fa2ea598c524b7f9c1bd2dbf4bab45ba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa2ea598c524b7f9c1bd2dbf4bab45ba_JaffaCakes118
Size

867KB
MD5

fa2ea598c524b7f9c1bd2dbf4bab45ba
SHA1

cb8a2fd1d42cde6c12580d3f4fb7c6bbcdac88b7
SHA256

86dc125d394f31eb5372b1b4a1b884676f8a83b937327454ec647a299e17aae7
SHA512

f40a92a6b730cecf07a948d35589a56061cb3437fbd6f73b1c99bd064287cd16453ad498098e785362f1e7cfd10b719c996563c7e5fee238806c62aa57dc6ad8
SSDEEP

12288:/ijb9C5DrNa+6wtcz80pOel6MOCKlKfsyKspY691kElUH7qrJb91yWF4L6/D2:/EkDvFcQeJjOCKlKfsyVpbb87oqWG2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa2ea598c524b7f9c1bd2dbf4bab45ba_JaffaCakes118

Files

fa2ea598c524b7f9c1bd2dbf4bab45ba_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e2fa7e4928d80025edc78e8bf70b8ed4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeNameForVolumeMountPointW
ClearCommBreak
RegisterWowExec
WriteProcessMemory
PeekConsoleInputW
GetFileAttributesExA
VirtualAlloc
AssignProcessToJobObject
CompareFileTime
GetProfileStringW
AddLocalAlternateComputerNameA
GetCurrentThread
OpenSemaphoreA
CreateRemoteThread
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetACP
DeleteTimerQueue
ReadProcessMemory
SetConsoleCursorInfo
GetStartupInfoA
SetCriticalSectionSpinCount
AddLocalAlternateComputerNameW
GetEnvironmentStringsA
EnterCriticalSection
GetCurrentProcessId
BackupSeek
DeleteCriticalSection
GetConsoleAliasesW
LeaveCriticalSection
DuplicateConsoleHandle
EnumTimeFormatsA
LZDone
CreateSemaphoreW
ExpandEnvironmentStringsA
EnumDateFormatsExA
GetProcessTimes
QueryInformationJobObject
WriteFileEx
AddVectoredExceptionHandler
GlobalUnWire
GetPrivateProfileSectionW
ConnectNamedPipe
GetNativeSystemInfo
lstrcat

crtdll

_spawnlpe
_fileinfo_dll
_ftol
_ismbcdigit
iswpunct
_spawnlp
_cexit
gets
calloc
fgetpos
_getche
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
strrchr
_cabs
_mbsnbcpy
_CIcos
_wcslwr
_yn
_ismbbkpunct
_toupper
_getsystime
_CIfmod
isdigit
_mbctype
fwprintf
_ismbcupper
memmove
_putenv
vsprintf
_execlp
_copysign
_CIsinh
fsetpos
_findnext
_spawnvpe
wcspbrk
iswxdigit
??3@YAXPAX@Z
_wtoi
_getcwd
wctomb
_osversion_dll
asin
_winmajor_dll
isalpha

cryptui

LocalEnrollNoDS
CryptUIDlgSelectStoreW
CryptUIWizCreateCertRequestNoDS
CryptUIDlgViewCertificateW
CryptUIDlgSelectCA
CryptUIDlgSelectCertificateW
CryptUIDlgViewCertificateA
ACUIProviderInvokeUI
CryptUIDlgViewSignerInfoA
LocalEnroll
CryptUIFreeViewSignaturesPagesA
CryptUIDlgCertMgr
CryptUIDlgSelectStoreA
CryptUIGetCertificatePropertiesPagesW
CryptUIStartCertMgr
CryptUIDlgViewCTLW
CryptUIDlgViewCTLA
CryptUIWizSubmitCertRequestNoDS
CryptUIWizFreeDigitalSignContext
CryptUIDlgSelectCertificateFromStore
RetrievePKCS7FromCA
CryptUIWizExport
CryptUIWizDigitalSign
WizardFree
CryptUIFreeViewSignaturesPagesW
CryptUIWizQueryCertRequestNoDS
CryptUIGetViewSignaturesPagesW
EnrollmentCOMObjectFactory_getInstance
CryptUIDlgViewCRLA
CryptUIGetViewSignaturesPagesA

