fc204841ee00f819698153ea891c8712_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fc204841ee00f819698153ea891c8712_JaffaCakes118
Size

367KB
MD5

fc204841ee00f819698153ea891c8712
SHA1

221589bbf0a33c3b7074600abf59ecda708ba23a
SHA256

2dfecddad878f88aa8f842bb589436655b37de8ff6eb8c35bcaa7d2f857c67df
SHA512

de60c25456eaeef94ec2b037f755cd6eba432453a84a670b755d3d7d58fb589203862976d562c33a828741c47fbb3ed6027c11ef2614cda32ee3342045a2e424
SSDEEP

6144:dDpXg314csF866r7m+humdULbJn83zgFXQdbhhqKxevVEBBf1CvVdQ/NmQY7psqL:dK3e4SmKMHePdUmQyx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc204841ee00f819698153ea891c8712_JaffaCakes118

Files

fc204841ee00f819698153ea891c8712_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9d223a448099fc2de5aeae6f26edf20b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cryptui

CryptUIDlgViewCRLW
CryptUIDlgSelectCA
LocalEnrollNoDS
CryptUIGetViewSignaturesPagesW
WizardFree
CryptUIFreeViewSignaturesPagesA
CryptUIWizDigitalSign
CryptUIDlgViewCertificateA
CryptUIWizCertRequest
CryptUIGetViewSignaturesPagesA
CryptUIDlgViewCTLA
CryptUIDlgSelectCertificateA
CryptUIDlgSelectCertificateW
CryptUIGetCertificatePropertiesPagesA
CryptUIDlgFreeCAContext
CryptUIDlgViewCertificateW
CryptUIFreeCertificatePropertiesPagesA
CryptUIDlgViewCertificatePropertiesA
RetrievePKCS7FromCA
CryptUIDlgViewCRLA
CryptUIFreeCertificatePropertiesPagesW
CryptUIWizBuildCTL
CryptUIWizFreeDigitalSignContext
CryptUIWizExport
CryptUIGetCertificatePropertiesPagesW
CryptUIFreeViewSignaturesPagesW
CryptUIDlgViewCTLW
CryptUIDlgViewSignerInfoA
CryptUIWizSubmitCertRequestNoDS
LocalEnroll
CryptUIDlgSelectStoreA
CryptUIStartCertMgr
CryptUIDlgSelectStoreW
EnrollmentCOMObjectFactory_getInstance
CryptUIDlgCertMgr

crtdll

ftell
_findclose
_mbsnbset
_purecall
calloc
abs
_dup
isxdigit
_write
_strinc
_y1
_mbsdup
_assert
__threadhandle
_ltow
ispunct
wcsncat
_fileinfo_dll
_mbsspn
_vsnprintf
_flushall
putchar
_mbsnbcmp
atan
_ungetch
_strnicmp
_mbscat
_fpieee_flt
??2@YAPAXI@Z
_wcsnicmp
ferror
mblen
exit
_tell
_mbcjistojms
tmpfile
remove
ldexp
_rmdir
_wcsdup
_strcmpi
isprint

advapi32

SystemFunction018
GetExplicitEntriesFromAclW
CloseCodeAuthzLevel
ReadEventLogA
ConvertStringSDToSDRootDomainW
CredReadDomainCredentialsW
SetKernelObjectSecurity
SystemFunction007
InitiateSystemShutdownA
GetTrusteeTypeW
OpenSCManagerA
CryptGetUserKey
MD5Final
GetWindowsAccountDomainSid
SystemFunction030
InitializeSecurityDescriptor
CreateCodeAuthzLevel
CredMarshalCredentialW
BuildImpersonateTrusteeA
GetTrusteeNameA
UnlockServiceDatabase
OpenServiceA
ImpersonateSelf
MakeAbsoluteSD2
GetMultipleTrusteeOperationA
SystemFunction012
CreateProcessAsUserW
SystemFunction023
AccessCheckByType
ConvertStringSidToSidA
RegisterTraceGuidsA
GetLocalManagedApplications
WmiSetSingleInstanceW
LsaSetForestTrustInformation

kernel32

InterlockedPopEntrySList
CreateActCtxW
LZSeek
GetFullPathNameA
LeaveCriticalSection
OpenProcess
GetProcessWorkingSetSize
DnsHostnameToComputerNameA
FatalAppExitW
TransmitCommChar
VerLanguageNameW
GetTimeFormatW
GetCurrentProcess
DeleteCriticalSection
SetComputerNameW
IsBadWritePtr
GetEnvironmentVariableW
FindNextVolumeMountPointW
FindResourceExW
CreateSemaphoreW
GetStringTypeExW
EnterCriticalSection
GetWriteWatch
ReplaceFileW
CallNamedPipeA
AddLocalAlternateComputerNameW
PeekConsoleInputA
WaitNamedPipeA
LoadLibraryA
VirtualAlloc
GetDiskFreeSpaceA
GetCurrentActCtx

expsrv

__vbaVarTstGt
rtcIPMT
rtcDir
_adj_fdiv_m32i
__vbaCVarAryUdt
__vbaR4ErrVar
rtcVarStrFromVar
rtcFormatNumber
VarPtr
rtcVarFromVar
__vbaFileOpen
rtcCos
__vbaVarNot
rtcFileLength
__vbaCyForInit
__vbaLateMemSt
rtcIntVar
rtcFormatDateTime
__vbaDateVar
__vbaFpCDblR8
rtcGetDayOfMonth
rtcRightTrimVar
__vbaR4ForNextCheck
rtcCommandBstr
__vbaCastObj
rtcSgnVar
rtcIsDate
__vbaVarIdiv
rtcBstrFromChar
__vbaPrintFile
EbLibraryLoad
__vbaFpR4
__vbaVargVar
rtcGetTimeBstr
__vbaVarIndexStoreObj
__vbaAryConstruct2
__vbaFreeStr

