f99f0c01e2d3db9e4071becbbcbd4af9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f99f0c01e2d3db9e4071becbbcbd4af9_JaffaCakes118
Size

870KB
MD5

f99f0c01e2d3db9e4071becbbcbd4af9
SHA1

fb367d5afef101ebc5ff6845715cc30278258aee
SHA256

cc845d4b9cde6cd771a36a44dc2ecc800757eaf99b021258fc91670fec99441c
SHA512

689baf43af811a30963caba4ff51ef6324bf7f91ff76133cf4cd473cbb78e3950295cd329e96ab1d3aaa186e499f52a9684de9d2f7efc8449654cf2db3395c77
SSDEEP

24576:OvNVaFlZmGFm6L81XIyVXJ+itTJ+egsc:O7awGFc1XVftXc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f99f0c01e2d3db9e4071becbbcbd4af9_JaffaCakes118

Files

f99f0c01e2d3db9e4071becbbcbd4af9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

81d7cb2229b4790ddbdb821bd48a99cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_ntoa
WSAEventSelect
WSACreateEvent
WSAGetLastError
WSACleanup
WSANSPIoctl
WSACancelAsyncRequest
WSAGetServiceClassNameByClassIdA
WSACloseEvent
WSAAsyncGetHostByAddr
WSACancelBlockingCall
getservbyname
WSAConnect
socket
recv
WSASend
WSAStringToAddressW
closesocket
WSAEnumNetworkEvents
sendto
WSAJoinLeaf
WSAEnumNameSpaceProvidersA
WSAAsyncGetProtoByName
WSASetServiceA
WSAGetServiceClassInfoW
WSAAddressToStringW
WSCEnumProtocols
WSCUnInstallNameSpace
WSALookupServiceBeginW
ioctlsocket
WSARecvFrom
WSAAccept
WSARecv
ntohl
WSAGetOverlappedResult
WSARemoveServiceClass
getaddrinfo
WSCDeinstallProvider
WPUCompleteOverlappedRequest
WSAAsyncGetHostByName
setsockopt
WSASendTo

ntdll

RtlGetProcessHeaps
RtlAppendPathElement
ZwFlushVirtualMemory
RtlImageDirectoryEntryToData
RtlGetCurrentDirectory_U
RtlInitNlsTables
RtlComputeCrc32
RtlNtStatusToDosErrorNoTeb
_ultow
LdrGetProcedureAddress
__toascii
CsrClientCallServer
ZwOpenProcess
_memicmp
RtlFlushSecureMemoryCache
RtlGetElementGenericTableAvl
RtlUnicodeToOemN
ZwWaitForDebugEvent
RtlMoveMemory
ZwRequestPort
RtlCopyString
NtUnlockVirtualMemory
RtlEqualSid
DbgUiDebugActiveProcess
NtQueryQuotaInformationFile
NtSetValueKey

kernel32

GetExitCodeProcess
GetTapeStatus
SetConsoleNlsMode
CopyFileExW
IsBadStringPtrW
SetConsoleInputExeNameA
FoldStringW
GetLastError
Process32NextW
FindNextChangeNotification
SetUnhandledExceptionFilter
GetSystemDefaultUILanguage
VirtualAlloc
SetThreadUILanguage
DebugBreak
SetLastConsoleEventActive
IsDBCSLeadByte
GetEnvironmentStringsA
CreateNamedPipeW
FindNextVolumeW
GetFullPathNameA
GetCurrentConsoleFont
RtlZeroMemory
SetHandleContext
SetFileApisToANSI
GetConsoleNlsMode
ClearCommError
GetProcessHeaps
RemoveVectoredExceptionHandler
GetThreadTimes
GetTempPathA
GetQueuedCompletionStatus
DelayLoadFailureHook
PeekConsoleInputW
MapUserPhysicalPages
GlobalUnfix
DeleteFiber
GlobalAlloc
GetPriorityClass
MoveFileExA
SetConsoleScreenBufferSize
EnumUILanguagesA
CreateDirectoryExW
GetNamedPipeHandleStateW
CreateWaitableTimerW
GetThreadSelectorEntry
ExitVDM
LoadLibraryA
SetPriorityClass
TransmitCommChar
GetFileAttributesExA
LZSeek
SetEnvironmentVariableW
DeleteAtom
CreateEventW
GetCommTimeouts
GetDriveTypeW
SetProcessAffinityMask
GlobalUnlock
SetUserGeoID
Beep
ReadConsoleOutputAttribute
OpenProfileUserMapping
SetConsoleCursorMode
GetCurrentThread
SetTapePosition
ConnectNamedPipe
SetCurrentDirectoryA
WaitForDebugEvent
SetLastError
AllocConsole
WritePrivateProfileSectionW
GetVolumeInformationA
GetConsoleKeyboardLayoutNameW
GetDefaultCommConfigA
EndUpdateResourceA