opengl32

glTexCoord1d
glColor3sv
glTexEnvi
glTexGenf
glRotated
glTexCoord4dv
glEnableClientState
glGetPointerv
glVertex2sv
glRasterPos3i
glCopyPixels
wglGetLayerPaletteEntries
glLightiv
glVertex4dv
glOrtho
glGetTexEnviv
glTexCoord3f
glListBase
glTranslated
glPassThrough
glDeleteLists
glRasterPos2iv
glColor4f
glVertex4sv
glEvalCoord2fv
glColor3fv
glRasterPos2sv
wglUseFontOutlinesW
wglDescribePixelFormat
glPolygonMode
glVertex4iv
glEvalCoord2dv
glTexGeniv
glMatrixMode
glTexCoord4i
glStencilFunc
glStencilOp
glGetFloatv
glBlendFunc
glColor4us
glNormalPointer
glIsEnabled

wsock32

WSApSetPostRoutine
__WSAFDIsSet
TransmitFile
GetAcceptExSockaddrs
getpeername
recv
WSAAsyncGetHostByAddr
ioctlsocket
inet_ntoa
GetTypeByNameW
MigrateWinsockConfiguration
WSAAsyncSelect
WSACleanup
WSAAsyncGetHostByName
EnumProtocolsA
htonl
GetNameByTypeA
GetServiceA
WSACancelBlockingCall
recvfrom
WSACancelAsyncRequest
GetNameByTypeW
GetAddressByNameW
sendto
AcceptEx
GetTypeByNameA
htons
gethostbyname
send
GetAddressByNameA
EnumProtocolsW
WSAUnhookBlockingHook
rexec
getnetbyname
WSAAsyncGetProtoByNumber
inet_network
shutdown

advapi32

RegisterServiceCtrlHandlerExW
RegQueryValueA
CredDeleteW
OpenEventLogW
EqualSid
ChangeServiceConfig2A
MapGenericMask
EnumDependentServicesW
GetSecurityDescriptorOwner
LsaQueryInfoTrustedDomain
BuildSecurityDescriptorA
LookupSecurityDescriptorPartsA
SetEntriesInAccessListA
CryptSetProviderA
AccessCheckByTypeResultListAndAuditAlarmA
AccessCheck
GetUserNameW
WmiQuerySingleInstanceMultipleW
CryptGetDefaultProviderA
RegisterServiceCtrlHandlerA
SaferiIsExecutableFileType
LsaStorePrivateData
ObjectPrivilegeAuditAlarmW
SetAclInformation
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSDToSDDomainW
SystemFunction031
RegOpenKeyExA
LsaGetUserName
OpenBackupEventLogW
SystemFunction020
InitiateSystemShutdownA
MakeSelfRelativeSD
StopTraceW
GetInheritanceSourceW
ConvertSecurityDescriptorToAccessNamedA