mprapi

MprAdminInterfaceSetCredentials
MprAdminIsDomainRasServer
MprAdminUserSetInfo
MprAdminRegisterConnectionNotification
MprConfigInterfaceDelete
MprAdminUpgradeUsers
MprAdminInterfaceGetInfo
MprAdminPortGetInfo
MprAdminTransportCreate
CompressPhoneNumber
MprAdminConnectionGetInfo
MprAdminMIBEntryDelete
MprInfoRemoveAll
MprAdminDeregisterConnectionNotification
MprConfigInterfaceTransportAdd
MprAdminUserGetInfo
MprConfigTransportCreate
MprAdminMIBEntryGetNext
MprAdminUserWriteProfFlags
MprInfoBlockRemove
MprAdminGetErrorString
MprConfigInterfaceGetHandle
MprAdminUserReadProfFlags
MprAdminConnectionClearStats
MprInfoDuplicate
MprAdminUserServerDisconnect
MprAdminServerGetInfo
MprAdminServerConnect
MprConfigInterfaceGetInfo
MprConfigBufferFree
MprAdminMIBEntryCreate
MprConfigServerInstall
MprInfoBlockAdd
MprAdminMIBEntryGet
MprDomainQueryRasServer
MprAdminInterfaceDisconnect

msvcp60

?do_in@?$codecvt@DDH@std@@MBEHAAHPBD1AAPBDPAD3AAPAD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??8std@@YA_NABV?$complex@N@0@0@Z
??Gstd@@YA?AV?$complex@N@0@ABNABV10@@Z
??_7out_of_range@std@@6B@
??Ostd@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
?close@?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAEPAV12@XZ
?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@@Z
??X?$_Complex_base@N@std@@QAEAAV01@ABN@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
??_7?$moneypunct@D$00@std@@6B@
?pbackfail@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGG@Z
?min@?$numeric_limits@I@std@@SAIXZ
??1?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
?wcin@std@@3V?$basic_istream@GU?$char_traits@G@std@@@1@A
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?seekp@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
?min@?$numeric_limits@M@std@@SAMXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0locale@std@@QAE@ABV01@0H@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?_Callfns@ios_base@std@@AAEXW4event@12@@Z
??Pstd@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??1?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$codecvt@DDH@std@@UAE@XZ
?_Init@?$ctype@D@std@@IAEXABV_Locinfo@2@@Z
?do_grouping@?$_Mpunct@G@std@@MBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??4?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?_Index@ios_base@std@@0HA
?id@?$moneypunct@D$0A@@std@@2V0locale@2@A
??_Fbad_cast@std@@QAEXXZ
?log@?$_Ctr@O@std@@SAOO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAK@Z
?ws@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@@Z
??_7time_base@std@@6B@
??4?$numeric_limits@K@std@@QAEAAV01@ABV01@@Z

mgmtapi

SnmpMgrCtl
SnmpMgrGetTrapEx
SnmpMgrOidToStr
SnmpMgrClose
SnmpMgrRequest
SnmpMgrOpen
SnmpMgrTrapListen
SnmpMgrStrToOid
SnmpMgrGetTrap

wininet

InternetGetConnectedStateExA
FindNextUrlCacheEntryExW
GetUrlCacheGroupAttributeW
InternetSetCookieW
InternetGetPerSiteCookieDecisionW
ParseX509EncodedCertificateForListBoxEntry
InternetGoOnline
GopherCreateLocatorW
FtpOpenFileW
InternetAutodial
InternetSetOptionW
HttpOpenRequestA
InternetCanonicalizeUrlA
InternetSecurityProtocolToStringA
FtpGetFileW
InternetSetStatusCallback
DeleteUrlCacheGroup
HttpEndRequestA
InternetOpenUrlA
FtpFindFirstFileW
IsHostInProxyBypassList
RetrieveUrlCacheEntryFileW
FtpPutFileEx
InternetCanonicalizeUrlW
InternetGetCookieA
SetUrlCacheConfigInfoW
GetUrlCacheEntryInfoExA

comctl32

PropertySheet
ImageList_LoadImageA
ImageList_DragMove
DrawInsert
ImageList_Create
DrawStatusTextA
InitCommonControls
ImageList_SetFlags
ImageList_DragEnter
ImageList_SetIconSize
FlatSB_GetScrollRange
DestroyPropertySheetPage
ImageList_DrawEx
InitCommonControlsEx
CreateToolbarEx
ImageList_Add
CreateUpDownControl
ImageList_Read
FlatSB_SetScrollRange
CreatePropertySheetPageW
ImageList_SetOverlayImage
DllGetVersion
GetMUILanguage
FlatSB_SetScrollInfo
FlatSB_GetScrollPos

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 293KB - Virtual size: 756KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d223a448099fc2de5aeae6f26edf20b

Headers

DLL Characteristics

File Characteristics

Imports

cryptui

crtdll

advapi32

kernel32

expsrv

mprapi

msvcp60

mgmtapi

wininet

comctl32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 293KB - Virtual size: 756KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 293KB - Virtual size: 756KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB