fc9a726360ef718892dc78c222ff7585_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fc9a726360ef718892dc78c222ff7585_JaffaCakes118
Size

828KB
MD5

fc9a726360ef718892dc78c222ff7585
SHA1

c43390a52af32d79171cbe8331e73de3111f07cb
SHA256

0ca8ef1a19842e699c6c0575e5f1ea14e6f5c76a9e8f1f0a5b07b554cd605a55
SHA512

d45e89dc2c9db8b151798e7884f943539cdcdb80fe1499a30b59e1147e24f761a4d59a3e9d923a0ce2a25826fd0b8a3f13be462ea16943a7746102878ec28061
SSDEEP

12288:98myYkJMCSJ5f3Bu+sdMlPkEJ+1LnPaljbo8LjbIdrQXtCRNkijdWEMNooTq:5AMPZ3Bup+SjSJL4idCRNkiJ/MNT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc9a726360ef718892dc78c222ff7585_JaffaCakes118

Files

fc9a726360ef718892dc78c222ff7585_JaffaCakes118
.exe windows:5 windows x86 arch:x86

87b101a65297c173df6f7dcfec3cb168

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

WmiFreeBuffer
ComputeAccessTokenFromCodeAuthzLevel
IsValidAcl
SystemFunction009
CryptCreateHash
SetFileSecurityA
LsaEnumerateTrustedDomainsEx
IsTokenRestricted
CreateProcessAsUserW
WmiSetSingleInstanceW
ObjectOpenAuditAlarmA
LookupSecurityDescriptorPartsA
InstallApplication
LsaSetTrustedDomainInformation
MSChapSrvChangePassword
ProcessIdleTasks
RegQueryValueExA
InitializeSecurityDescriptor
MD5Init
SystemFunction012
CredProfileLoaded
LsaCreateSecret
LsaQueryDomainInformationPolicy
SetPrivateObjectSecurity
RegCreateKeyExW
LsaStorePrivateData
ObjectPrivilegeAuditAlarmA
QueryServiceConfigA
LookupAccountSidW
StartTraceW
CredReadA
ObjectCloseAuditAlarmA
LsaQueryInfoTrustedDomain
SystemFunction007
CredEnumerateW
UpdateTraceA
RegQueryValueA
ObjectCloseAuditAlarmW
CryptDuplicateHash
AddAccessDeniedAce
FileEncryptionStatusA
CryptSignHashW
AccessCheck
OpenBackupEventLogW
MapGenericMask
A_SHAUpdate
LookupPrivilegeNameA
SetEntriesInAccessListW
GetSecurityDescriptorSacl
RegSaveKeyW
CryptDestroyKey
QueryServiceLockStatusW
SystemFunction021
RegisterEventSourceW
GetAce
GetTrusteeTypeW
MD5Final
LsaSetSystemAccessAccount
TraceMessage
PrivilegeCheck
ElfOpenBackupEventLogA
LsaOpenPolicy
ConvertStringSDToSDRootDomainA
DeleteService
CryptSetKeyParam
ImpersonateAnonymousToken
RegLoadKeyA
SystemFunction019
OpenEventLogA
I_ScIsSecurityProcess
WmiQuerySingleInstanceMultipleA
CredMarshalCredentialA
LookupAccountSidA
LsaQueryInformationPolicy
OpenProcessToken
DecryptFileA
SaferiChangeRegistryScope
GetSecurityInfoExA
BuildTrusteeWithSidA
WmiQueryAllDataW
EnumServicesStatusA
DuplicateTokenEx
SetInformationCodeAuthzPolicyW

rpcrt4

I_RpcBindingInqLocalClientPID
RpcServerTestCancel
RpcObjectSetInqFn
UuidIsNil
UuidFromStringW
NdrFullPointerXlatFree
RpcServerInqDefaultPrincNameA
RpcCertGeneratePrincipalNameW
NdrNonConformantStringBufferSize
RpcIfIdVectorFree
CStdStubBuffer_DebugServerRelease
NdrStubForwardingFunction
RpcMgmtSetComTimeout
NdrFreeBuffer
RpcServerUseAllProtseqsIf
NdrConformantStructUnmarshall
NdrRpcSsEnableAllocate
SimpleTypeBufferSize
NdrConformantStructBufferSize
I_RpcParseSecurity
NdrSimpleStructFree
NdrXmitOrRepAsUnmarshall
RpcMgmtStatsVectorFree
RpcRaiseException
I_RpcServerUseProtseq2A
NDRSContextMarshall2
NdrpReleaseTypeGenCookie
RpcSsSwapClientAllocFree
NdrStubCall
NdrMesProcEncodeDecode
NdrComplexStructFree
NdrNonEncapsulatedUnionMemorySize
NdrUserMarshalUnmarshall

