ef63e2a469ec80cc3dfb6333163ca9e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ef63e2a469ec80cc3dfb6333163ca9e5_JaffaCakes118
Size

870KB
MD5

ef63e2a469ec80cc3dfb6333163ca9e5
SHA1

63cc48c096c5e8f87e5de7341920d83eaad1418d
SHA256

13e4873c779a3a97f8b3383b461264fc27aa0eda56ae997e26248360c6749e02
SHA512

8f2477bd7bf1dbf38ec254bd7fd5068d18cc41957a3425c63780a9d574ba3a6f48b9f6a769a58ac4e04e0907b0a24e1b066f45f61cba27d1ba7d23fc15310292
SSDEEP

24576:LmTBjNGCG24DKpfKtKpEXLbMiZtuj+Q3t8:L2BjNGY4qivXLYeCP6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef63e2a469ec80cc3dfb6333163ca9e5_JaffaCakes118

Files

ef63e2a469ec80cc3dfb6333163ca9e5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e75557a5fbb28d28d9a3d5e594a08273

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
GetCurrentProcessId
FindClose
GetStartupInfoA
GetFileSize
SetConsoleCursor
FindNextFileW
GlobalMemoryStatusEx
HeapCreate
WriteConsoleOutputCharacterA
SetProcessPriorityBoost
GetFileAttributesExA
LCMapStringA
CompareStringW
DosPathToSessionPathW
QueryPerformanceCounter
EnumSystemLocalesA
LoadLibraryA
FillConsoleOutputCharacterA
SetProcessWorkingSetSize
GetVersion
OutputDebugStringA
LoadModule
IsBadWritePtr
SetLocalPrimaryComputerNameW
EnumResourceNamesA
RegisterConsoleOS2
BaseDumpAppcompatCache
VirtualAlloc
GetConsoleDisplayMode
SetConsoleTitleA
SetWaitableTimer
LZRead
GetPrivateProfileIntW
SetComputerNameW
GlobalFindAtomA
SwitchToFiber

msvcrt40

isalnum
?write@ostream@@QAEAAV1@PBEH@Z
_getmaxstdio
_mbstrlen
_wsystem
?tie@ios@@QBEPAVostream@@XZ
_wexeclpe
_daylight
wcscpy
?put@ostream@@QAEAAV1@E@Z
?stdiofile@stdiobuf@@QAEPAU_iobuf@@XZ
??1ofstream@@UAE@XZ
??0bad_typeid@@QAE@PBD@Z
iswxdigit
?get@istream@@QAEAAV1@AAE@Z
_ismbcl0
_findclose
?sgetn@streambuf@@QAEHPADH@Z
_mbsncat
_cputs
__argv
?lock@ios@@QAAXXZ
?get@istream@@IAEAAV1@PADHH@Z
_cprintf
__p__wcmdln
_beginthread
??_7istrstream@@6B@
_close
_mbscpy
_mtlock
??_8ofstream@@7B@
_wopen
_jn
?get@istream@@QAEHXZ
_fcloseall
_ismbbgraph
_osver
getc
_mbsupr
gmtime
??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z
?str@strstreambuf@@QAEPADXZ
_open_osfhandle

gdi32

EngGradientFill
GetStringBitmapA
StartDocA
ExtCreatePen
GetRelAbs
SetRelAbs
GetPath
GdiConvertRegion
SetMapperFlags
DdEntry18
GdiCreateLocalEnhMetaFile
GetTransform
DdEntry44
GetLayout
GetBoundsRect
CreateDiscardableBitmap
AddFontMemResourceEx
GetCurrentObject
CopyMetaFileA
GetTextCharsetInfo
DdEntry4
CloseMetaFile
GdiFixUpHandle
FONTOBJ_cGetAllGlyphHandles
SetWindowExtEx
GetTextExtentExPointW

