f0d2a470a810a7630feae185459cac09_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f0d2a470a810a7630feae185459cac09_JaffaCakes118
Size

869KB
MD5

f0d2a470a810a7630feae185459cac09
SHA1

ce7536783a154d892190df7a0239534c5825e594
SHA256

126e2e788c812d21a72ccb4cb08a81928dbde2fc05bdc5e9c7c35ca504ec9759
SHA512

6000dae85f6cb790f23770fa33b0c9842d6e298041ee42652735cbf44b8d46bb154234d3db6e06dc36ff0c1c6c644067887130f6f30bfb7d87acbad4897b1001
SSDEEP

24576:rv40nEVUa7/V5aQV+W/qRdURcJ1l6JnHAT:j40nkzV5pP/1Ro9T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0d2a470a810a7630feae185459cac09_JaffaCakes118

Files

f0d2a470a810a7630feae185459cac09_JaffaCakes118
.exe windows:5 windows x86 arch:x86

02c5b3a9a52af69d9a6788985f294547

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

untfs

?CompareDupInfo@NTFS_MFT_INFO@@SGEPAXPAU_FILE_NAME@@@Z
??0NTFS_MFT_FILE@@QAE@XZ
?QueryName@NTFS_ATTRIBUTE_RECORD@@QBEEPAVWSTRING@@@Z
??0NTFS_BOOT_FILE@@QAE@XZ
??1NTFS_ATTRIBUTE_DEFINITION_TABLE@@UAE@XZ
??1NTFS_BOOT_FILE@@UAE@XZ
?InsertEntry@NTFS_INDEX_TREE@@QAEEKPAXU_MFT_SEGMENT_REFERENCE@@E@Z
??1NTFS_UPCASE_FILE@@UAE@XZ
?ReadSet@NTFS_FRS_STRUCTURE@@QAEEPAVTLINK@@@Z
?Save@NTFS_INDEX_TREE@@QAEEPAVNTFS_FILE_RECORD_SEGMENT@@@Z
?Initialize@NTFS_ATTRIBUTE_RECORD@@QAEEPAVIO_DP_DRIVE@@PAX@Z
??1NTFS_REFLECTED_MASTER_FILE_TABLE@@UAE@XZ
??0NTFS_FILE_RECORD_SEGMENT@@QAE@XZ
?Initialize@NTFS_CLUSTER_RUN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@VBIG_INT@@KK@Z
ChkdskEx
?Initialize@NTFS_LOG_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?AddExtent@NTFS_EXTENT_LIST@@QAEEVBIG_INT@@00@Z
?ReadAgain@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
??1NTFS_MFT_FILE@@UAE@XZ
?QueryAttributeByOrdinal@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAEKK@Z
Chkdsk
?QueryAttributeListAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAE@Z
?Read@NTFS_FRS_STRUCTURE@@UAEEXZ
?ComputeFileNameSignature@NTFS_MFT_INFO@@CGXKPAU_FILE_NAME@@QAE@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@KPAVNTFS_MASTER_FILE_TABLE@@@Z
?NtfsUpcaseCompare@@YGJPBGK0KPBVNTFS_UPCASE_TABLE@@E@Z
??1NTFS_MFT_INFO@@UAE@XZ
Extend
??1NTFS_ATTRIBUTE@@UAE@XZ
??1NTFS_BAD_CLUSTER_FILE@@UAE@XZ
?QueryVolumeFlagsAndLabel@NTFS_SA@@QAEGPAE00PAVWSTRING@@@Z
??0NTFS_REFLECTED_MASTER_FILE_TABLE@@QAE@XZ
??0NTFS_FRS_STRUCTURE@@QAE@XZ
??0NTFS_ATTRIBUTE_LIST@@QAE@XZ
?Initialize@NTFS_UPCASE_TABLE@@QAEEPAVNTFS_ATTRIBUTE@@@Z
?GetNextAttributeListEntry@NTFS_ATTRIBUTE_LIST@@QBEPBU_ATTRIBUTE_LIST_ENTRY@@PBU2@@Z
?QueryExtentList@NTFS_ATTRIBUTE_RECORD@@QBEEPAVNTFS_EXTENT_LIST@@@Z
??1NTFS_UPCASE_TABLE@@UAE@XZ
?Initialize@NTFS_ATTRIBUTE@@QAEEPAVLOG_IO_DP_DRIVE@@KPBXKKPBVWSTRING@@G@Z
??0NTFS_BITMAP@@QAE@XZ

msvcrt

_wperror
_cscanf
_swab
wcsncpy
_wfdopen
rand
_sys_errlist
_seterrormode
__p__commode
_environ
_strrev
wcsncat
__p__amblksiz
_stat
_wsystem
strncmp
_wtempnam
cosh
__set_app_type
_fcloseall
__p___argv
wcsftime
__p__acmdln
__CxxFrameHandler
_iob
floor
_mbccpy
exit
_adj_fptan
strerror
__p__winminor
remove

kernel32

GetSystemTimeAdjustment
GetEnvironmentStringsA
GetProcessPriorityBoost
EnumResourceLanguagesW
GetCommState
IsValidCodePage
IsProcessInJob
ReleaseSemaphore
GetSystemInfo
HeapSetInformation
DeactivateActCtx
DeleteCriticalSection
GetFullPathNameA
SetFirmwareEnvironmentVariableW
VirtualAlloc
SetProcessWorkingSetSize
HeapCreate
GetCurrentThread
WritePrivateProfileStringA
FreeResource
GetLastError
SetComputerNameExW
CreateMailslotA
LoadLibraryA
VirtualQuery
GetNumberFormatW
BeginUpdateResourceW
SetThreadContext
EnterCriticalSection
GetFirmwareEnvironmentVariableW
GetConsoleKeyboardLayoutNameW
LeaveCriticalSection
lstrcatA
BuildCommDCBAndTimeoutsW

query

?Disconnect@CRequestClient@@QAEXXZ
??0CRcovStrmAppendTrans@@QAE@AAVPRcovStorageObj@@@Z
??1CDynStream@@QAE@XZ
?SetDefaultProperty@CCatState@@QAEXPBG@Z
??1COccRestriction@@QAE@XZ
?Get@CRegAccess@@QAEXPBGPAGI@Z
?IsScopeValid@@YGJPBGIH@Z
CIGetGlobalPropertyList
??1CParseCommandTree@@QAE@XZ
?ValidateScopeRestriction@@YGHPAVCRestriction@@@Z
?CheckError@CLocalGlobalPropertyList@@QAEJAAKPAPAG@Z
?Flush@CPhysStorage@@QAEXH@Z
?GetString@CMemDeSerStream@@UAEPADXZ
?EnumerateProperty@CPidLookupTable@@QAEHAAVCFullPropSpec@@AAI@Z
?Append@CEnumWorkid@@QAEXK@Z
?Close@CPipeClient@@IAEXXZ
?AcceptCommand@CQueryScanner@@QAEXXZ
?IsDirectoryWritable@@YGHPBG@Z
?GetLPSTR@CAllocStorageVariant@@QBEPADI@Z
?MakeMetadataICommand@@YGJPAPAUIUnknown@@W4CiMetaData@@PBG2PAU1@@Z
?Marshall@CRestriction@@QBEXAAVPSerStream@@@Z
?GetStr@CKeyBuf@@QBEPAGXZ
?Get@CRegAccess@@QAEKPBG@Z
?IsIISAdminUp@CMetaDataMgr@@SGHAAH@Z
??0CAllocStorageVariant@@QAE@PBU_GUID@@AAVPMemoryAllocator@@@Z
?GetPropertyInfo@CDbProperties@@UAGJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPINFOSET@@PAPAG@Z
?_pGlobalPropListFile@CLocalGlobalPropertyList@@0PAVCPropListFile@@A
?GetI4@CAllocStorageVariant@@QBEJI@Z
?SetLogonInfo@CScopeAdmin@@QAEXPBG0AAVCCatalogAdmin@@@Z
?AccessCheck@CSdidLookupTable@@QAEHKPAXKAAH@Z
??0CPerfMon@@QAE@PBG@Z
?Find@CEmptyPropertyList@@QAEPBVCPropEntry@@ABVCDbColId@@@Z
?SetProperty@CFullPropSpec@@QAEHPBG@Z
?GetStringDbRestriction@@YGPAVCDbRestriction@@PBGKPAUIColumnMapper@@K@Z
?DoUpdates@CFilterDaemon@@QAEJXZ
?GetI8@CAllocStorageVariant@@QBE?AT_LARGE_INTEGER@@I@Z
?QueryInterface@CEnumString@@UAGJABU_GUID@@PAPAX@Z
?GetStartupData@CGenericCiProxy@@QAEPBEAAU_GUID@@AAK@Z
?SkipByte@CMemDeSerStream@@UAEXXZ
?Marshall@CDbParameter@@QBEXAAVPSerStream@@@Z
?UpdateContentIndex@@YGKPBG00H@Z
?QueryInterface@CQueryUnknown@@UAGJABU_GUID@@PAPAX@Z
?Set@CPidRemapper@@QAEXAAV?$XArray@K@@@Z
?ReportEventW@CFwEventItem@@QAEXAAUICiCAdviseStatus@@@Z
?Add@CKeyArray@@QAEHHABVCKey@@@Z
??1CPerfMon@@QAE@XZ
??0CWorkQueue@@QAE@IW4WorkQueueType@0@@Z
??1CMetaDataMgr@@QAE@XZ
??0CDbPropIDSet@@QAE@XZ
?QueryPidLookupTable@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
?Release@CQueryUnknown@@UAGKXZ
CITextToFullTreeEx
CIBuildQueryTree
?GetVPathAccess@CMetaDataMgr@@QAEKPBG@Z
?CloseRecord@CPropStoreManager@@QAEXPAVCCompositePropRecord@@@Z
?AddToWorkQueue@CFwAsyncWorkItem@@QAEXXZ
?DisableCI@CMachineAdmin@@QAEHXZ
??0CNatLanguageRestriction@@QAE@PBGABVCFullPropSpec@@K@Z
?EnableCI@CMachineAdmin@@QAEHXZ
?GetDATE@CAllocStorageVariant@@QBENI@Z
?Clone@COccRestriction@@QBEPAV1@XZ
?Add@CDbSortSet@@QAEHABVCDbColId@@KI@Z
?ResetBuffer@CQueryScanner@@QAEXPBG@Z
?GetVPathSSLAccess@CMetaDataMgr@@QAEKPBG@Z
?TransferNode@CDbCmdTreeNode@@QAEXPAV1@@Z
?Init@CPidLookupTable@@QAEHPAVPRcovStorageObj@@@Z
?GetULong@CMemDeSerStream@@UAEKXZ
?SetColumn@CCatState@@QAEXPBGI@Z
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KPAUtagPROPVARIANT@@PAI@Z
?ShrinkToFit@CPhysStorage@@QAEXXZ
?MakeICommand@@YGJPAPAUIUnknown@@PBG1PAU1@@Z
?GetBOOL@CAllocStorageVariant@@QBEFI@Z