query

??0CFullPath@@QAE@PBGI@Z
?ParseTree@CParseCommandTree@@QAEXPAVCDbCmdTreeNode@@@Z
??1CDbProp@@QAE@XZ
?Done@CFwAsyncWorkItem@@QAEXXZ
?DecodeURLEscapes@@YGXPAEAAKPAGK@Z
?NewStemmer@CCiOle@@SGPAUIStemmer@@ABU_GUID@@@Z
??1CParseCommandTree@@QAE@XZ
?UnMarshall@CDbProp@@QAEHAAVPDeSerStream@@@Z
?_wcsFileName@CGlobalPropFileRefresher@@0PAGA
?GetNumber@CQueryScanner@@QAEHAAKAAH@Z
?TreeCount@CRestriction@@QBEKXZ
?GetDATE@CAllocStorageVariant@@QBENI@Z
??1CMetaDataMgr@@QAE@XZ
??0CValueNormalizer@@QAE@AAVPKeyRepository@@@Z
?Read@CRegAccess@@QAEKPBGK@Z
?ParseQueryPhrase@CQueryParser@@QAEPAVCDbRestriction@@XZ
?MakeBackupCopy@CPidLookupTable@@QAEXAAVPRcovStorageObj@@AAVPSaveProgressTracker@@@Z
?SetSZParam@CMachineAdmin@@QAEXPBG0K@Z
?DisableCI@CMachineAdmin@@QAEHXZ
??0CException@@QAE@XZ
?WriteProperty@CPropStoreManager@@QAEJAAVCCompositePropRecordForWrites@@KABVCStorageVariant@@@Z
??0CFullPropSpec@@QAE@ABV0@@Z
?Add@CDbSortSet@@QAEHABVCDbColId@@KI@Z
?VT_VARIANT_EQ@@YGHABUtagPROPVARIANT@@0@Z
?Add@CKeyArray@@QAEHHABVCKey@@@Z
?GetString@CMemDeSerStream@@UAEPADXZ
?BorrowBuffer@CPhysStorage@@QAEPAKKHH@Z
?GetPropTypeCount@CEmptyPropertyList@@SGIXZ
?SetProperty@CDbPropBaseRestriction@@QAEHABVCDbColumnNode@@@Z
SetupCacheEx
??0CPropertyRestriction@@QAE@XZ
?Empty@CPidLookupTable@@QAEXXZ
?OpenRecordForWrites@CPropStoreManager@@QAEPAVCCompositePropRecordForWrites@@KPAE@Z
??1CDynStream@@QAE@XZ
?Serialize@CDbQueryResults@@QBEXAAVPSerStream@@@Z

msvcp60

?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEGG@Z
??1length_error@std@@UAE@XZ
?_Getcat@?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIXZ
?_Tidy@locale@std@@CAXXZ
??0money_base@std@@QAE@I@Z
??0messages_base@std@@QAE@I@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??1?$moneypunct@G$0A@@std@@UAE@XZ
?getline@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@PAGHG@Z
??_F?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??0?$moneypunct@G$00@std@@QAE@ABV_Locinfo@1@I@Z
??Y?$_Complex_base@M@std@@QAEAAV01@ABM@Z
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
?width@ios_base@std@@QAEHH@Z
??4?$complex@M@std@@QAEAAV01@ABM@Z
?infinity@?$numeric_limits@M@std@@SAMXZ
?get@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@PAGH@Z
?round_error@?$numeric_limits@I@std@@SAIXZ
??Ystd@@YAAAV?$complex@O@0@AAV10@ABV10@@Z
??0locale@std@@QAE@ABV01@0H@Z
?cosh@std@@YA?AV?$complex@M@1@ABV21@@Z
?widen@?$ctype@G@std@@QBEGD@Z
?signaling_NaN@?$numeric_limits@O@std@@SAOXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?max@?$numeric_limits@E@std@@SAEXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?write@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@PBGH@Z
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??Gstd@@YA?AV?$complex@O@0@ABOABV10@@Z
??Y?$_Complex_base@O@std@@QAEAAV01@ABO@Z
_FDenorm
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAJ@Z
??Z?$_Complex_base@N@std@@QAEAAV01@ABN@Z
??0Init@ios_base@std@@QAE@XZ

qdv

DllGetClassObject

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 347KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2fa7e4928d80025edc78e8bf70b8ed4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crtdll

cryptui

opengl32

wsock32

advapi32

query

msvcp60

qdv

Sections

.text Size: 152KB - Virtual size: 152KB

.rdata Size: 363KB - Virtual size: 363KB

.data Size: 347KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 152KB - Virtual size: 152KB

.rdata
Size: 363KB - Virtual size: 363KB

.data
Size: 347KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB