f639b43bae41d9ae14656cdcf63adecd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f639b43bae41d9ae14656cdcf63adecd_JaffaCakes118
Size

861KB
MD5

f639b43bae41d9ae14656cdcf63adecd
SHA1

cc21125336aa18f023c9e4c27c5765d046a3de2a
SHA256

f750bda8407962b4b10123289f1af6e92642c3c169bf941a8f26f13255dddd1b
SHA512

23adc3f42ab3680530e77024237f920e00a61deb4d1f6f146d0ac9ac80664baaaf053e89a6790baa33b274fae60614d058ac4699aa442d1deddc2b5826817535
SSDEEP

12288:6pPlGvqZlT9/epXNtVaDbYTMqtJAmR/31z9Xmub7oHlZ6ppBTyzy2XBWEF1RveQo:+9gqZzq9tVaDbgl/lguoFgpTjaWu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f639b43bae41d9ae14656cdcf63adecd_JaffaCakes118

Files

f639b43bae41d9ae14656cdcf63adecd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4a09ecacbe9211812af6fdf1f8cb1e48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleOutputCP
DeleteAtom
GetPrivateProfileSectionNamesW
CreateFileMappingW
EnumDateFormatsExW
CreateMutexA
VerifyVersionInfoW
GetBinaryTypeW
GlobalUnlock
GetConsoleCursorMode
GlobalFindAtomA
SetConsoleWindowInfo
GetFullPathNameW
EndUpdateResourceA
WriteConsoleOutputCharacterW
GetDiskFreeSpaceExW
AllocateUserPhysicalPages
TransactNamedPipe
LocalLock
MultiByteToWideChar
SetLastError
ScrollConsoleScreenBufferA
OpenEventW
GetConsoleCommandHistoryA
DuplicateHandle
LoadLibraryA
VirtualAlloc
IsBadCodePtr
GetFileSize
DeleteTimerQueueTimer
DeleteTimerQueue
GetVolumeInformationA
EnumResourceTypesW
CancelDeviceWakeupRequest
HeapSetInformation
SetConsoleInputExeNameA
AddVectoredExceptionHandler
GlobalWire
GetCommState
IsProcessorFeaturePresent
GetSystemWow64DirectoryW
WritePrivateProfileStructW
SwitchToFiber
CreateDirectoryExA
PeekConsoleInputA
ConvertFiberToThread
WriteConsoleW
GetPrivateProfileStringW
InterlockedFlushSList
SetInformationJobObject
CmdBatNotification
GetConsoleCommandHistoryW
MapViewOfFile
CompareFileTime
GetTempPathA
LocalUnlock
lstrcatA
QueryActCtxW
GetStringTypeExA
SetLocaleInfoW
GetCPInfo
VirtualUnlock
_llseek
IsDebuggerPresent
OpenEventA
InterlockedExchange
GetLongPathNameA
RegisterConsoleOS2
GetConsoleTitleA
ClearCommError
GetLocaleInfoW
LocalReAlloc
QueueUserAPC
DnsHostnameToComputerNameA
DisconnectNamedPipe
GetConsoleAliasExesW
GetCommTimeouts
SetLocaleInfoA
GetCalendarInfoA
SetTapePosition

msvcrt40

_umask
_adj_fprem
__fpecode
_mbsnbcat
_spawnvpe
_statusfp
__p__acmdln
_chgsign
fclose
_adj_fdiv_m64
?get@istream@@QAEAAV1@AAE@Z
_sopen
?sh_none@filebuf@@2HB
?read@istream@@QAEAAV1@PAEH@Z
_ismbclegal
??_7strstream@@6B@
??_8strstream@@7Bistream@@@
wcstol
?overflow@strstreambuf@@UAEHH@Z
_outp
fgets
?fd@fstream@@QBEHXZ
??_Eostrstream@@UAEPAXI@Z
_mbsnbcpy
_itoa
wcscoll
__p__iob
wcscmp
??_7istream_withassign@@6B@
_strlwr
_strupr
??6ostream@@QAEAAV0@K@Z
??0strstreambuf@@QAE@XZ
fputs
??0bad_typeid@@QAE@ABV0@@Z
??0ifstream@@QAE@XZ
_execv
iswcntrl
??1istream@@UAE@XZ
wcsspn
_mbctype

advapi32

ElfOldestRecord
SaferCloseLevel
QueryTraceA
WmiSetSingleItemW
ReadEncryptedFileRaw
RemoveTraceCallback
SaferiSearchMatchingHashRules
RevertToSelf
MakeSelfRelativeSD
UpdateTraceA
RegOverridePredefKey
LsaQuerySecret
WmiSetSingleInstanceW
ReportEventA
DeregisterEventSource
CryptSetKeyParam
BuildTrusteeWithObjectsAndSidW
CryptAcquireContextW
AddUsersToEncryptedFile
OpenBackupEventLogA
TrusteeAccessToObjectW
SystemFunction018
SystemFunction040
GetSecurityDescriptorRMControl
CreateWellKnownSid
PrivilegedServiceAuditAlarmW

samlib

SamCreateGroupInDomain
SamiChangeKeys
SamQueryInformationAlias
SamiOemChangePasswordUser2
SamConnect
SamDeleteUser
SamOpenAlias
SamRidToSid
SamGetAliasMembership
SamQueryInformationDomain
SamGetGroupsForUser
SamCreateUser2InDomain
SamiSetDSRMPasswordOWF
SamDeleteGroup
SamRemoveMultipleMembersFromAlias
SamSetInformationAlias
SamTestPrivateFunctionsUser
SamEnumerateDomainsInSamServer
SamChangePasswordUser
SamRemoveMemberFromGroup
SamiLmChangePasswordUser
SamRemoveMemberFromAlias
SamSetInformationUser
SamQueryDisplayInformation
SamGetMembersInGroup
SamiChangePasswordUser2
SamTestPrivateFunctionsDomain
SamAddMemberToGroup
SamCloseHandle
SamAddMemberToAlias

msdart

?WriteUnlock@CLKRHashTable@@QBEXXZ
?TryWriteLock@CSpinLock@@QAE_NXZ
?WriteUnlock@CReaderWriterLock3@@QAEXXZ
?ReadOrWriteLock@CCritSec@@QAE_NXZ
?_DeleteRecord@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@PBXK@Z
??0CReaderWriterLock@@QAE@XZ
?_ExtractKey@CLKRHashTable@@ABE?BKPBX@Z
?WriteUnlock@CFakeLock@@QAEXXZ
?_AddRefRecord@CLKRLinearHashTable@@ABEXPBXH@Z
?_TryReadLock@CReaderWriterLock@@AAE_NXZ
?sm_wDefaultSpinCount@CReaderWriterLock2@@1GA
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock3@@SGXN@Z
?ReadOrWriteLock@CReaderWriterLock3@@QAE_NXZ
?DeleteKey@CLKRHashTable@@QAE?AW4LK_RETCODE@@K@Z
?Pop@CSingleList@@QAEQAVCSingleListEntry@@XZ
?_RemoveThisFromGlobalList@CLKRLinearHashTable@@AAEXXZ
?ReadUnlock@CLKRLinearHashTable@@QBEXXZ
??1CLKRLinearHashTable@@QAE@XZ
?TryReadLock@CFakeLock@@QAE_NXZ
?TryReadLock@CReaderWriterLock@@QAE_NXZ
?IsReadUnlocked@CReaderWriterLock3@@QBE_NXZ
?First@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?_Clear@CLKRLinearHashTable@@AAEX_N@Z
??4CReaderWriterLock3@@QAEAAV0@ABV0@@Z
?WriteUnlock@CSpinLock@@QAEXXZ
?GetDefaultSpinCount@CCritSec@@SGGXZ
?WriteLock@CCritSec@@QAEXXZ
?IsReadLocked@CSpinLock@@QBE_NXZ
MpHeapFree
?ReadUnlock@CSmallSpinLock@@QAEXXZ
?GetDefaultSpinAdjustmentFactor@CSpinLock@@SGNXZ
?sm_wDefaultSpinCount@CFakeLock@@1GA
?IsUnlocked@CLockedDoubleList@@QBE_NXZ
?_LockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
??4CMdVersionInfo@@QAEAAV0@ABV0@@Z
?ReadOrWriteUnlock@CCritSec@@QAEX_N@Z

Sections

.text
Size: 382KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 272KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a09ecacbe9211812af6fdf1f8cb1e48

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt40

advapi32

samlib

msdart

Sections

.text Size: 382KB - Virtual size: 382KB

.rdata Size: 204KB - Virtual size: 204KB

.data Size: 272KB - Virtual size: 1.7MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 382KB - Virtual size: 382KB

.rdata
Size: 204KB - Virtual size: 204KB

.data
Size: 272KB - Virtual size: 1.7MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B