dd10d750f606b2b2d47b9ab546e31e2b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dd10d750f606b2b2d47b9ab546e31e2b_JaffaCakes118
Size

371KB
MD5

dd10d750f606b2b2d47b9ab546e31e2b
SHA1

9daf8bf2f788ac6d0ef1485c12314fcdcce2e1a3
SHA256

d7870b25c03c23c8cbd8b9558c22dd325d7a6275ea94cb0f3a9485d640818823
SHA512

24cd67da32dee3f2ec3eb6795f475c61465618fb0120eb1f922c4c0747d624cc055cee1d0b177b09e2a19a7bad264117f953e6b9546952709f41c39429ffaf9d
SSDEEP

6144:TmZKc8oVYmHwCxg+4e5mZvKUW/M33eV0SQ1W6e0aBQc8GkLMhy3K6Zs+/96H:CZKVoymHwGg+TYZvKUW/QeVVQ1gQc8ED

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd10d750f606b2b2d47b9ab546e31e2b_JaffaCakes118

Files

dd10d750f606b2b2d47b9ab546e31e2b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2668dbb0a3545ff4ab0f25d9c7de952a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

msacm32

acmMetrics
acmDriverDetailsA
acmFilterDetailsW
acmFilterTagEnumA
acmStreamSize
acmFormatDetailsA
acmFilterTagEnumW
acmFormatEnumW
acmFilterDetailsA
acmDriverMessage
acmFormatTagEnumA
acmDriverRemove
acmFormatChooseW
acmStreamReset
acmStreamOpen
acmFilterChooseW
acmFormatTagDetailsW
acmFormatSuggest
acmFormatDetailsW
acmStreamMessage
acmFormatTagDetailsA
acmDriverEnum
acmFilterTagDetailsA
acmDriverAddA
acmFilterEnumA
XRegThunkEntry
acmGetVersion
acmDriverAddW
acmDriverPriority
acmDriverID
acmStreamConvert
acmFormatTagEnumW
acmFilterTagDetailsW
acmFormatChooseA
acmMessage32
acmFilterChooseA

mfcsubs

??BCSyncObject@@QBEPAXXZ
?Compare@CString@@QBEHPBG@Z
??0CSyncObject@@QAE@PBG@Z
??O@YG_NABVCString@@0@Z
?Add@CStringArray@@QAEHPBG@Z
??H@YG?AVCString@@PBGABV0@@Z
??ACString@@QBEGH@Z
?Format@CString@@QAAXIZZ
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
?InitHashTable@CMapStringToPtr@@QAEXIH@Z
?AfxA2WHelper@@YGPAGPAGPBDH@Z
??1CCriticalSection@@UAE@XZ
?Left@CString@@QBE?AV1@H@Z
??1CString@@QAE@XZ
??P@YG_NABVCString@@PBG@Z
?GetSize@CStringArray@@QBEHXZ
??1CSyncObject@@UAE@XZ
?TrimRight@CString@@QAEXXZ
??ACStringArray@@QBE?AVCString@@H@Z
??4CString@@QAEABV0@ABV0@@Z
?AfxW2AHelper@@YGPADPADPBGH@Z
?GetAssocAt@CMapStringToPtr@@IBEPAUCAssoc@1@PBGAAI@Z
?Release@CString@@KGXPAUCStringData@@@Z
??_FCMapStringToPtr@@QAEXXZ
??4CPlex@@QAEAAU0@ABU0@@Z
?LockBuffer@CString@@QAEPAGXZ
??4CString@@QAEABV0@G@Z
?SetAt@CString@@QAEXHG@Z
?FreeAssoc@CMapStringToPtr@@IAEXPAUCAssoc@1@@Z
?MakeLower@CString@@QAEXXZ
?data@CPlex@@QAEPAXXZ
??_7CObject@@6B@
?Empty@CString@@QAEXXZ
?FindOneOf@CString@@QBEHPBG@Z

