dd5bc664c94b91dc1c9e8ab8422a012f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dd5bc664c94b91dc1c9e8ab8422a012f_JaffaCakes118
Size

869KB
MD5

dd5bc664c94b91dc1c9e8ab8422a012f
SHA1

a67b6c8dd3022dca2a99715056095ff96867b07c
SHA256

00544b077172ee92e9fb41fb7a48e0721d09e65a21ae9d827073e438797dad52
SHA512

cc357342605202a7cc37fcfe3453401f7d9f6abd78dfcd7c8562f804409744f294ec8d12d8ca75e70f0ef65dba4a51e3a6ae7ee73ab1afeead73eebdfb98ffb2
SSDEEP

24576:IwvDj3H4MPVLlxj/MguYhOa+eRwl71uBLCCqjdJp7zMMLS3P:IgDjoMDxj/MgFKeRa1uBGBdJp7zM3P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd5bc664c94b91dc1c9e8ab8422a012f_JaffaCakes118

Files

dd5bc664c94b91dc1c9e8ab8422a012f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f8f53cbaca601e028f6e8f48b5c9fceb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryDosDeviceW
SetThreadContext
SetWaitableTimer
GetFileSizeEx
UnlockFile
ExpandEnvironmentStringsA
CmdBatNotification
OpenFileMappingA
LZClose
HeapQueryInformation
DosPathToSessionPathW
GetModuleFileNameA
CloseConsoleHandle
GetGeoInfoW
GetWindowsDirectoryA
FileTimeToLocalFileTime
lstrcatW
AddLocalAlternateComputerNameW
DebugSetProcessKillOnExit
InitializeCriticalSectionAndSpinCount
lstrcpynA
VirtualAlloc
GetTempPathW
GetDefaultCommConfigW
DeleteCriticalSection
RegisterWowExec
WriteConsoleOutputA
CreateNamedPipeW
GetConsoleCommandHistoryLengthW
WritePrivateProfileStructW
ScrollConsoleScreenBufferA
GetLogicalDriveStringsW
RegisterWowBaseHandlers
DefineDosDeviceW
VerifyConsoleIoHandle
FreeConsole
lstrcat
RemoveDirectoryW
WritePrivateProfileStringW
LeaveCriticalSection
BaseFlushAppcompatCache
CreateWaitableTimerW
DelayLoadFailureHook
CreateDirectoryExA
DeactivateActCtx
GetNumaNodeProcessorMask
GetVersionExA
GetSystemTime
GetTapeParameters
LoadLibraryA
SwitchToThread
UpdateResourceA
EnumSystemCodePagesA
GlobalFindAtomA
SetConsoleIcon
SetFileApisToOEM
lstrcpynW
GetStdHandle
WaitNamedPipeA
GetEnvironmentStringsW
EnterCriticalSection
UnregisterWait
LCMapStringA
GetConsoleScreenBufferInfo
MapViewOfFileEx
WritePrivateProfileStructA
CreateMailslotA
SetConsoleCursorMode
VerLanguageNameA
GlobalGetAtomNameW
CallNamedPipeW
ReadConsoleOutputAttribute
WaitForMultipleObjects
GetStringTypeA
FindAtomA
ReadConsoleOutputA
GetFileTime
ReadProcessMemory
AttachConsole
SetConsoleCtrlHandler
SetFirmwareEnvironmentVariableW
GlobalUnlock
SetThreadPriorityBoost
ReadConsoleOutputCharacterW
HeapLock
EnumLanguageGroupLocalesA
FindNextVolumeMountPointW
GetConsoleCursorMode
GetSystemWow64DirectoryW
IsSystemResumeAutomatic
FindFirstFileW
GetSystemDefaultLCID

wldap32

ldap_parse_result
ber_scanf
ber_free
ldap_delete_ext_sW
ldap_free_controls
ldap_add_s
ldap_create_sort_control
ldap_addA
ldap_get_values_lenW
ldap_controls_free
ldap_get_next_page
ldap_add_extA
ldap_initW
ldap_compare_ext_sA
ldap_parse_vlv_controlA
ldap_modrdnW
ldap_rename_extW
ldap_unbind
ldap_sasl_bindW
ldap_get_valuesA
ldap_encode_sort_controlA
ldap_modifyA
ldap_parse_reference
ldap_search_ext_s
ldap_compareW
ldap_add_ext_sA
ldap_create_vlv_controlW
ldap_get_dn
ldap_value_freeW
ldap_init
ldap_stop_tls_s
ldap_escape_filter_element
ldap_delete_ext_sA
ldap_simple_bind_sA
ldap_bindA
ldap_deleteW
ldap_searchW
ldap_create_sort_controlA
ber_bvecfree
ldap_err2stringA
ldap_search_init_pageA
ldap_err2stringW

shlwapi

PathIsDirectoryW
SHEnumKeyExA
PathRemoveBlanksW
StrSpnW
PathIsContentTypeW
IntlStrEqWorkerW
StrRChrIA
UrlIsA
PathIsNetworkPathA
PathIsLFNFileSpecW
PathCombineA
GetMenuPosFromID
SHQueryValueExA
PathUnquoteSpacesA
PathRenameExtensionA
PathBuildRootA
SHLoadIndirectString
StrRetToStrW
StrStrNIW
SHRegGetBoolUSValueW
SHOpenRegStream2W
UrlHashA
PathRemoveExtensionA
SHRegSetUSValueA
PathIsDirectoryEmptyW
PathSearchAndQualifyA
SHSetValueA
PathParseIconLocationW
SHRegEnumUSValueW
StrFormatByteSizeA
StrChrNW
PathIsFileSpecA
PathGetCharTypeW
wvnsprintfA

