e00098f6bdb80c33bb8d6c657610e073_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e00098f6bdb80c33bb8d6c657610e073_JaffaCakes118
Size

20KB
MD5

e00098f6bdb80c33bb8d6c657610e073
SHA1

c32bfb06462bbad56ff6f9de18f205602e033d6e
SHA256

2f1b123a77952612c69ebb8162ec70b0d4cd1f1a9bf319b03a71e0e85510cdd2
SHA512

b0d86ca36d071c2a98e08774343c7a263bc4a2c225d63701590b16132e0e5f0cf01471a95bb2772fa805f997cd25d76e61a5ebeea982a522aa98510ad83b6830
SSDEEP

384:yJiwzOPGrFauNduzwLOEIlqEF4sl8uTXWRnDBk0lSBvo:yJBSOhauNdu0LRdm0ln

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e00098f6bdb80c33bb8d6c657610e073_JaffaCakes118

Files

e00098f6bdb80c33bb8d6c657610e073_JaffaCakes118
.exe windows:5 windows x86 arch:x86

877f45bb5879b87f411bb013b8b72b1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnhandledExceptionFilter
RtlInitNlsTables
sscanf
RtlDosSearchPath_Ustr
RtlConvertExclusiveToShared
NtWaitForKeyedEvent
NtPlugPlayControl
NtPrivilegeCheck
RtlAddAccessAllowedAceEx
RtlFreeHeap
RtlZeroMemory
NtMapUserPhysicalPages
NtCompressKey
NtQuerySystemTime
RtlAddAuditAccessObjectAce
CsrCaptureMessageBuffer
RtlAreAnyAccessesGranted
KiUserApcDispatcher
PfxRemovePrefix
ZwQueryTimerResolution
ZwReadVirtualMemory
RtlCustomCPToUnicodeN
NtQueryDefaultLocale
NtQueryKey
RtlCopySid
tan
ZwDeviceIoControlFile
ZwReplaceKey
NtCreateKey

crypt32

CryptGetOIDFunctionValue
CertCreateSelfSignCertificate
CertGetSubjectCertificateFromStore
CryptSignAndEncodeCertificate
PFXVerifyPassword
CertRDNValueToStrA
CertSetCTLContextProperty
CryptSignAndEncryptMessage
CertDuplicateCertificateContext
CryptEnumOIDFunction
CryptMsgEncodeAndSignCTL
CertVerifyRevocation
I_CryptTouchLruEntry
CryptMsgDuplicate
CryptSIPRetrieveSubjectGuidForCatalogFile
CertDeleteCRLFromStore
CertVerifyCertificateChainPolicy
I_CryptGetAsn1Decoder
RegCreateKeyExU
CryptMsgOpenToDecode

hhsetup

?AddTitle@CCollection@@QAEPAVCTitle@@PBG0000GIPAVCLocation@@PAKH0@Z
?FindLocation@CCollection@@QAEPAVCLocation@@PBDPAI@Z
?GetTail@CFIFOString@@QAEKPAPAD@Z
?AddTitle@CCollection@@QAEPAVCTitle@@PBD0000GIPAVCLocation@@PAKH0@Z
??1CLocation@@QAE@XZ
?GetTitleW@CLocation@@QAEPBGXZ
?GetMasterCHM@CCollection@@QAEHPAPAGPAG@Z
?CheckTitleRef@CCollection@@AAEKPBGG@Z
?FindTitle@CCollection@@QAEPAVCTitle@@PBDG@Z
?SetTitle@CFolder@@QAEXPBG@Z
?GetMasterCHM@CCollection@@QAEHPAPADPAG@Z
?GetTitle@CLocation@@QAEPADXZ
?AllocCopyValue@CCollection@@AAEKPAVCParseXML@@PADPAPAD@Z
?DeleteLocalFiles@CCollection@@AAEXPAULocationHistory@@PAVCTitle@@@Z
?SetNextTitle@CTitle@@QAEXPAV1@@Z
?Add@CPointerList@@QAEPAUListItem@@PAX@Z
?NewLocationHistory@CTitle@@QAEPAULocationHistory@@XZ
?FindTitle@CCollection@@QAEPAVCTitle@@PBGG@Z
?GetRootFolder@CCollection@@QAEPAVCFolder@@XZ
??4CCollection@@QAEAAV0@ABV0@@Z
?GetId@CLocation@@QBEPADXZ
?GetLocation@CTitle@@QAEPAULocationHistory@@K@Z
?SetId@CTitle@@QAEXPBD@Z
?MergeKeywords@CCollection@@QAEHPAG@Z
?ParseFile@CCollection@@AAEKPBD@Z

