ef03569b1d46c0e6a139b074f6fff349_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ef03569b1d46c0e6a139b074f6fff349_JaffaCakes118
Size

128KB
MD5

ef03569b1d46c0e6a139b074f6fff349
SHA1

49c4121192d2c836d3662fd85468bd486590291a
SHA256

2f9d7859f05541f3870826c7982e51069586c852f571a39d7c9bd1eea488796a
SHA512

7da3d9769ae489b171740b67e7316f6f9f20ad2bffe3e3b7adc87cb41a3e8901b00f3cdd4db821ccc8e3944002d87dbd80870af1cf9f06f52f4dde7c9509f2de
SSDEEP

1536:EpvHUqn0bWZ37R6c20OCLVlRTm++nlJ6yAmZAq553blXYIVwOIBiR+Pb0:EqhA+3UmF5LR4OIBiR+w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef03569b1d46c0e6a139b074f6fff349_JaffaCakes118

Files

ef03569b1d46c0e6a139b074f6fff349_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2857e3940300c550a7953b17e88d3afd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetLastError
GetProcAddress
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
TerminateThread
lstrlenA
Sleep
CreateThread
SetFileAttributesA
GetSystemDirectoryA

user32

wsprintfA

shell32

ShellExecuteExA

urlmon

URLDownloadToFileA

omniorb411_vc6_rt

?_default_POA@ServantBase@PortableServer@@UAEPAVPOA@2@XZ
?_get_interface@ServantBase@PortableServer@@UAEPAV_objref_InterfaceDef@CORBA@@XZ
?_refcount_value@ServantBase@PortableServer@@UAEKXZ
?upcall@omniCallHandle@@QAEXPAVomniServant@@AAVomniCallDescriptor@@@Z
?_downcast@omniServant@@UAEPAXXZ
?_add_ref@ServantBase@PortableServer@@UAEXXZ
?_non_existent@omniServant@@UAE_NXZ
?_add_ref@omniServant@@UAEXXZ
?_remove_ref@omniServant@@UAEXXZ
??0proxyObjectFactory@omni@@QAE@PBD@Z
??1proxyObjectFactory@omni@@UAE@XZ
?_invoke@omniObjRef@@QAEXAAVomniCallDescriptor@@_N@Z
?initialiseCall@omniCallDescriptor@@UAEXAAVcdrStream@@@Z
?userException@omniCallDescriptor@@UAEXAAVcdrStream@@PAVIOP_C@omni@@PBD@Z
?marshalArguments@omniCallDescriptor@@UAEXAAVcdrStream@@@Z
??1omniServant@@UAE@XZ
?unmarshalArguments@omniCallDescriptor@@UAEXAAVcdrStream@@@Z
?marshalReturnedValues@omniCallDescriptor@@UAEXAAVcdrStream@@@Z
?empty_string@_CORBA_String_helper@@2QBDB
?ucheckFail@omni@@YAXPBDH0@Z
?_PD_repoId@Object@CORBA@@2PBDB
??0omniObjRef@@IAE@PBDPAVomniIOR@@PAVomniIdentity@@_N@Z
?nilRefLock@omni@@YAAAVomni_mutex@@XZ
??0omniObjRef@@IAE@XZ
?registerNilCorbaObject@omni@@YAXPAVObject@CORBA@@@Z
??1Object@CORBA@@UAE@XZ
?_non_existent@Object@CORBA@@UAE_NXZ
?_remove_ref@ServantBase@PortableServer@@UAEXXZ
??1omniObjRef@@MAE@XZ
?ORB_init@CORBA@@YAPAVORB@1@AAHPAPADPBDQAY01PBD@Z
??1ServantBase@PortableServer@@UAE@XZ
?_downcast@ServantBase@PortableServer@@EAEPAXXZ
?unmarshalReturnedValues@omniCallDescriptor@@UAEXAAVcdrStream@@@Z
?_do_get_interface@ServantBase@PortableServer@@EAEPAVomniObjRef@@XZ
?releaseObjRef@omni@@YAXPAVomniObjRef@@@Z
?_PR_magic@Object@CORBA@@2KB
?_CORBA_use_nil_ptr_as_nil_objref@@YA_NXZ
?omniORB_4_1@omni@@3PBDB
??1_omniFinalCleanup@@QAE@XZ
??0_omniFinalCleanup@@QAE@XZ
?_is_a@omniServant@@UAE_NPBD@Z
?_NP_incrRefCount@Object@CORBA@@UAEXXZ
?_NP_decrRefCount@Object@CORBA@@UAEXXZ
?_ptrToObjRef@Object@CORBA@@UAEPAXPBD@Z
?_localServantTarget@omniObjRef@@UAEPBDXZ
?_enableShortcut@omniObjRef@@UAEXPAVomniServant@@PB_N@Z
?_uncheckedNarrow@omniObjRef@@QAEPAXPBD@Z
?_realNarrow@omniObjRef@@QAEPAXPBD@Z
?duplicateObjRef@omni@@YAXPAVomniObjRef@@@Z
?_unMarshal@omniObjRef@@SAPAV1@PBDAAVcdrStream@@@Z
?_marshal@omniObjRef@@SAXPAV1@AAVcdrStream@@@Z

omnidynamic411_vc6_rt

??1TypeCode_member@CORBA@@QAE@XZ
??1Any@CORBA@@QAE@XZ
?release@IDLType_Helper@CORBA@@SAXPAV_objref_IDLType@2@@Z

omnithread33_vc6_rt

??1init_t@omni_thread@@QAE@XZ
??0init_t@omni_thread@@QAE@XZ

omnissltp411_vc6_rt

?key_file_password@sslContext@@2PBDB
?verify_mode@sslContext@@2HA
?_omni_omnisslTP_should_be_linked_but_is_not_@@3HA
?singleton@sslContext@@2PAV1@A
??0sslContext@@QAE@PBD00@Z
?key_file@sslContext@@2PBDB
?certificate_authority_file@sslContext@@2PBDB

ws2_32

htons
WSACleanup
connect
closesocket
WSAStartup
WSAGetLastError
gethostbyname
socket

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??_8?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_7?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??1ios_base@std@@UAE@XZ
??0ios_base@std@@IAE@XZ
??1?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
?_Decref@facet@locale@std@@QAEPAV123@XZ
??0Init@ios_base@std@@QAE@XZ

ssleay32

ord48
ord96
ord108
ord130
ord8
ord127
ord43
ord87
ord75
ord12
ord74
ord183
ord113
ord78

msvcrt

__CxxFrameHandler
_purecall
strncpy
memmove
printf
strstr
sprintf
strrchr
rand
srand
time
free
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
malloc
_adjust_fdiv
??2@YAPAXI@Z
_stat

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2857e3940300c550a7953b17e88d3afd

Headers

File Characteristics

Imports

kernel32

user32

shell32

urlmon

omniorb411_vc6_rt

omnidynamic411_vc6_rt

omnithread33_vc6_rt

omnissltp411_vc6_rt

ws2_32

msvcp60

ssleay32

msvcrt

Sections

.text Size: 88KB - Virtual size: 85KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 19KB

.idata Size: 12KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 19KB

.idata
Size: 12KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 4KB