ole32

CoLockObjectExternal
HMETAFILE_UserMarshal
OleCreateFromData
CreateDataAdviseHolder
HBITMAP_UserFree
OleCreateLinkEx
HBRUSH_UserFree
CoCreateObjectInContext
PropStgNameToFmtId
CreateStreamOnHGlobal
ReadClassStm
OleSetMenuDescriptor
StgOpenStorageOnILockBytes
GetRunningObjectTable
CoCreateGuid
CoGetStandardMarshal
RevokeDragDrop
HWND_UserSize
STGMEDIUM_UserMarshal
CoInvalidateRemoteMachineBindings
CreateAntiMoniker
CLIPFORMAT_UserUnmarshal
OpenOrCreateStream
OleSave
WdtpInterfacePointer_UserMarshal
IsValidIid
OleConvertIStorageToOLESTREAM
CoInitializeWOW
GetHGlobalFromILockBytes
IIDFromString
CoGetCallContext
OleConvertIStorageToOLESTREAMEx
StgOpenStorageEx
CoSetProxyBlanket
CoPushServiceDomain
CoDisableCallCancellation
CoRegisterMallocSpy
CoSetCancelObject
ComPs_NdrDllUnregisterProxy
CoTaskMemRealloc
ReadFmtUserTypeStg
CoTaskMemFree
ReadOleStg

crtdll

_ismbslead
_close
_mbctolower
_mbsrev
_umask
_ismbbprint
strncpy
atof
log
isalnum
_spawnl
_fputchar
__toascii
clock
_j1
fsetpos
strtok
is_wctype
towlower
_mktemp
wcstol
_unloaddll
_mbsnbcmp
_putenv
_commode_dll
_chdrive

cmutil

GetOSMajorVersion
?GetFile@CIniW@@QBEPBGXZ
CmMalloc
??0CIniW@@QAE@PAUHINSTANCE__@@PBG111@Z
??4CmLogFile@@QAEAAV0@ABV0@@Z
CmLoadImageW
?SetWriteICSData@CIniW@@QAEXH@Z
?GetRegPath@CIniA@@QBEPBDXZ
?GPPS@CIniW@@QBEPAGPBG00@Z
?WPPB@CIniW@@QAEXPBG0H@Z
??1CmLogFile@@QAE@XZ
?WPPI@CIniW@@QAEXPBG0K@Z
CmStrCatAllocW
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBD@Z
?SetFile@CIniA@@QAEXPBD@Z
CmStrTrimW
?SetRegPath@CIniW@@QAEXPBG@Z
?Clear@CIniA@@QAEXXZ
?Clear@CIniW@@QAEXXZ
CmStrCpyAllocA
?WPPS@CIniW@@QAEXPBG00@Z
?CIniA_WriteEntryToReg@CIniA@@IBEHPAUHKEY__@@PBD1PBEKK@Z
?CIniW_WriteEntryToReg@CIniW@@IBEHPAUHKEY__@@PBG1PBEKK@Z
CmAtolA
?SetWriteICSData@CIniA@@QAEXH@Z
?SetICSDataPath@CIniA@@QAEXPBD@Z
CmWinHelp
CmFree
CmLoadIconA
GetOSBuildNumber
?Generate@CRandom@@QAEHXZ
CmParsePathW
?SetPrimaryRegPath@CIniW@@QAEXPBG@Z
?SetSection@CIniA@@QAEXPBD@Z
??4CRandom@@QAEAAV0@ABV0@@Z
?GPPI@CIniA@@QBEKPBD0K@Z
?Clear@CmLogFile@@QAEXH@Z

Sections

.text
Size: 191KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 386KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 290KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81d7cb2229b4790ddbdb821bd48a99cd

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

ntdll

kernel32

ole32

crtdll

cmutil

Sections

.text Size: 191KB - Virtual size: 192KB

.rdata Size: 386KB - Virtual size: 388KB

.data Size: 512B - Virtual size: 1.7MB

.rsrc Size: 290KB - Virtual size: 292KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 191KB - Virtual size: 192KB

.rdata
Size: 386KB - Virtual size: 388KB

.data
Size: 512B - Virtual size: 1.7MB

.rsrc
Size: 290KB - Virtual size: 292KB

.reloc
Size: 1024B - Virtual size: 4KB