e22ed6014e82d824e80fddf5ff69482c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e22ed6014e82d824e80fddf5ff69482c_JaffaCakes118
Size

875KB
MD5

e22ed6014e82d824e80fddf5ff69482c
SHA1

3199023e1e7e9a1cbbb62a54037afb7a1ebb097c
SHA256

ebd0be621c9323e88a013b0284b765298bda163c53f1c26af5471dd24dcd21f5
SHA512

345010eeb2b2f058ae59c87a1bb8ac9d588a95fed46b486dd08c6388530900b1609ae3d96104fce5abf0fe5452bbce4c846060610d4d59333fd9e51e57d97353
SSDEEP

12288:Ev7YukFTL7/0b2UabP/ZhukEhR80DVvC1VK0e6EFeQqIc4uzR/7urWsQYbecUhyv:eUuY/TprZXEhRbpnEEFelhl/sWXn4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e22ed6014e82d824e80fddf5ff69482c_JaffaCakes118

Files

e22ed6014e82d824e80fddf5ff69482c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

053773e5f5523331101dc545a4413231

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFullPathNameA
LZInit
GetModuleHandleW
GlobalCompact
MoveFileWithProgressA
BaseInitAppcompatCacheSupport
GetTickCount
OpenProcess
Thread32First
GetModuleHandleA
GetProfileStringA
LoadLibraryA
RemoveLocalAlternateComputerNameW
VirtualAlloc
_lopen
WritePrivateProfileSectionA
Module32Next
BuildCommDCBAndTimeoutsA
ReplaceFile
CreateFileA
GetProcessId
WaitForSingleObjectEx
ReadConsoleInputW
SystemTimeToFileTime
GetCurrentProcessId
SetConsoleWindowInfo
SetTapePosition
EnumUILanguagesW
PeekNamedPipe
AddAtomA
GetThreadSelectorEntry
GetConsoleAliasExesLengthW
GetConsoleWindow
BuildCommDCBAndTimeoutsW
VirtualFreeEx
FreeEnvironmentStringsW

query

?ReturnBuffer@CPhysStorage@@QAEXKHH@Z
?Open@COLEPropManager@@QAEHABVCFunnyPath@@@Z
??0CPropListFile@@QAE@PAVCEmptyPropertyList@@HPBGK@Z
??1?$XPtr@VCDbCmdTreeNode@@@@QAE@XZ
?Next@CCombinedPropertyList@@UAEPBVCPropEntry@@XZ
?GetCGIVariable@CWebServer@@QAEHPBDAAV?$XArray@G@@AAK@Z
?Skip@CEnumString@@UAGJK@Z
?DeleteRegistryParamNoThrow@CCatalogAdmin@@QAEXPBG@Z
?GetPropTypeCount@CEmptyPropertyList@@SGIXZ
??0CSizeSerStream@@QAE@XZ
??0CDefColumnRegEntry@@QAE@XZ
?Initialize@CImpersonationTokenCache@@QAEXPBGHHHKKK@Z
??0CDbColId@@QAE@ABV0@@Z
??0CPropNameArray@@QAE@AAVPDeSerStream@@@Z
?SetValue@CPropertyRestriction@@QAEXPAG@Z
??0CEventLog@@QAE@PBG0@Z
?Next@CCatalogEnum@@QAEHXZ
?Eof@CMmStreamConsecBuf@@QAEHXZ
?SetRunningAsSystem@CImpersonateSystem@@SGXXZ
?Get@CRegAccess@@QAEXPBGPAGI@Z
?SetWeight@CDbCmdTreeNode@@QAEXJ@Z
??1CAllocStorageVariant@@IAE@XZ
?SetPhrase@CNatLanguageRestriction@@QAEXPBG@Z
CIState
?IsScopeValid@@YGJPBGIH@Z
?IsWriteProtected@CDriveInfo@@QAEHXZ
??1CContentRestriction@@QAE@XZ
?ReOpenStream@CPhysIndex@@EAEXXZ
??1COccRestriction@@QAE@XZ
??1CWordRestriction@@QAE@XZ
CIGetGlobalPropertyList
?ReadProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@@Z
?Unmap@CRcovStrmTrans@@IAEXW4DataCopyNum@CRcovStorageHdr@@@Z
?ReportEventW@CEventLog@@QAEXAAVCEventItem@@@Z
?GetByte@CMemDeSerStream@@UAEEXZ
?Remove@CDbSortSet@@QAEXI@Z
?URLEscapeW@@YGXPBGAAVCVirtualString@@KH@Z
?GetTotalSizeInKB@CPropStoreManager@@QAEKXZ
??0CRcovStrmMDTrans@@QAE@AAVPRcovStorageObj@@W4MDOp@0@K@Z
??1CColumns@@QAE@XZ
?CIShutdown@@YGXXZ
?Append@CEnumString@@QAEXPBG@Z
??1CQueryUnknown@@QAE@XZ
?QueryInterface@CEnumWorkid@@UAGJABU_GUID@@PAPAX@Z
?My_wcstoui64@@YA_KPBGPAPAGH@Z
?Marshall@CDbColId@@QBEXAAVPSerStream@@@Z
?GetI2@CAllocStorageVariant@@QBEFI@Z
?AcceptCommand@CQueryScanner@@QAEXXZ
??1CGenericCiProxy@@UAE@XZ
?MultiByteToXArrayWideChar@@YGKPBEKIAAV?$XArray@G@@@Z
?MarkDirty@CDynStream@@QAEHXZ
?PutMinValue@CValueNormalizer@@QAEXKAAKW4VARENUM@@@Z
?SetLPWSTR@CStorageVariant@@QAEXPBGI@Z
?ResetType@CAllocStorageVariant@@IAEXAAVPMemoryAllocator@@@Z
?_ImpersonateIf@CImpersonateRemoteAccess@@AAEHPBG0K@Z
?UnMarshall@CDbPropSet@@QAEHAAVPDeSerStream@@@Z
?Next@CScopeEnum@@QAEHXZ
?AddArg@CEventItem@@QAEXK@Z
?AcceptWord@CQueryScanner@@QAEXXZ
??1CLangList@@QAE@XZ
??0CTimeLimit@@QAE@KK@Z
?UpdateContentIndex@@YGKPBG00H@Z
??0CSort@@QAE@I@Z
??0CWordRestriction@@QAE@ABVCKeyBuf@@KKKH@Z
?GetWeight@CDbCmdTreeNode@@QBEJXZ
?DecodeURLEscapes@@YGXPAEAAKPAGK@Z
?QueryPidLookupTable@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
?LocaleToCodepage@@YGKK@Z
?CreateSubdirs@CMachineAdmin@@QAEXPBG@Z
?SkipByte@CMemDeSerStream@@UAEXXZ
?GetNumber@CQueryScanner@@QAEHAA_KAAH@Z