msvcp60

??Kstd@@YA?AV?$complex@O@0@ABOABV10@@Z
??9std@@YA_NABMABV?$complex@M@0@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?infinity@?$numeric_limits@N@std@@SANXZ
?do_toupper@?$ctype@G@std@@MBEPBGPAGPBG@Z
??9std@@YA_NABV?$complex@M@0@ABM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAG@Z
??_7?$basic_fstream@DU?$char_traits@D@std@@@std@@6B@
?pow@?$_Ctr@O@std@@SAOOO@Z
?fail@ios_base@std@@QBE_NXZ
?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_FDenorm
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGPAG@Z
?id@?$numpunct@G@std@@2V0locale@2@A
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@KAPADPADDH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?id@?$messages@D@std@@2V0locale@2@A
??4?$_Ctr@O@std@@QAEAAV01@ABV01@@Z
?width@ios_base@std@@QAEHH@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?abs@std@@YAMABV?$complex@M@1@@Z
?_Init@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
??1?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPAGII@Z
?max@?$numeric_limits@J@std@@SAJXZ
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?move@?$char_traits@D@std@@SAPADPADPBDI@Z
?_Doraise@range_error@std@@MBEXXZ
?__Fiopen@std@@YAPAU_iobuf@@PBDH@Z

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 396KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02c5b3a9a52af69d9a6788985f294547

Headers

DLL Characteristics

File Characteristics

Imports

untfs

msvcrt

kernel32

query

msvcp60

Sections

.text Size: 171KB - Virtual size: 171KB

.rdata Size: 297KB - Virtual size: 297KB

.data Size: 396KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 171KB - Virtual size: 171KB

.rdata
Size: 297KB - Virtual size: 297KB

.data
Size: 396KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB