fcbb678142ba2f910a84809cc9a8088c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fcbb678142ba2f910a84809cc9a8088c_JaffaCakes118
Size

136KB
MD5

fcbb678142ba2f910a84809cc9a8088c
SHA1

224b154c394f21e5a7ee4735c14789a9490f785f
SHA256

e2ff030a4dfab14a33fd4e640c4b2bc8dfedeb3ae4726673d5fbdbd2820e6ae5
SHA512

301cf058a115a45d740cb8956e6dca4920873b40c473c6d7cc8660516a25d9df38c44626ccf7425b8f8d3031b3a7e5457c8141197396495e97c47669cd74999a
SSDEEP

3072:KBhmps1ILJ6AYM4gU2gJo6i9BbYwls8BcjfCMWDYXp5iRv:XG1Il6AYd2gJC9Rrs8c8YZ5iR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcbb678142ba2f910a84809cc9a8088c_JaffaCakes118

Files

fcbb678142ba2f910a84809cc9a8088c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

153d91d80e66c8c4595649797b0318f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

duser

GetStdColorF
GetGadgetBufferInfo
UtilDrawBlendRect
GetGadgetCenterPoint
UnregisterGadgetProperty
GetStdColorPenI
GetGadgetTicket
DetachWndProc
GetStdColorBrushI
GetMessageExW
AddGadgetMessageHandler
DUserPostMethod
SetGadgetRotation
WaitMessageEx
IsInsideContext
DUserRegisterSuper
BuildAnimation
DUserFindClass
SetGadgetMessageFilter
GetGadgetScale
ForwardGadgetMessage
InitGadgetComponent
GetMessageExA
AttachWndProcW
DUserCastHandle
GetGadgetSize
DUserSendEvent
RemoveGadgetMessageHandler
GetGadgetStyle
UtilGetColor
DUserStopAnimation
DUserRegisterStub
GetGadgetRotation
GetGadgetAnimation

adsldpc

LdapTypeBinaryToString
FreeADsMem
LdapControlsFree
LdapGetNextPageS
ADSIGetPreviousRow
ADsEnumAttributes
BuildADsParentPathFromObjectInfo
FindEntryInSearchTable
BuildADsParentPath
LdapCompareExt
ADsSetSearchPreference
LdapSearchAbandonPage
ADSICloseSearchHandle
LdapMsgFree
ADsExecuteSearch
ADSIGetObjectAttributes
LdapValueFree
LdapTypeToAdsTypeDNWithString
LdapValueFreeLen
ADsDeleteClassDefinition
LdapTypeToAdsTypeUTCTime
AdsTypeToLdapTypeCopyGeneralizedTime
ADsGetNextRow
ConvertSidToString
?SetAtDisabler@CLexer@@QAEXH@Z
ReadSecurityDescriptorControlType
ADsGetObjectAttributes
FreeObjectInfo
LdapSearch
LdapFirstEntry
LdapMakeSchemaCacheObsolete
LdapDeleteExtS
LdapReadAttributeFast
LdapRenameExtS
ConvertSidToU2Trustee
LdapTypeCopyConstruct
ADsCreateClassDefinition
AdsTypeToLdapTypeCopyConstruct
LdapReadAttribute

ufat

??0ROOTDIR@@QAE@XZ
?Initialize@FILEDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@K@Z
??0REAL_FAT_SA@@QAE@XZ
??0CLUSTER_CHAIN@@QAE@XZ
?QueryLastAccessTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?Read@REAL_FAT_SA@@UAEEPAVMESSAGE@@@Z
?Initialize@FAT_DIRENT@@QAEEPAX@Z
ChkdskEx
??1FAT_DIRENT@@UAE@XZ
?QueryNthCluster@FAT@@QBEKKK@Z
?InitFATChkDirty@REAL_FAT_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@@Z
?QueryLongName@FATDIR@@QAEEJPAVWSTRING@@@Z
?IsValidCreationTime@FAT_DIRENT@@QBEEXZ
?QueryLengthOfChain@FAT@@QBEKKPAK@Z
?SearchForDirEntry@FATDIR@@QAEPAXPBVWSTRING@@@Z
??0FAT_DIRENT@@QAE@XZ
FormatEx
?QueryLastWriteTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?Set12@FAT@@AAEXKK@Z
??1ROOTDIR@@UAE@XZ
?QueryCensusAndRelocate@FAT_SA@@QAEEPAU_CENSUS_REPORT@@PAVINTSTACK@@PAE@Z
?Index12@FAT@@ABEKK@Z
?QueryFileStartingCluster@FAT_SA@@QAEKPBVWSTRING@@PAVHMEM@@PAPAVFATDIR@@PAEPAVFAT_DIRENT@@@Z
?Initialize@CLUSTER_CHAIN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?QueryName@FAT_DIRENT@@QBEEPAVWSTRING@@@Z
??1EA_HEADER@@UAE@XZ
?Initialize@EA_HEADER@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?Initialize@EA_SET@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?Initialize@REAL_FAT_SA@@UAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@E@Z
?QueryEaSetClusterNumber@EA_HEADER@@QBEGG@Z
?Initialize@ROOTDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KJ@Z
??1EA_SET@@UAE@XZ
??0EA_SET@@QAE@XZ
?FreeChain@FAT@@QAEXK@Z
??1CLUSTER_CHAIN@@UAE@XZ
?QueryFreeSectors@REAL_FAT_SA@@QBEKXZ
Format
Recover