rasman

RasSecurityDialogReceive
RasRequestNotification
RasPortListen
RasDeviceEnum
RasRpcDeleteEntry
RasSetCommSettings
RasSetDevConfig
RasPortReceive
RasGetNdiswanDriverCaps
RasRpcSetUserPreferences
RasSetKey
RasDeAllocateRoute
RasEnumLanNets
RasRegisterPnPHandler
RasEnableIpSec
RasRpcEnumConnections
RasGetBuffer
RasGetInfoEx
RasConnectionEnum
RasmanUninitialize
RasGetConnectionUserData
RasAddNotification
RasBundleClearStatistics
RasInitializeNoWait
RasSecurityDialogSend
RasGetHConnFromEntry
RasRpcGetErrorString
RasSetDialParams
RasRPCBind
RasGetInfo
RasPortSetInfo
RasDeviceSetInfo
RasSetConnectionUserData
RasPortGetStatistics
RasGetCalledIdInfo
RasGetNumPortOpen
RasBundleGetStatisticsEx
RasPortGetBundle
RasBundleClearStatisticsEx
RasGetEapUserInfo
RasGetDevConfigEx
RasPortConnectComplete
RasSendCreds
RasConnectionGetStatistics
RasRpcPortEnum
RasPortEnumProtocols
RasSignalNewConnection
RasRpcRemoteGetUserPreferences
RasRpcGetUserPreferences
RasStartRasAutoIfRequired
RasPortClearStatistics
RasRpcGetInstalledProtocolsEx
RasSetCachedCredentials
RasGetKey
RasRpcGetInstalledProtocols
RasGetDeviceName
RasActivateRouteEx
RasPortCancelReceive
RasFindPrerequisiteEntry
RasPortReceiveEx
RasPortSetFramingEx
RasGetUnicodeDeviceName
RasDeviceConnect
RasRpcGetCountryInfo
RasGetUserCredentials
RasDestroyConnection
RasPortClose
RasPortGetProtocolCompression

kernel32

GetDriveTypeW
GetDefaultCommConfigA
BaseUpdateAppcompatCache
MoveFileExA
SetConsoleInputExeNameW
LoadLibraryA
GetLargestConsoleWindowSize
GetConsoleKeyboardLayoutNameA
OpenFileMappingW
IsWow64Process
FindNextVolumeMountPointA
lstrcatW
LCMapStringW
WaitNamedPipeA
SetConsoleTextAttribute
VirtualAlloc
HeapDestroy
LocalAlloc
DeactivateActCtx
GetCurrentDirectoryW
RtlFillMemory
OpenProfileUserMapping
SetVolumeMountPointW
QueryPerformanceCounter
VirtualLock
QueueUserAPC
GetCurrentThread
GetNumberFormatA
SearchPathW
CommConfigDialogW
GetVolumeNameForVolumeMountPointW
GetEnvironmentStringsW
FindActCtxSectionGuid

ntdll

RtlEqualLuid
RtlSetSecurityObject
NtCancelTimer
NtOpenKey
RtlLockBootStatusData
RtlOpenCurrentUser
ZwLoadDriver
RtlConvertExclusiveToShared
ZwMapUserPhysicalPagesScatter
ZwPlugPlayControl
ZwRequestPort
NtQueryMultipleValueKey
RtlCreateSecurityDescriptor
NtCreateMailslotFile
RtlInterlockedFlushSList
ZwImpersonateAnonymousToken
ZwCreateFile
NtResumeProcess
__iscsymf
RtlSelfRelativeToAbsoluteSD
RtlCompressBuffer
RtlIpv6AddressToStringA
RtlSetSecurityDescriptorRMControl
RtlDeleteAtomFromAtomTable
NtDeleteBootEntry
NtStopProfile
ZwReadFileScatter
NtSetInformationObject
RtlFindClearBitsAndSet
NtReadFileScatter
ZwCancelTimer
NtUnloadDriver
RtlSetCriticalSectionSpinCount
strcpy
DbgQueryDebugFilterState
ZwSetSystemInformation
ZwSetBootOptions
RtlxUnicodeStringToOemSize
RtlPushFrame
ZwOpenThreadToken
RtlQueryProcessHeapInformation
RtlPinAtomInAtomTable
NtQueryInformationPort
RtlGetUserInfoHeap
RtlInitUnicodeString
RtlSplay
RtlInitUnicodeStringEx
RtlDelete
RtlValidRelativeSecurityDescriptor
ZwOpenSymbolicLinkObject
RtlDoesFileExists_U
NtSetEaFile
ZwOpenSection
ZwQueryMultipleValueKey
NlsAnsiCodePage
DbgUiStopDebugging
RtlEraseUnicodeString
fabs

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 467KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2668dbb0a3545ff4ab0f25d9c7de952a

Headers

File Characteristics

Imports

msacm32

mfcsubs

rasman

kernel32

ntdll

Sections

.text Size: 132KB - Virtual size: 132KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 1KB - Virtual size: 467KB

.rsrc Size: 127KB - Virtual size: 127KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 132KB - Virtual size: 132KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 1KB - Virtual size: 467KB

.rsrc
Size: 127KB - Virtual size: 127KB

.reloc
Size: 1024B - Virtual size: 1024B