untfs

??0NTFS_CLUSTER_RUN@@QAE@XZ
?Initialize@NTFS_REFLECTED_MASTER_FILE_TABLE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEXZ
?Initialize@NTFS_UPCASE_TABLE@@QAEEPAVNTFS_ATTRIBUTE@@@Z
?ComputeFileNameSignature@NTFS_MFT_INFO@@CGXKPAU_FILE_NAME@@QAE@Z
?QueryFileSizes@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVBIG_INT@@0PAE@Z
??1NTFS_EXTENT_LIST@@UAE@XZ
??1NTFS_FILE_RECORD_SEGMENT@@UAE@XZ
??1NTFS_MFT_FILE@@UAE@XZ
?QueryClusterFactor@NTFS_SA@@QBEEXZ
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@KPAVNTFS_MASTER_FILE_TABLE@@@Z
??0NTFS_FRS_STRUCTURE@@QAE@XZ
?Initialize@NTFS_ATTRIBUTE@@QAEEPAVLOG_IO_DP_DRIVE@@KPBXKKPBVWSTRING@@G@Z
Extend
?Relocate@NTFS_CLUSTER_RUN@@QAEXVBIG_INT@@@Z
??1NTFS_SA@@UAE@XZ
?IsDosName@NTFS_SA@@SGEPBU_FILE_NAME@@@Z
Format
?Initialize@NTFS_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@VBIG_INT@@2@Z
??0NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAE@XZ
??0NTFS_BITMAP@@QAE@XZ
?QueryEntry@NTFS_INDEX_TREE@@QAEEKPAXKPAPAU_INDEX_ENTRY@@PAPAVNTFS_INDEX_BUFFER@@PAE@Z
?Save@NTFS_INDEX_TREE@@QAEEPAVNTFS_FILE_RECORD_SEGMENT@@@Z
?NtfsUpcaseCompare@@YGJPBGK0KPBVNTFS_UPCASE_TABLE@@E@Z
ChkdskEx

msvcp60

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?do_scan_not@?$ctype@G@std@@MBEPBGFPBG0@Z
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
?conj@std@@YA?AV?$complex@O@1@ABV21@@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHPBG@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?infinity@?$numeric_limits@K@std@@SAKXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG0@Z
??1?$ctype@D@std@@UAE@XZ
??_F?$moneypunct@G$00@std@@QAEXXZ
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??_7?$ctype@D@std@@6B@
??_F?$collate@G@std@@QAEXXZ
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
?pow@std@@YA?AV?$complex@N@1@ABV21@H@Z
?_Isinf@?$_Ctr@M@std@@SA_NM@Z
??_Fmessages_base@std@@QAEXXZ
?imag@?$_Complex_base@M@std@@QAEMABM@Z
?id@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A

mfcsubs

?RemoveAt@CStringArray@@QAEXHH@Z
??BCCriticalSection@@QAEPAU_RTL_CRITICAL_SECTION@@XZ
?AfxGetEmptyString@@YGABVCString@@XZ
?NewAssoc@CMapStringToPtr@@IAEPAUCAssoc@1@XZ
??9@YG_NPBGABVCString@@@Z
??1CString@@QAE@XZ
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
?TrimRight@CString@@QAEXXZ
??1CStringArray@@UAE@XZ
??0CString@@QAE@PBE@Z
??_FCMapStringToPtr@@QAEXXZ
?SetAt@CMapStringToPtr@@QAEXPBGPAX@Z
??4CString@@QAEABV0@PBE@Z
?LookupKey@CMapStringToPtr@@QBEHPBGAAPBG@Z
?Find@CString@@QBEHPBG@Z
??1CMapStringToPtr@@UAE@XZ
?FormatMessageW@CString@@QAAXPBGZZ
??0CString@@QAE@ABV0@@Z
?ElementAt@CStringArray@@QAEAAVCString@@H@Z
??_7CObject@@6B@
?InitHashTable@CMapStringToPtr@@QAEXIH@Z
?SetAtGrow@CStringArray@@QAEXHPBG@Z
?CopyBeforeWrite@CString@@IAEXXZ
?Release@CString@@KGXPAUCStringData@@@Z
?CompareNoCase@CString@@QBEHPBG@Z

msvcrt20

_mbsspnp
_sopen
_tcsrev
strstr
?putback@istream@@QAEAAV1@D@Z
_tolower
??_7streambuf@@6B@
_tcsninc
iswupper
??5istream@@QAEAAV0@AAO@Z
_loaddll
_wcsicoll
_control87
_wexecve
?oct@@YAAAVios@@AAV1@@Z
_wmktemp
?fail@ios@@QBEHXZ
__mb_cur_max
__p__pgmptr
??4ostream_withassign@@QAEAAV0@ABV0@@Z
??_7ifstream@@6B@
??1ios@@UAE@XZ
__p__iob
_mbscpy

kernel32

SetTapePosition
GetFileAttributesExA
EnumLanguageGroupLocalesW
EnumResourceNamesW
GetLocaleInfoW
CreateProcessInternalA
SetComputerNameA
_llseek
ContinueDebugEvent
TransmitCommChar
GetBinaryTypeW
DeleteFileW
CloseConsoleHandle
GetConsoleCommandHistoryW
FindAtomA
SetUserGeoID
GetModuleHandleA
_lwrite
AreFileApisANSI
VirtualAlloc
GetExpandedNameW
GlobalCompact
LoadLibraryA
WaitForSingleObjectEx
WaitForMultipleObjectsEx
Heap32ListNext
GetNumaNodeProcessorMask
ReleaseSemaphore

Sections

.text
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

877f45bb5879b87f411bb013b8b72b1f

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

crypt32

hhsetup

untfs

msvcp60

mfcsubs

msvcrt20

kernel32

Sections

.text Size: 1024B - Virtual size: 610B

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 16KB - Virtual size: 68KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1024B - Virtual size: 610B

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 16KB - Virtual size: 68KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 64B