vssapi

?OnPrepareBackup@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?IsBootableSystemStateBackedUp@CVssWriter@@IBG_NXZ
?OnFreezeEnd@CVssJetWriter@@UAG_N_N@Z
?CreateVssSnapshotSetDescription@@YGJU_GUID@@JPAPAVIVssSnapshotSetDescription@@@Z
?OnPostRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?Uninitialize@CVssJetWriter@@QAGXXZ
?InstallAlternateWriter@CVssWriter@@QAGJU_GUID@@0@Z
?IsPartialFileSupportEnabled@CVssWriter@@IBG_NXZ
?OnFreezeBegin@CVssJetWriter@@UAG_NXZ
?OnContinueIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?SetWriterFailure@CVssWriter@@IAGJJ@Z
VssFreeSnapshotProperties
?OnPostSnapshot@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?GetCurrentVolumeCount@CVssWriter@@IBGIXZ
?AreComponentsSelected@CVssWriter@@IBG_NXZ
??0CVssJetWriter@@QAE@XZ
?GetCurrentVolumeArray@CVssWriter@@IBGPAPBGXZ
?OnPostRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z
?OnPreRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?GetBackupType@CVssWriter@@IBG?AW4_VSS_BACKUP_TYPE@@XZ
?OnPrepareSnapshotEnd@CVssJetWriter@@UAG_N_N@Z
?OnPrepareSnapshotBegin@CVssJetWriter@@UAG_NXZ
?OnPreRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnPrepareBackupBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
??1CVssJetWriter@@UAE@XZ
?CreateVssExamineWriterMetadata@@YGJPAGPAPAVIVssExamineWriterMetadata@@@Z
?OnThawEnd@CVssJetWriter@@UAG_N_N@Z
?IsPathAffected@CVssWriter@@IBG_NPBG@Z
?OnBackupCompleteEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
IsVolumeSnapshotted
?OnBackupCompleteBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnIdentify@CVssJetWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
?Unsubscribe@CVssWriter@@QAGJXZ
?OnIdentify@CVssWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
?GetCurrentLevel@CVssWriter@@IBG?AW4_VSS_APPLICATION_LEVEL@@XZ
?OnAbortEnd@CVssJetWriter@@UAGXXZ
??0CVssWriter@@QAE@XZ
?Subscribe@CVssWriter@@QAGJK@Z
?OnBackOffIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?OnPreRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareBackupEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnAbortBegin@CVssJetWriter@@UAGXXZ
?OnPostRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
??1CVssWriter@@UAE@XZ

mprddm

DDMGetIdentityAttributes
IfObjectInitiatePersistentConnections
IfObjectNotifyOfReachabilityChange
RasAuthProviderInitialize
RasAcctProviderInitialize
DDMRegisterConnectionNotification
RasAcctConfigChangeNotification
DDMAdminConnectionEnum
DDMServiceInitialize
DDMAdminPortClearStats
IfObjectSetDialoutHoursRestriction
DDMConnectInterface
DDMAdminPortGetInfo
RasAcctProviderFreeAttributes
RasAcctProviderInterimAccounting
RasAcctProviderTerminate
RasAuthProviderFreeAttributes
RasAuthProviderTerminate
DDMSendUserMessage
RasAcctProviderStopAccounting
DDMServicePostListens
RasAcctProviderStartAccounting
DDMTransportCreate
DDMAdminInterfaceDisconnect
DDMAdminPortReset

ole32

CLSIDFromOle1Class
OleCreate
PropSysAllocString
CLSIDFromProgIDEx
CoIsOle1Class
CoDisableCallCancellation
SNB_UserSize
HMETAFILE_UserMarshal
CoGetCurrentLogicalThreadId
CoInstall
SNB_UserUnmarshal
CoMarshalHresult
GetDocumentBitStg
StringFromGUID2
CoPushServiceDomain
OleSetAutoConvert
CoCopyProxy
StgOpenStorageEx
StgGetIFillLockBytesOnILockBytes
HBRUSH_UserFree
CoTaskMemRealloc
PropVariantClear
CLSIDFromProgID
CoUnloadingWOW
HACCEL_UserMarshal
StgCreateStorageEx
CreateAntiMoniker
CreateBindCtx
GetErrorInfo
CoInvalidateRemoteMachineBindings
CoRegisterPSClsid
OleConvertIStorageToOLESTREAM
GetHGlobalFromStream
CoSuspendClassObjects
MonikerRelativePathTo
CoRegisterChannelHook
ReadClassStm
ReadOleStg
HACCEL_UserUnmarshal
CoGetClassObject
HkOleRegisterObject
OleLoadFromStream
CoDisconnectObject

Sections

.text
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 618KB - Virtual size: 618KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e75557a5fbb28d28d9a3d5e594a08273

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt40

gdi32

vssapi

mprddm

ole32

Sections

.text Size: 207KB - Virtual size: 207KB

.rdata Size: 618KB - Virtual size: 618KB

.data Size: 41KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 207KB - Virtual size: 207KB

.rdata
Size: 618KB - Virtual size: 618KB

.data
Size: 41KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B