dd57dde2a5daf171e1248921ac6c77ae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dd57dde2a5daf171e1248921ac6c77ae_JaffaCakes118
Size

58KB
MD5

dd57dde2a5daf171e1248921ac6c77ae
SHA1

a8a0b04d13020dbc2a634aa7f6adf3bf47dc39ae
SHA256

6c9d1e8e3dfce9cb9d7364b4c25c43359fa0c275ea11570336e285cff2180081
SHA512

b09bfa5b9d750e2276e2960056b14dae2e26554dc9def999a5e75bc2cb10675716ff6b463c41fdc337b5b444150feaacb6f2140fb6bc8f3953e3293cfcd4f749
SSDEEP

1536:/yd160GNHMtMvAw9BFfOZfjpxXE/SJvDO72:/T/Nr4GHkjAf6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd57dde2a5daf171e1248921ac6c77ae_JaffaCakes118

Files

dd57dde2a5daf171e1248921ac6c77ae_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5990066ebe1fce2582d0fd3fddd3abb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_alldvrm
RtlAcquireResourceExclusive
ZwCompactKeys
NtCreateProfile
ZwRenameKey
RtlIsTextUnicode
ZwSaveKeyEx
RtlFindNextForwardRunClear
RtlConvertUiListToApiList
_memicmp
atoi
NtCreateEventPair
RtlImageRvaToVa
ZwLockFile
NtSetUuidSeed
RtlGetCompressionWorkSpaceSize
NtMakePermanentObject
ZwCancelTimer
RtlEqualDomainName
ZwQuerySemaphore
RtlUnicodeStringToCountedOemString
RtlAbortRXact
NtPlugPlayControl

kernel32

SystemTimeToTzSpecificLocalTime
OpenWaitableTimerA
GetConsoleInputWaitHandle
SetConsoleCursor
FindResourceExA
DeviceIoControl
MapViewOfFileEx
GetConsoleFontInfo
GetLongPathNameA
LoadLibraryA
SetEndOfFile
GetTimeFormatW
VirtualLock
UnregisterConsoleIME
ReadConsoleW
WaitNamedPipeW
HeapAlloc
HeapCreate
GetStdHandle
DebugActiveProcess
EnumUILanguagesW
CreateMutexW
GetPrivateProfileStringW
GetLogicalDrives
WaitForSingleObjectEx
GetFileTime
GetVersionExA
GetShortPathNameW
SetFileApisToOEM
CreateDirectoryW
EscapeCommFunction
GetOEMCP
GetCurrencyFormatW
RegisterWaitForSingleObject
Heap32First
SetConsoleInputExeNameW
DebugActiveProcessStop
EnumerateLocalComputerNamesA
FindFirstFileExW
GetCommProperties
SetConsoleMaximumWindowSize
GetPrivateProfileSectionNamesW
Process32FirstW
CreateProcessInternalW
FindFirstVolumeA
HeapDestroy
OpenProcess
TzSpecificLocalTimeToSystemTime
VirtualAlloc
GetOverlappedResult
GlobalSize
GetNumberFormatW
MoveFileW
LockResource
AttachConsole
GetExitCodeThread
RegisterWaitForSingleObjectEx

expsrv

rtcImmediateIf
GetMem8
__vbaI2Abs
Zombie_Release
rtcJoin
__vbaR8FixI2
rtcReplace
rtcSetTimeBstr
GetMemNewObj
rtcSLN
__vbaInStrVar
__vbaBoolVar
__vbaUI1I4
rtcOctBstrFromVar
__vbaVarTextLike
__vbaStrMove
_adj_fdivr_m64
__vbaVarTextTstGe
__vbaGosubFree
PutMem8
rtcLowerCaseVar
rtcMidVar
__vbaCySub

iassvcs

IASGetDictionary
DllRegisterServer
IASAdler32
DllUnregisterServer
DllGetClassObject
IASReportEvent
IASRadiusCrypt
IASUninitialize
IASRegisterComponent
IASRequestThread
IASSetMaxThreadIdle
IASInitialize
IASGetHostByName
IASAllocateUniqueID
DllCanUnloadNow
IASVariantChangeType
IASGetLocalDictionary
IASSetMaxNumberOfThreads

msvcirt

?writepad@ostream@@AAEAAV1@PBD0@Z
?cin@@3Vistream_withassign@@A
??1logic_error@@UAE@XZ
?setmode@filebuf@@QAEHH@Z
??5istream@@QAEAAV0@AAJ@Z
??5istream@@QAEAAV0@AAC@Z
??_Eexception@@UAEPAXI@Z
?pcount@strstream@@QBEHXZ
?put@ostream@@QAEAAV1@C@Z
?attach@ofstream@@QAEXH@Z
??_7stdiobuf@@6B@
?gbump@streambuf@@IAEXH@Z
??6ostream@@QAEAAV0@H@Z
?read@istream@@QAEAAV1@PAEH@Z
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
??_Dstrstream@@QAEXXZ
??_8iostream@@7Bistream@@@
??5istream@@QAEAAV0@AAM@Z
??1ofstream@@UAE@XZ
??0istream@@IAE@ABV0@@Z
??0Iostream_init@@QAE@AAVios@@H@Z
??0fstream@@QAE@PBDHH@Z
??0istrstream@@QAE@ABV0@@Z
??_Gifstream@@UAEPAXI@Z

wldap32

ldap_dn2ufnW
ldap_rename_ext_sW
ldap_compare
ldap_bindA
ldap_escape_filter_element
ldap_compare_sW
ldap_modrdn2
ldap_parse_resultW
ldap_initA
ldap_modrdn2_s
ldap_simple_bind_s
ldap_compare_ext_sW
ldap_free_controlsW
ldap_simple_bind
ldap_create_page_controlW
ldap_count_values
ldap_get_dnA
ldap_create_sort_controlW
ldap_delete_ext_s
ldap_ufn2dn
ldap_get_next_page
ldap_compareA
ber_next_element
ldap_sslinitA
ldap_modifyW
ldap_create_vlv_controlW
ldap_dn2ufnA
ldap_perror
ldap_modify_ext
ldap_simple_bind_sA

msi

MsiEnableUIPreview
MsiViewGetColumnInfo
MsiDecomposeDescriptorW
MsiGetFileSignatureInformationW
MsiUseFeatureA
MsiProcessAdvertiseScriptA
MsiSetComponentStateW
MsiDatabaseGenerateTransformA
MsiViewModify
MsiCloseHandle
MsiGetComponentPathA
MsiSequenceA
MsiDoActionW
DllRegisterServer
MsiMessageBoxA
MsiFormatRecordW
MsiApplyPatchA
MsiProcessMessage
MsiVerifyPackageA
MsiVerifyPackageW
MsiGetProductInfoW
MsiGetFeatureInfoW

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5990066ebe1fce2582d0fd3fddd3abb9

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

expsrv

iassvcs

msvcirt

wldap32

msi

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 17KB - Virtual size: 109KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 212B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 17KB - Virtual size: 109KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 212B