0301dadfb14938fd19debfefbfdac66e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0301dadfb14938fd19debfefbfdac66e_JaffaCakes118
Size

871KB
MD5

0301dadfb14938fd19debfefbfdac66e
SHA1

d6c0c109c6408c4b039376c378031a544a39805c
SHA256

e4c957430bde698e843f8096dbb48c99a3ae0fcb279ccdae53e1e82091343c8b
SHA512

34aa48f4d290bfcd36da3e62cddb5aa571669874820a9694c6bb85bef9e5a8f4b1fdb9ae5a32f7772f93e99c9fc8437cb8945f2167936dce52e8c68b5f916396
SSDEEP

12288:ThEpgHbir7bLvOV27HwZhXpeEvKMD4qWjGcq5Aqgb4TSccUgOCAKgH55fpH4Mdng:Tu2HQvOawPePrGc0A981cUgOSo5hH4P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0301dadfb14938fd19debfefbfdac66e_JaffaCakes118

Files

0301dadfb14938fd19debfefbfdac66e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3263d3c6beb0bfd99df924c68c99df9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcirt

??0ofstream@@QAE@XZ
??_Gostrstream@@UAEPAXI@Z
??0strstreambuf@@QAE@H@Z
??6ostream@@QAEAAV0@PBC@Z
?sputbackc@streambuf@@QAEHD@Z
?write@ostream@@QAEAAV1@PBEH@Z
??_7ios@@6B@
??_Gostream_withassign@@UAEPAXI@Z
??1streambuf@@UAE@XZ
?fail@ios@@QBEHXZ
?setlock@ios@@QAAXXZ
?rdbuf@stdiostream@@QBEPAVstdiobuf@@XZ
??0strstreambuf@@QAE@XZ
??4ostream@@IAEAAV0@PAVstreambuf@@@Z
??_Gstrstreambuf@@UAEPAXI@Z
?freeze@strstreambuf@@QAEXH@Z
?sync@filebuf@@UAEHXZ
??0fstream@@QAE@PBDHH@Z
??5istream@@QAEAAV0@AAC@Z
?setlock@streambuf@@QAEXXZ
??0strstream@@QAE@ABV0@@Z
?ignore@istream@@QAEAAV1@HH@Z
?writepad@ostream@@AAEAAV1@PBD0@Z
?binary@filebuf@@2HB
?setmode@ofstream@@QAEHH@Z
??_7streambuf@@6B@
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
??_8ifstream@@7B@
??0stdiostream@@QAE@ABV0@@Z
?attach@filebuf@@QAEPAV1@H@Z
??_Gfilebuf@@UAEPAXI@Z
??5istream@@QAEAAV0@PAE@Z
??1istrstream@@UAE@XZ
?seekp@ostream@@QAEAAV1@J@Z
?sh_none@filebuf@@2HB
??_8ostream@@7B@
??_Dofstream@@QAEXXZ
??_Gstreambuf@@UAEPAXI@Z
??6ostream@@QAEAAV0@O@Z
?sunk_with_stdio@ios@@0HA
?is_open@ofstream@@QBEHXZ
??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z

msvcrt

_adj_fdiv_r
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_scprintf
_utime64
_mbsncat
_ismbbgraph
__p___winitenv
sin
_mbsncoll
_wfindfirsti64
raise
_unlink
gets
__setusermatherr
_findnexti64
_mbsnbicoll
_ismbslead
_commode
__p__mbcasemap
_wsetlocale
_y1
_fputchar
_strset
wscanf
swscanf
_Getmonths
getwc
?raw_name@type_info@@QBEPBDXZ
_wputenv
_osplatform

kernel32

VirtualAlloc
EnumDateFormatsExW
GetConsoleFontSize
GetConsoleInputExeNameA
GetLargestConsoleWindowSize
CompareFileTime
WriteConsoleInputVDMW
InitializeCriticalSection
GetCommTimeouts
BuildCommDCBAndTimeoutsA
GetBinaryTypeW
IsValidLocale
DelayLoadFailureHook
FindResourceExW
GlobalAddAtomW
SetCommConfig
SetDefaultCommConfigW
FatalAppExitA
SetThreadLocale
GetPrivateProfileStringA
PostQueuedCompletionStatus
TlsGetValue
GetLogicalDriveStringsA
GlobalFindAtomA
LZOpenFileW
Heap32Next
FindResourceW
OpenSemaphoreA
FreeResource
FlushConsoleInputBuffer
AllocateUserPhysicalPages
GetVolumeNameForVolumeMountPointW
GetLogicalDriveStringsW
LoadLibraryA

mlang

LcidToRfc1766A
ConvertINetString
ConvertINetUnicodeToMultiByte
Rfc1766ToLcidW
IsConvertINetStringAvailable
GetGlobalFontLinkObject
LcidToRfc1766W
DllGetClassObject
ConvertINetMultiByteToUnicode
ConvertINetReset
Rfc1766ToLcidA

query

?OpenRecord@CPropStoreManager@@QAEPAVCCompositePropRecord@@KPAE@Z
?EnumVServers@CMetaDataMgr@@QAEXAAVCMetaDataVirtualServerCallBack@@@Z
?GetDiskSpace@CDriveInfo@@QAEXAA_J0@Z
?ValidateScopeRestriction@@YGHPAVCRestriction@@@Z
?QueryInterface@CEnumWorkid@@UAGJABU_GUID@@PAPAX@Z
?Remove@CWorkQueue@@QAEXPAVPWorkItem@@@Z
??0CDriveInfo@@QAE@PBGK@Z
?Read@CRcovStrmTrans@@QAEKPAXK@Z
?EnableVPathNotify@CMetaDataMgr@@QAEXPAVCMetaDataVPathChangeCallBack@@@Z
?ReBuild@CPidRemapper@@QAEXABVCPidMapper@@@Z
?BorrowBuffer@CPhysStorage@@QAEPAKKHH@Z
??0CRcovStrmTrans@@IAE@AAVPRcovStorageObj@@W4RcovOpType@@@Z
?AddRef@CEnumString@@UAGKXZ
?IsLeaf@CRestriction@@QBEHXZ
??0CLangList@@QAE@PAUICiCLangRes@@K@Z
?MakePath@CFullPath@@QAEXPBG@Z
?GetWeight@CDbCmdTreeNode@@QBEJXZ
?AppendListElement@CDbListAnchor@@IAEHGABUtagDBID@@@Z
?GetOffset@CKeyDeComp@@QAEXAAUBitOffset@@@Z
?AcqPath@CQueryScanner@@QAEPAGXZ
?_wcstoui64@@YA_KPBGPAPAGH@Z
??0CDFA@@QAE@PBGAAVCTimeLimit@@E@Z
?AddArg@CEventItem@@QAEXK@Z
?SetDefaultProperty@CCatState@@QAEXPBG@Z
?StopCI@CMachineAdmin@@QAEHXZ
?AddCatalog@CCatState@@QAEXAAV?$XPtrST@G@@@Z
?Marshall@CNatLanguageRestriction@@QBEXAAVPSerStream@@@Z
?IsCIStopped@CMachineAdmin@@QAEHXZ
?Seek@CRcovStrmTrans@@QAEHK@Z

ufat

?Read@REAL_FAT_SA@@UAEEPAVMESSAGE@@@Z
?QueryNthCluster@FAT@@QBEKKK@Z
?QueryAllocatedClusters@FAT@@QBEKXZ
??0FAT_DIRENT@@QAE@XZ
?Initialize@EA_HEADER@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?Initialize@FAT_DIRENT@@QAEEPAX@Z
?Initialize@FILEDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@K@Z
?Set12@FAT@@AAEXKK@Z
?GetEa@EA_SET@@QAEPAU_EA@@KPAJPAE@Z
?QueryName@FAT_DIRENT@@QBEEPAVWSTRING@@@Z
?Read@EA_SET@@UAEEXZ
?Initialize@REAL_FAT_SA@@UAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@E@Z
?Initialize@CLUSTER_CHAIN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
??1REAL_FAT_SA@@UAE@XZ
??0CLUSTER_CHAIN@@QAE@XZ
?Initialize@FAT_DIRENT@@QAEEPAXE@Z
?Read@CLUSTER_CHAIN@@UAEEXZ
?QueryCensusAndRelocate@FAT_SA@@QAEEPAU_CENSUS_REPORT@@PAVINTSTACK@@PAE@Z
Chkdsk
??0ROOTDIR@@QAE@XZ
Recover
??0EA_HEADER@@QAE@XZ
??1CLUSTER_CHAIN@@UAE@XZ
?Index12@FAT@@ABEKK@Z
?Initialize@EA_SET@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
??1EA_SET@@UAE@XZ
?IsValidLastAccessTime@FAT_DIRENT@@QBEEXZ
??0FAT_SA@@QAE@XZ
??1FILEDIR@@UAE@XZ
Format
?FreeChain@FAT@@QAEXK@Z
?QueryFreeSectors@REAL_FAT_SA@@QBEKXZ
??1EA_HEADER@@UAE@XZ
?IsValidLastWriteTime@FAT_DIRENT@@QBEEXZ
?IsValidCreationTime@FAT_DIRENT@@QBEEXZ
?QueryEaSetClusterNumber@EA_HEADER@@QBEGG@Z
??0EA_SET@@QAE@XZ
?QueryLongName@FATDIR@@QAEEJPAVWSTRING@@@Z
??1FAT_SA@@UAE@XZ
FormatEx
?QueryLastWriteTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?AllocChain@FAT@@QAEKKPAK@Z
?Write@CLUSTER_CHAIN@@UAEEXZ

netapi32

NetGroupAdd
NetConfigGet
DsGetDcNextW
I_BrowserResetStatistics
NetValidateName
NetpGetFileSecurity
NetGetDisplayInformationIndex
NetpGetConfigBool
NetAuditRead
NetpCopyFtinfoContext
RxNetServerEnum
DsGetDcOpenW
I_NetLogonSamLogonEx
NetpGetConfigValue
NetWkstaUserEnum
I_NetLogonControl
NetConnectionEnum
NetUserChangePassword
NetGetDCName
NetDfsRemoveStdRoot
NetMessageNameGetInfo
NetApiBufferAllocate
I_NetServerAuthenticate
NetLocalGroupDelMembers
DsRoleDemoteDc

Sections

.text
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 206KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3263d3c6beb0bfd99df924c68c99df9f

Headers

DLL Characteristics

File Characteristics

Imports

msvcirt

msvcrt

kernel32

mlang

query

ufat

netapi32

Sections

.text Size: 341KB - Virtual size: 341KB

.rdata Size: 321KB - Virtual size: 321KB

.data Size: 206KB - Virtual size: 1.6MB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 341KB - Virtual size: 341KB

.rdata
Size: 321KB - Virtual size: 321KB

.data
Size: 206KB - Virtual size: 1.6MB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B