snmpapi

SnmpUtilOidCpy
SnmpUtilPrintOid
SnmpUtilOidFree
SnmpUtilIdsToA
SnmpUtilAnsiToUnicode
SnmpUtilVarBindListFree
SnmpSvcGetUptimeFromTime
SnmpSvcAddrIsIpx
SnmpUtilOctetsCmp
SnmpUtilMemReAlloc
SnmpUtilAsnAnyFree
SnmpSvcGetUptime
SnmpSvcInitUptime
SnmpUtilUTF8ToUnicode
SnmpUtilAsnAnyCpy
SnmpUtilVarBindListCpy
SnmpUtilOctetsFree
SnmpUtilVarBindCpy
SnmpSvcGetEnterpriseOID
SnmpTfxQuery
SnmpUtilOidNCmp
SnmpSvcAddrToSocket
SnmpUtilOidToA
SnmpUtilVarBindFree
SnmpSvcSetLogType
SnmpUtilMemFree
SnmpUtilOctetsNCmp
SnmpUtilUnicodeToAnsi
SnmpSvcSetLogLevel
SnmpUtilOidCmp
SnmpTfxOpen
SnmpUtilUnicodeToUTF8
SnmpUtilMemAlloc
SnmpUtilDbgPrint
SnmpUtilPrintAsnAny
SnmpUtilOctetsCpy
SnmpUtilOidAppend
SnmpTfxClose

wininet

InternetGetPerSiteCookieDecisionA
InternetSetDialStateW
FindCloseUrlCache
InternetSetOptionA
InternetGetLastResponseInfoW
InternetGetConnectedStateExA
InternetGoOnlineW
InternetCheckConnectionW
InternetDialA
InternetClearAllPerSiteCookieDecisions
InternetWriteFileExW
InternetReadFile
SetUrlCacheConfigInfoW
FtpPutFileEx
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoW
InternetOpenW
InternetQueryOptionA
SetUrlCacheConfigInfoA
DeleteUrlCacheEntryA
InternetGetPerSiteCookieDecisionW
HttpSendRequestA
InternetTimeFromSystemTime
FindNextUrlCacheEntryW
InternetConfirmZoneCrossing
HttpQueryInfoA
FindFirstUrlCacheEntryW
InternetReadFileExA
SetUrlCacheEntryGroupW
UnlockUrlCacheEntryFileW
InternetTimeFromSystemTimeA
IsHostInProxyBypassList

mapistub

CreateTable@36
ScCopyNotifications@16
MNLS_lstrcmpW@8
UNKOBJ_ScCOAllocate@12
HrThisThreadAdviseSink@8
BMAPIGetReadMail
cmc_send_documents
ScCopyProps@16
RTFSync@12
MAPIDeinitIdle@0
MAPIResolveName
FtgRegisterIdleRoutine@20
FixMAPI@0
FtMulDw@12
FBadSortOrderSet@4
ScMAPIXFromCMC
SzFindLastCh@8
MNLS_lstrcpyW@8
ScUNCFromLocalPath@12
ScCreateConversationIndex@16
UNKOBJ_ScSzFromIdsAlloc@20
OpenTnefStreamEx
FBadRglpNameID@8
FBadPropTag@4
HrAddColumns@16
MAPIOpenLocalFormContainer@4
LpValFindProp@12
MAPIAllocateBuffer

kernel32

GetSystemDirectoryA
IsProcessInJob
MapUserPhysicalPagesScatter
GetBinaryTypeA
SetLocalTime
GetLocaleInfoW
SetCommConfig
HeapSummary
OpenJobObjectA
SetVolumeMountPointW
ShowConsoleCursor
SetupComm
LoadLibraryA
AddConsoleAliasW
WriteConsoleOutputW
GetStartupInfoW
GetFileTime
SetLastError
VirtualAlloc
SwitchToThread
_lwrite
GetConsoleFontSize
FindNextVolumeW
SetProcessAffinityMask
GetProfileSectionW
GetNumaAvailableMemoryNode
GlobalAddAtomA
LocalFree
GetDiskFreeSpaceExW
WritePrivateProfileStructW
GetDiskFreeSpaceW
LocalAlloc
GlobalMemoryStatusEx
DuplicateHandle
FindNextFileW
WriteConsoleOutputCharacterW
HeapCreate
UpdateResourceA
MapViewOfFileEx
VirtualLock
OpenJobObjectW
DefineDosDeviceA
VerSetConditionMask
GetNativeSystemInfo
VirtualQueryEx

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

153d91d80e66c8c4595649797b0318f2

Headers

DLL Characteristics

File Characteristics

Imports

duser

adsldpc

ufat

snmpapi

wininet

mapistub

kernel32

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 55KB - Virtual size: 204KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 160B

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 55KB - Virtual size: 204KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 160B