.data Size: 565KB - Virtual size: 1.9MB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 260B

.text
Size: 83KB - Virtual size: 83KB

.rdata
Size: 169KB - Virtual size: 168KB

.data
Size: 565KB - Virtual size: 1.9MB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 260B