imagehlp

EnumerateLoadedModules
UpdateDebugInfoFileEx
SymGetModuleBase
StackWalk
MapAndLoad
SymUnDName64
SymEnumerateModules64
SymGetTypeFromName
SymGetLineFromName64
SymFindFileInPath
SymUnDName
TouchFileTimes
SymGetModuleInfoW
UnMapAndLoad
SymEnumerateSymbols64
ImageLoad
ImageGetCertificateHeader
UnDecorateSymbolName
SymFunctionTableAccess
SetImageConfigInformation
SymGetSymFromName
ImageAddCertificate
SymFromAddr
SymSetSearchPath
FindDebugInfoFile
FindFileInSearchPath
StackWalk64
SymFromName
GetImageConfigInformation
SymRegisterFunctionEntryCallback64
SymRegisterFunctionEntryCallback
SymEnumSym
SymEnumerateModules

sqlunirl

_ModifyMenu_@20
_GetKeyboardLayoutName_@4
_GetLogColorSpace_@12
_CreateWindowStation_@16
_DefineDosDevice_@12
_OpenEvent_@12
_DrawText@20
_LoadBitmap@8
_StartDoc@8
AllocConvertMultiSZNameToA
_LookupAccountSid_@28
_GetShortPathName_@12
_RegReplaceKey_@16
_ChangeDisplaySettings_@8
_InsertMenu_@20
_CreateScalableFontResource_@16
_LookupPrivilegeValue_@12
_FatalAppExit_@8
_FindAtom_@4
_EnumResourceNames_@16
_GetCommandLine_@0
_CommDlg_OpenSave_GetFolderPath@12
_SendMessageTimeout_@28
_DialogBoxParam_@20
AllocConvertMultiSZNameToAEx
_CreateService_@52
_MapVirtualKeyEx_@12
_GetDateFormat_@24
_ShellAbout_@16
_UnregisterClass_@8
_EnumFontFamilies_@16

glu32

gluTessBeginPolygon
gluQuadricTexture
gluBuild2DMipmaps
gluEndSurface
gluQuadricNormals
gluTessNormal
gluNewQuadric
gluErrorUnicodeStringEXT
gluNewNurbsRenderer
gluErrorString
gluTessEndPolygon
gluQuadricCallback
gluDeleteQuadric
gluBeginCurve
gluNewTess
gluEndTrim
gluEndPolygon
gluPartialDisk
gluGetNurbsProperty
gluDeleteNurbsRenderer
gluNurbsSurface
gluProject
gluBuild1DMipmaps
gluTessProperty
gluNurbsCallback
gluSphere
gluTessEndContour
gluQuadricDrawStyle
gluDeleteTess
gluNextContour
gluUnProject

quartz

DBToAmpFactor
AMGetErrorTextA
DllGetClassObject
AmpFactorToDB
AMGetErrorTextW

msvcp60

??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
?id@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
?putback@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?scan_is@?$ctype@G@std@@QBEPBGFPBG0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?negative_sign@?$_Mpunct@G@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
?_Gettnames@_Locinfo@std@@QBE?AV_Timevec@2@XZ
?frac_digits@?$_Mpunct@D@std@@QBEHXZ
?_Doraise@underflow_error@std@@MBEXXZ
?id@?$moneypunct@G$0A@@std@@2V0locale@2@A
?_Isinf@?$_Ctr@N@std@@SA_NN@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??4overflow_error@std@@QAEAAV01@ABV01@@Z
?at@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
??_7?$codecvt@GDH@std@@6B@
?to_int_type@?$char_traits@G@std@@SAGABG@Z
?find_last_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
?_Isinf@?$_Ctr@M@std@@SA_NM@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@M@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??4_Num_int_base@std@@QAEAAU01@ABU01@@Z
?min@?$numeric_limits@K@std@@SAKXZ
??_F?$collate@G@std@@QAEXXZ

crypt32

CertRDNValueToStrW
CertAddEncodedCTLToStore
CertStrToNameW
CryptSIPVerifyIndirectData
CryptMsgSignCTL
CryptCreateKeyIdentifierFromCSP
CryptUnregisterOIDFunction
CryptVerifyDetachedMessageHash
CryptMemRealloc
I_CryptFindSmartCardCertInStore
CertVerifyCRLRevocation
CertFindRDNAttr
CertCloseStore
CryptUnregisterOIDInfo
RegOpenHKCUKeyExU
CryptSIPLoad
CryptStringToBinaryW
CertSetCRLContextProperty
CertAddSerializedElementToStore
CryptUninstallDefaultContext
CryptMsgClose
I_CryptUninstallOssGlobal
CertFindSubjectInSortedCTL
I_CryptGetAsn1Decoder
CertRegisterSystemStore
CryptExportPKCS8
RegDeleteValueU
CertFreeCertificateChain
CryptBinaryToStringA
CryptVerifyMessageSignature
PFXVerifyPassword
CertRemoveStoreFromCollection
CertStrToNameA
I_CryptInstallOssGlobal
CertGetCRLContextProperty
CryptImportPublicKeyInfo
CryptMsgOpenToEncode
CertFindCertificateInCRL
PFXIsPFXBlob
CertFindChainInStore
CryptMsgGetAndVerifySigner
CertNameToStrA
CryptAcquireContextU
CertFreeCertificateChainEngine
CertNameToStrW

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 331KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8f53cbaca601e028f6e8f48b5c9fceb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wldap32

shlwapi

imagehlp

sqlunirl

glu32

quartz

msvcp60

crypt32

Sections

.text Size: 166KB - Virtual size: 165KB

.rdata Size: 368KB - Virtual size: 367KB

.data Size: 331KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 166KB - Virtual size: 165KB

.rdata
Size: 368KB - Virtual size: 367KB

.data
Size: 331KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB