dc1e725f0de4aebb50f428a2c04b771b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dc1e725f0de4aebb50f428a2c04b771b_JaffaCakes118
Size

338KB
MD5

dc1e725f0de4aebb50f428a2c04b771b
SHA1

c9bb24806f3ec8c404806220ba1f5665e5074c04
SHA256

73da777c3f7e2db0ed2ec90049be3e6639abd06a8c2922928e05e5666239e649
SHA512

b6d270b76ef715af9fc733ecb965a01869fde193809404a74a7557ef16f965cdd904780023b3880fdd84a6356a116b144861372b89b7b030a845dfb7bf4247ea
SSDEEP

6144:ZR5Tr1CejQNzQEdFxTS43fqNIcfN78IUZ73LQdN+uNfXcMXIht/rjSYKYRptW:T5lCZBQER+4iN9NQIuEguNlQtyYKYVW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc1e725f0de4aebb50f428a2c04b771b_JaffaCakes118

Files

dc1e725f0de4aebb50f428a2c04b771b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b5900de6f60a4d6f2a7eda98d1eb174d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

olecli32

GenEqual
LeUpdate
ErrObjectLong
DibCopy
MfSaveToStream
LeCopy
DefCreateFromFile
BmChangeData
PbDraw
MfCallbackFunc
OleCreateFromFile
OleLoadFromStream
ErrGetUpdateOptions
OleObjectConvert
MfDraw
LeSetBounds
LeObjectConvert
DefCreate
LeSetTargetDevice
ErrQueryProtocol
SetNetName
DibRelease
OleCopyFromLink
ErrExecute
ErrReconnect
OleQueryName
OleSetBounds
PbLoadFromStream
GenClone

ntdll

NtCreateEvent
_ultoa
RtlDosPathNameToNtPathName_U
RtlAddAccessAllowedAceEx
RtlRaiseException
RtlPrefixString
_alldvrm
RtlSetSaclSecurityDescriptor
LdrDisableThreadCalloutsForDll
RtlCreateAndSetSD
RtlLargeIntegerNegate
RtlAreBitsClear
RtlTraceDatabaseDestroy
NtSetIoCompletion
NtQueryIoCompletion
RtlSetMemoryStreamSize
NtSetBootOptions
_CIsin
RtlSetDaclSecurityDescriptor
NtFlushKey
DbgUiConvertStateChangeStructure
RtlCreateUnicodeString
NtUnloadDriver
RtlInterlockedFlushSList

wtsapi32

WTSSetUserConfigA
WTSSetUserConfigW
WTSVirtualChannelClose
WTSShutdownSystem
WTSVirtualChannelPurgeOutput
WTSVirtualChannelRead
WTSSetSessionInformationW
WTSEnumerateSessionsW
WTSSendMessageW
WTSCloseServer
WTSOpenServerA
WTSDisconnectSession
WTSEnumerateServersW
WTSVirtualChannelQuery
WTSQuerySessionInformationW
WTSQuerySessionInformationA
WTSSetSessionInformationA
WTSEnumerateProcessesA
WTSLogoffSession
WTSQueryUserConfigW
WTSEnumerateServersA
WTSRegisterSessionNotification

w32topl

ToplEdgeSetVtx
ToplIterAdvance
ToplHeapInsert
ToplMakeGraphState
ToplGraphCreate
ToplScheduleIsEqual
ToplListAddElem
ToplGraphFindEdgesForMST
ToplPScheduleValid
ToplEdgeSetWeight
ToplScheduleDuration
ToplDeleteComponents
ToplEdgeAssociate
ToplListFree
ToplVertexNumberOfOutEdges
ToplScheduleCacheCreate
ToplHeapIsEmpty
ToplSetAllocator
ToplAddEdgeToGraph
ToplVertexSetParent
ToplVertexNumberOfInEdges
ToplGraphNumberOfVertices

msvcrt40

?precision@ios@@QBEHXZ
_set_error_mode
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
__p___argc
_mbsicmp
??4logic_error@@QAEAAV0@ABV0@@Z
sin
_mbspbrk
_wasctime
_ismbbpunct
log10
calloc
floor
_safe_fdiv
_dup2
_beginthreadex
tmpnam
??_Eiostream@@UAEPAXI@Z
??5istream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
??_Giostream@@UAEPAXI@Z
_tempnam
_findfirst
isupper
??6ostream@@QAEAAV0@C@Z
sscanf
_jn
ungetwc
mbtowc
realloc
_mbscat

dbnetlib

ConnectionOpenW
ConnectionFlushCache
ConnectionServerEnumW
InitEnumServers
ConnectionOpen
ConnectionTransact
TermSession
ConnectionWrite
ConnectionOption
ConnectionVer
ConnectionRead
ConnectionObjectSize
ConnectionError
ConnectionCheckForData
CloseEnumServers
InitSSPIPackage
GetNextEnumeration
ConnectionServerEnum
ConnectionGetSvrUser
TermSSPIPackage
ConnectionSqlVer
InitSession
ConnectionWriteOOB
ConnectionMode
GenClientContext
ConnectionStatus

kernel32

QueryPerformanceCounter
lstrcmpiA
SetComPlusPackageInstallStatus
GetCurrentProcessId
LoadLibraryA
GetTickCount
SetConsoleCtrlHandler
GetConsoleAliasExesA
GetDevicePowerState
WritePrivateProfileStringW
GetConsoleAliasesW
GetCurrentConsoleFont
GetCommProperties
FormatMessageW
WriteProfileStringW
GetModuleHandleW
GetNamedPipeHandleStateW
GetDateFormatA
VirtualAlloc
GetCurrentThreadId
SetFileValidData
_lwrite
WriteConsoleOutputCharacterW
MultiByteToWideChar
DeleteFiber
ActivateActCtx
DeleteFileA
GetProfileStringA
SetVolumeMountPointW
lstrcpynA
GetStartupInfoW
GetProcessPriorityBoost

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 243KB - Virtual size: 633KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5900de6f60a4d6f2a7eda98d1eb174d

Headers

File Characteristics

Imports

olecli32

ntdll

wtsapi32

w32topl

msvcrt40

dbnetlib

kernel32

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 243KB - Virtual size: 633KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 512B - Virtual size: 324B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 243KB - Virtual size: 633KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 512B - Virtual size: 324B