kernel32

EnumerateLocalComputerNamesA
FreeConsole
Toolhelp32ReadProcessMemory
LoadLibraryA
GetCommandLineW
lstrcmp
RegisterWowBaseHandlers
GetStdHandle
GetCurrentProcessId
GetShortPathNameW
FindAtomW
GetProfileIntA
SetLocalTime
GetDevicePowerState
GetPrivateProfileSectionNamesW
BeginUpdateResourceW
GlobalCompact
PurgeComm
DeleteAtom
WaitForMultipleObjects
VirtualAlloc
BaseCheckAppcompatCache
GetConsoleInputExeNameW
GlobalMemoryStatus
ReadConsoleInputW
ZombifyActCtx
CopyFileExA
LoadLibraryExW
SetEndOfFile
GetProcessShutdownParameters
GetSystemTimeAsFileTime
InitializeCriticalSection
GetThreadContext
ReadConsoleInputExA
lstrlenA
CreateWaitableTimerW

msvcrt40

??0strstreambuf@@QAE@P6APAXJ@ZP6AXPAX@Z@Z
?attach@filebuf@@QAEPAV1@H@Z
_getdrives
_wsetlocale
_mbsncpy
??5istream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
_wsopen
??0ios@@QAE@PAVstreambuf@@@Z
??0strstreambuf@@QAE@PADH0@Z
??0exception@@QAE@ABQBD@Z
?cin@@3Vistream_withassign@@A
?gbump@streambuf@@IAEXH@Z
?sync_with_stdio@ios@@SAXXZ
_splitpath
?read@istream@@QAEAAV1@PAEH@Z
??_E__non_rtti_object@@UAEPAXI@Z
??_8stdiostream@@7Bistream@@@
rand
_seh_longjmp_unwind
??0fstream@@QAE@PBDHH@Z
??_Gofstream@@UAEPAXI@Z
_wspawnle
mbtowc
perror
_wopen
_mbclen
_strtime
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
__threadhandle
??0__non_rtti_object@@QAE@ABV0@@Z
_adj_fdiv_m16i
??0istrstream@@QAE@ABV0@@Z
_errno
_gcvt
isspace
_wexecvp
??_7ostrstream@@6B@
_isnan
_CIacos
vsprintf
??5istream@@QAEAAV0@AAJ@Z
??4strstream@@QAEAAV0@AAV0@@Z

msvcp60

?_Doraise@domain_error@std@@MBEXXZ
?_Doraise@range_error@std@@MBEXXZ
?_Init@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
?_Isinf@?$_Ctr@O@std@@SA_NO@Z
?do_hash@?$collate@D@std@@MBEJPBD0@Z
?signaling_NaN@?$numeric_limits@O@std@@SAOXZ
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@KAPADPADDH@Z
??0Init@ios_base@std@@QAE@XZ
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAC@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBD@Z
?pubseekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@V32@F@Z
??Y?$_Complex_base@N@std@@QAEAAV01@ABN@Z
??0?$numpunct@D@std@@QAE@I@Z
?round_error@?$numeric_limits@C@std@@SACXZ
??0range_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7?$ctype@G@std@@6B@
??_F?$codecvt@GDH@std@@QAEXXZ
?seekpos@?$basic_filebuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@V32@H@Z
wcrtomb
?log@std@@YA?AV?$complex@O@1@ABV21@@Z
?iword@ios_base@std@@QAEAAJH@Z
?round_error@?$numeric_limits@H@std@@SAHXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPAD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
?_Ifmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@KAPADPADDH@Z

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 541KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87b101a65297c173df6f7dcfec3cb168

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

rpcrt4

kernel32

msvcrt40

msvcp60

Sections

.text Size: 120KB - Virtual size: 120KB

.rdata Size: 157KB - Virtual size: 157KB

.data Size: 541KB - Virtual size: 1.9MB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 352B

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 157KB - Virtual size: 157KB

.data
Size: 541KB - Virtual size: 1.9MB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 352B