dcdf2f270288c0f86f07f7c6fa9802ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dcdf2f270288c0f86f07f7c6fa9802ca_JaffaCakes118
Size

998KB
MD5

dcdf2f270288c0f86f07f7c6fa9802ca
SHA1

9841ad337b4272717f2fa4794756cdc1bc8ea931
SHA256

8207c8f29d6d147bfd930b87ff8ab65b35b408b8b53ebc9a13563ce82106d9a0
SHA512

5533f90a0529b8dc025de43d60c1fe1c715902e7eb2a300ac5769069342b922a66a059386304e8aba0a17bae38ba029eac11c1708c9b79c88a911ae01dd8f92d
SSDEEP

12288:8ljaKrLLwWgyDbL0GET/UcwXfikv22QRVyMrS/ZUdq1n6Gk6:8xZqIv22Qj3m/mRk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcdf2f270288c0f86f07f7c6fa9802ca_JaffaCakes118

Files

dcdf2f270288c0f86f07f7c6fa9802ca_JaffaCakes118
.exe windows:4 windows x86 arch:x86

63940c102842596e8b8ed29e207a8f8d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

winhttp

WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpSetOption
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpSetStatusCallback
WinHttpCrackUrl
WinHttpQueryHeaders

crypt32

CertOpenSystemStoreA
CertFindCertificateInStore
CertGetNameStringA
CertFreeCertificateContext
CertCloseStore
CertOpenStore

wsock32

WSACleanup
ioctlsocket
WSASetLastError
inet_addr
htonl
getservbyname
htons
WSAGetLastError
gethostbyname
gethostbyaddr
getservbyport
ntohs
send
select
recv
getsockopt
connect
inet_ntoa
setsockopt
socket
listen
bind
__WSAFDIsSet
accept
ntohl
closesocket
shutdown
WSAStartup

iphlpapi

GetIpAddrTable

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

xerces-c_2_7

?fgMemoryManager@XMLPlatformUtils@xercesc_2_7@@2PAVMemoryManager@2@A
?startIntSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
??0MemBufFormatTarget@xercesc_2_7@@QAE@HQAVMemoryManager@1@@Z
?getRawBuffer@MemBufFormatTarget@xercesc_2_7@@QBEPBEXZ
??3XMemory@xercesc_2_7@@SAXPAX@Z
?release@XMLString@xercesc_2_7@@SAXPAPAD@Z
?transcode@XMLString@xercesc_2_7@@SAPADQB_W@Z
??1MemBufInputSource@xercesc_2_7@@UAE@XZ
?transcode@XMLString@xercesc_2_7@@SAPA_WQBD@Z
?getMessage@XMLException@xercesc_2_7@@QBEPB_WXZ
?getMessage@DOMException@xercesc_2_7@@QBEPB_WXZ
?Terminate@XMLPlatformUtils@xercesc_2_7@@SAXXZ
?fgXercescDefaultLocale@XMLUni@xercesc_2_7@@2QBDB
?Initialize@XMLPlatformUtils@xercesc_2_7@@SAXQBD0QAVPanicHandler@2@QAVMemoryManager@2@_N@Z
?startExtSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?getDOMImplementation@DOMImplementationRegistry@xercesc_2_7@@SAPAVDOMImplementation@2@PB_W@Z
?handleElementPSVI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0PAVPSVIElement@2@@Z
?handlePartialElementPSVI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0PAVPSVIElement@2@@Z
?writeChars@MemBufFormatTarget@xercesc_2_7@@UAEXQBEIQAVXMLFormatter@2@@Z
?flush@XMLFormatTarget@xercesc_2_7@@UAEXXZ
?getDocument@AbstractDOMParser@xercesc_2_7@@QAEPAVDOMDocument@2@XZ
?parse@AbstractDOMParser@xercesc_2_7@@QAEXABVInputSource@2@@Z
?setExternalNoNamespaceSchemaLocation@AbstractDOMParser@xercesc_2_7@@QAEXQBD@Z
?setDoSchema@AbstractDOMParser@xercesc_2_7@@QAEX_N@Z
?setDoNamespaces@AbstractDOMParser@xercesc_2_7@@QAEX_N@Z
?startAttList@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@@Z
?notationDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLNotationDecl@2@_N@Z
?resetDocType@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?entityDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDEntityDecl@2@_N1@Z
?endExtSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?endIntSubset@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?endAttList@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@@Z
?elementDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@_N@Z
?doctypeWhitespace@AbstractDOMParser@xercesc_2_7@@UAEXQB_WI@Z
?TextDecl@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0@Z
??1MemBufFormatTarget@xercesc_2_7@@UAE@XZ
??0XercesDOMParser@xercesc_2_7@@QAE@QAVXMLValidator@1@QAVMemoryManager@1@QAVXMLGrammarPool@1@@Z
??0MemBufInputSource@xercesc_2_7@@QAE@QBEIQBD_NQAVMemoryManager@1@@Z
?docCharacters@AbstractDOMParser@xercesc_2_7@@UAEXQB_WI_N@Z
?docComment@AbstractDOMParser@xercesc_2_7@@UAEXQB_W@Z
?docPI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0@Z
?endDocument@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?endElement@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLElementDecl@2@I_NQB_W@Z
?endEntityReference@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLEntityDecl@2@@Z
?ignorableWhitespace@AbstractDOMParser@xercesc_2_7@@UAEXQB_WI_N@Z
?resetDocument@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?startDocument@AbstractDOMParser@xercesc_2_7@@UAEXXZ
?startEntityReference@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLEntityDecl@2@@Z
?startElement@AbstractDOMParser@xercesc_2_7@@UAEXABVXMLElementDecl@2@IQB_WABV?$RefVectorOf@VXMLAttr@xercesc_2_7@@@2@I_N3@Z
?XMLDecl@AbstractDOMParser@xercesc_2_7@@UAEXQB_W000@Z
?elementTypeInfo@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0@Z
?setPSVIHandler@AbstractDOMParser@xercesc_2_7@@UAEXQAVPSVIHandler@2@@Z
?createElementNSNode@AbstractDOMParser@xercesc_2_7@@MAEPAVDOMElement@2@PB_W0@Z
?error@XercesDOMParser@xercesc_2_7@@UAEXIQB_WW4ErrTypes@XMLErrorReporter@2@000JJ@Z
?resetErrors@XercesDOMParser@xercesc_2_7@@UAEXXZ
?endInputSource@XercesDOMParser@xercesc_2_7@@UAEXABVInputSource@2@@Z
?expandSystemId@XercesDOMParser@xercesc_2_7@@UAE_NQB_WAAVXMLBuffer@2@@Z
?resetEntities@XercesDOMParser@xercesc_2_7@@UAEXXZ
?resolveEntity@XercesDOMParser@xercesc_2_7@@UAEPAVInputSource@2@PAVXMLResourceIdentifier@2@@Z
?resolveEntity@XercesDOMParser@xercesc_2_7@@UAEPAVInputSource@2@QB_W00@Z
?startInputSource@XercesDOMParser@xercesc_2_7@@UAEXABVInputSource@2@@Z
?attDef@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@ABVDTDAttDef@2@_N@Z
?doctypeComment@AbstractDOMParser@xercesc_2_7@@UAEXQB_W@Z
?doctypeDecl@AbstractDOMParser@xercesc_2_7@@UAEXABVDTDElementDecl@2@QB_W1_N2@Z
?release@XMLString@xercesc_2_7@@SAXPAPA_W@Z
?doctypePI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0@Z
?handleAttributesPSVI@AbstractDOMParser@xercesc_2_7@@UAEXQB_W0PAVPSVIAttributeList@2@@Z
??1XercesDOMParser@xercesc_2_7@@UAE@XZ
?fgDOMXMLDeclaration@XMLUni@xercesc_2_7@@2QB_WB
??2XMemory@xercesc_2_7@@SAPAXI@Z

kernel32

GetCurrentDirectoryA
GetFullPathNameA
GetFullPathNameW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
QueryPerformanceCounter
GetLocaleInfoW
HeapSize
GetStringTypeW
GetStringTypeA
SetStdHandle
FlushFileBuffers
GetConsoleCP
SetFilePointer
GetStartupInfoA
SetHandleCount
GetOEMCP
GetACP
LoadLibraryW
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
WriteConsoleA
LCMapStringW
LCMapStringA
FindFirstFileW
GetDriveTypeW
UnlockFile
LockFile
ExitThread
FindFirstFileA
GetDriveTypeA
FindClose
GetProcessHeap
GetCommandLineA
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
GetCPInfo
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapReAlloc
ExitProcess
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
GetModuleFileNameW
GetFileType
WriteConsoleW
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapFree
RtlUnwind
GetConsoleOutputCP
CreateFileW
CompareStringA
CompareStringW
SetEnvironmentVariableA
TlsFree
GetProcAddress
lstrlenA
ReleaseSemaphore
CreateSemaphoreA
GetModuleHandleA
GetModuleFileNameA
GetVersionExA
MultiByteToWideChar
TlsGetValue
GetCurrentThread
DuplicateHandle
TlsSetValue
InterlockedIncrement
TlsAlloc
GetCurrentThreadId
ReleaseMutex
CreateMutexA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ResumeThread
LocalFree
GetCurrentProcessId
InterlockedExchange
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetErrorMode
GetDiskFreeSpaceExA
DeviceIoControl
WriteFile
GetOverlappedResult
WideCharToMultiByte
lstrcpynA
InterlockedDecrement
SetLastError
WaitForSingleObject
GetLastError
CloseHandle
GetCurrentProcess
Sleep
ReadFile
CreateFileA
GetTickCount
GetFileSize
FormatMessageA
FreeLibrary
SetEndOfFile
LoadLibraryA
GetSystemDirectoryA
CreateThread
CreateEventA
SetEvent

advapi32

InitiateSystemShutdownA
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges

ole32

CoCreateInstance

oleaut32

SysFreeString
VariantClear
VariantInit
VariantChangeType
SysAllocString

Sections

.text
Size: 724KB - Virtual size: 723KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lrdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

63940c102842596e8b8ed29e207a8f8d

Headers

File Characteristics

Imports

setupapi

winhttp

crypt32

wsock32

iphlpapi

rpcrt4

xerces-c_2_7

kernel32

advapi32

ole32

oleaut32

Sections

.text Size: 724KB - Virtual size: 723KB

.rdata Size: 156KB - Virtual size: 155KB

.data Size: 28KB - Virtual size: 42KB

.rsrc Size: 4KB - Virtual size: 1KB

.lrdata Size: 76KB - Virtual size: 76KB

.text
Size: 724KB - Virtual size: 723KB

.rdata
Size: 156KB - Virtual size: 155KB

.data
Size: 28KB - Virtual size: 42KB

.rsrc
Size: 4KB - Virtual size: 1KB

.lrdata
Size: 76KB - Virtual size: 76KB