wininet

GetUrlCacheEntryInfoA
InternetReadFileExW
IsUrlCacheEntryExpiredA
IsUrlCacheEntryExpiredW
InternetGetLastResponseInfoW
InternetOpenUrlA
FtpPutFileEx
InternetUnlockRequestFile
InternetSetCookieExW
InternetAlgIdToStringW
ShowClientAuthCerts
InternetGetConnectedState
InternetDialW
InternetTimeFromSystemTimeW
InternetCanonicalizeUrlA
InternetCreateUrlA
InternetLockRequestFile
ShowSecurityInfo
GopherFindFirstFileW
FindFirstUrlCacheEntryExA
SetUrlCacheGroupAttributeA
HttpSendRequestA
InternetAlgIdToStringA
InternetDialA
FtpCommandA
InternetReadFile
InternetQueryDataAvailable
InternetTimeToSystemTime
InternetWriteFile
HttpQueryInfoW
ShowCertificate
DeleteUrlCacheEntryA
FindNextUrlCacheContainerA
GopherOpenFileW
InternetErrorDlg

wldap32

ldap_sslinitA
ldap_search_extA
ldap_modrdn
ldap_deleteW
ldap_simple_bind_sW
ldap_search_sW
ldap_value_free_len
ldap_delete_sW
ber_free
ldap_set_dbg_flags
ldap_simple_bind_s
ldap_count_valuesA
ldap_compareW
ldap_parse_sort_control
ldap_create_vlv_controlA
ldap_dn2ufnW
ldap_searchA
ber_bvecfree
ldap_get_next_page_s
ldap_ufn2dnA
LdapUTF8ToUnicode
ldap_simple_bindA
ldap_compare_s
ldap_get_optionA
ldap_connect
ldap_parse_page_control
ldap_modify_ext_sA
ldap_create_sort_control
ldap_create_sort_controlA
ber_printf

msi

MsiSetComponentStateA
MsiSetExternalUIW
MsiSetFeatureStateA
MsiGetFeatureInfoW
MsiEnableLogW
MsiRecordReadStream
MsiDatabaseExportA
MsiGetComponentPathW
MsiGetUserInfoA
MsiPreviewBillboardW
MsiDatabaseMergeW
MsiNotifySidChangeW
MsiRecordSetStreamA
MsiGetProductCodeA
MsiNotifySidChangeA
MsiEnumClientsA
MsiProvideQualifiedComponentA
MsiSetMode
MsiUseFeatureExA
Migrate10CachedPackagesA
DllGetVersion
MsiGetComponentPathA
MsiUseFeatureExW
Migrate10CachedPackagesW
MsiAdvertiseProductA
MsiGetFileHashW
MsiGetFeatureUsageW
MsiInstallProductW
MsiRecordIsNull
MsiGetPropertyW
MsiGetProductPropertyA
MsiGetFeatureUsageA
MsiGetProductInfoA
MsiReinstallFeatureW
MsiOpenProductA
MsiGetShortcutTargetW

ifmon

InitHelperDll

Sections

.text
Size: 534KB - Virtual size: 534KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 330KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

053773e5f5523331101dc545a4413231

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

query

wininet

wldap32

msi

ifmon

Sections

.text Size: 534KB - Virtual size: 534KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 330KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 534KB - Virtual size: 534KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 330KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B