09da24b2ec3a3033d8f19af709a22184_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

09da24b2ec3a3033d8f19af709a22184_JaffaCakes118
Size

19.1MB
MD5

09da24b2ec3a3033d8f19af709a22184
SHA1

0666f6f97878be216c53c8d7d10efe409dad3d9f
SHA256

67c31c44aa66bf82a845fd0852eb086009d5662d34d1efd28c3d62017ee80d71
SHA512

7479890801fc8cb67b2670276bf7f4646ba9da609800f4c1bdc78621c2aeb812db41de3e730b2976ebec8d5e12b51a5ad448292416fd76965ad3c943e1f8fa08
SSDEEP

393216:u7QIQwnfu6/lAJllbmC4S4wYvIwMKTjcaWsUT1cEoJNRad7:ufu6/YD4S0vIqTGsU16JLal

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09da24b2ec3a3033d8f19af709a22184_JaffaCakes118

Files

09da24b2ec3a3033d8f19af709a22184_JaffaCakes118
.exe windows:4 windows x86 arch:x86

765e33752cace3617433aa3898b74995

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

wintrust

MsCatFreeHashTag
WVTAsn1SpcSigInfoDecode
WVTAsn1SpcSigInfoEncode
WVTAsn1SpcStatementTypeEncode
WTHelperOpenKnownStores
SoftpubLoadDefUsageCallData
WTHelperGetProvPrivateDataFromChain
CryptCATCDFEnumMembers
CatalogCompactHashDatabase
CryptCATCatalogInfoFromContext
CryptCATOpen
CryptCATPutAttrInfo
WVTAsn1CatMemberInfoEncode
DriverCleanupPolicy
CryptCATGetMemberInfo
SoftpubDefCertInit
DriverFinalPolicy
WTHelperGetFileName
CryptCATPutMemberInfo
WintrustGetRegPolicyFlags
WVTAsn1SpcPeImageDataEncode
TrustDecode
WVTAsn1SpcFinancialCriteriaInfoDecode
SoftpubLoadSignature
CryptCATCDFEnumCatAttributes
DriverInitializePolicy
mssip32DllUnregisterServer
WintrustCertificateTrust
WTHelperGetAgencyInfo
WTHelperProvDataFromStateData
CryptCATCDFOpen
CryptSIPCreateIndirectData
DllRegisterServer
OfficeCleanupPolicy
TrustFreeDecode
WVTAsn1CatNameValueDecode
WintrustAddDefaultForUsage
WVTAsn1SpcFinancialCriteriaInfoEncode

msvcp60

_Toupper

ws2help

WahEnableNonIFSHandleSupport
WahOpenHandleHelper
WahWaitForNotification
WahCreateNotificationHandle
WahRemoveHandleContext
WahDestroyHandleContextTable
WahCloseSocketHandle
WahCreateSocketHandle
WahCreateHandleContextTable
WahDisableNonIFSHandleSupport
WahCloseHandleHelper
WahOpenNotificationHandleHelper
WahOpenApcHelper
WahCloseApcHelper
WahCompleteRequest
WahQueueUserApc
WahNotifyAllProcesses

ntmarta

AccConvertAclToAccess
AccProvHandleGetAccessInfoPerObjectType
AccProvHandleRevokeAuditRights
AccProvIsAccessAudited
AccRewriteGetHandleRights
AccConvertAccessToSecurityDescriptor
EventNameFree
AccRewriteGetExplicitEntriesFromAcl
AccRewriteSetEntriesInAcl
AccProvCancelOperation
AccProvGetAllRights
AccProvGetTrusteesAccess
AccProvHandleGetAllRights
AccProvIsObjectAccessible
AccProvHandleIsObjectAccessible
EventGuidToName
AccProvGrantAccessRights
AccProvSetAccessRights
AccConvertSDToAccess
AccProvHandleRevokeAccessRights
AccLookupAccountSid
AccRewriteGetNamedRights
AccGetAccessForTrustee
AccProvGetAccessInfoPerObjectType
AccSetEntriesInAList
AccProvGetOperationResults
AccConvertAccessToSD
AccLookupAccountTrustee
AccProvHandleGetTrusteesAccess
AccProvHandleSetAccessRights
AccProvHandleGrantAccessRights
AccRewriteSetNamedRights
AccLookupAccountName
AccProvRevokeAuditRights
AccProvHandleIsAccessAudited
AccProvGetCapabilities
AccRewriteSetHandleRights
AccConvertAccessMaskToActrlAccess

dinput

DllRegisterServer
DllUnregisterServer
DirectInputCreateW
DllGetClassObject
DirectInputCreateA
DirectInputCreateEx
DllCanUnloadNow

msoert2

CreateDataObject
FIsEmptyA
HrCopyStreamCB
HrGetElementImpl
WriteStreamToFileHandle
ReplaceCharsW
CreateLogFile
PszDupW
OpenFileStreamShareW
CrackNotificationPackage
FIsEmptyW
PszDayFromIndex
GetDllMajorVersion
HrFindInetTimeZone
PszEscapeMenuStringA
FIsSpaceW
CreateSystemHandleName
OpenFileStreamWithFlagsW
IsUpper
CreateTempFileStream
OpenFileStream
HrLPSZCPToBSTR
WriteStreamToFileW
PszScanToCharA
HrStreamSeekCur
PszAllocA
PszSkipWhiteW
IsPrint
IsValidFileIfFileUrlW
CreateTempFile
HrGetStreamPos
HrCopyStream
HrIndexOfWeek
PVGetCertificateParam
IsDigit
FMissingCert
HrIndexOfMonth
CryptAllocFunc

kernel32

HeapLock
SetHandleCount
GetConsoleWindow
GetConsoleDisplayMode
CreateDirectoryExA
DisableThreadLibraryCalls
GetConsoleInputExeNameA
CloseHandle
DeleteFiber
SetCommConfig
GetModuleFileNameA
FreeLibrary
_lread
EnumLanguageGroupLocalesW
OpenSemaphoreW
WriteProfileSectionA
GetVolumePathNameA
BuildCommDCBAndTimeoutsW
GetThreadTimes
CreateMailslotA
ReadConsoleOutputA
SetCalendarInfoA
FindNextVolumeA
WriteConsoleInputVDMW
SetConsoleNlsMode
FreeLibraryAndExitThread
HeapSummary
GetFileType
CompareStringW
VerifyConsoleIoHandle
QueueUserWorkItem
FindNextFileA
CommConfigDialogA
_hread
VirtualAlloc
Beep
GlobalFindAtomA
GetProcessWorkingSetSize
GetFullPathNameW
EnumCalendarInfoExA
GetLastError
Process32FirstW
FillConsoleOutputCharacterA
AddConsoleAliasW
MapUserPhysicalPages
RegisterWowBaseHandlers
ResumeThread
QueryPerformanceCounter
SetThreadPriority
GetConsoleScreenBufferInfo
WriteConsoleInputA
Process32Next

sqlwoa

newWideCharFromMultiByte
_tfopen
newMultiByteFromWideChar
newMultiByteFromWideCharSize
_trename
ConvertMultiSZNameToW
newMultiByteFromWideCharEx
AllocConvertMultiSZNameToA
_tsystem

advpack

GetVersionFromFile

deskadp

DllCanUnloadNow
DllGetClassObject

stclient

DllUnregisterServer
DllGetClassObject
DllRegisterServer
DllCanUnloadNow

docprop

DllCanUnloadNow
DllGetClassObject

mciwave

DriverProc

iassvcs

IASSetMaxThreadIdle
IASUninitialize
IASAllocateUniqueID
IASAdler32
IASRadiusCrypt
DllRegisterServer
IASVariantChangeType
DllGetClassObject
IASSetMaxNumberOfThreads
IASInitialize
IASReportEvent
IASRegisterComponent
DllUnregisterServer
IASRequestThread
DllCanUnloadNow

mscms

GetCMMInfo
IsColorProfileValid
GetColorProfileFromHandle
DisassociateColorProfileFromDeviceA
SetColorProfileHeader
EnumColorProfilesW
GenerateCopyFilePaths
InternalGetPS2CSAFromLCS
TranslateColors
OpenColorProfileA
SetColorProfileElement
DeleteColorTransform
GetColorDirectoryA
OpenColorProfileW
GetColorProfileHeader
DisassociateColorProfileFromDeviceW
UnregisterCMMA
AssociateColorProfileWithDeviceA
EnumColorProfilesA
UninstallColorProfileA
GetNamedProfileInfo
InternalGetPS2ColorSpaceArray
InternalGetPS2ColorRenderingDictionary
GetStandardColorSpaceProfileW
RegisterCMMA
SelectCMM
GetColorDirectoryW
GetPS2ColorRenderingDictionary
CloseColorProfile
TranslateBitmapBits
SetStandardColorSpaceProfileA
InternalGetPS2PreviewCRD
InternalGetDeviceConfig
CreateColorTransformA
CreateColorTransformW
InstallColorProfileA
GetPS2ColorRenderingIntent
UninstallColorProfileW
UnregisterCMMW
InstallColorProfileW

certcli

CASetCertTypeFlags
CAFreeCertTypeExtensions
CAAddCACertificateType
CAFindByIssuerDN
CAFindByCertType
CASetCertTypeProperty
CACountCertTypes
CACreateCertType
CAEnumNextCA
CASetCACertificate
CAGetCertTypeProperty
CASetCAFlags
CAEnumCertTypes

pdh

PdhCollectQueryDataEx
PdhGetDataSourceTimeRangeW
PdhVbGetOneCounterPath
PdhEnumMachinesA
PdhGetFormattedCounterArrayA
PdhVbGetCounterPathFromList
PdhOpenQuery
PdhGetCounterInfoW
PdhValidatePathW
PdhExpandWildCardPathA
PdhGetDllVersion
PdhBrowseCountersA
PdhSelectDataSourceA
PdhExpandWildCardPathW
PdhVbAddCounter
PdhGetRawCounterValue
PdhEnumObjectsA
PdhCalculateCounterFromRawValue
PdhExpandCounterPathA
PdhIsRealTimeQuery
PdhGetLogFileSize
PdhAddCounterA
PdhSetDefaultRealTimeDataSource
PdhReadRawLogRecord
PdhVbOpenQuery
PdhListLogFileHeaderW
PdhVbGetLogFileSize
PdhFormatFromRawValue
PdhUpdateLogW
PdhUpdateLogFileCatalog
PdhGetDefaultPerfObjectW
PdhLookupPerfIndexByNameW

cliconfg

CPlApplet
ClientConfigureAddEdit
OnInitDialogMain

Sections

.data
Size: - Virtual size: 14.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

765e33752cace3617433aa3898b74995

Headers

File Characteristics

Imports

wintrust

msvcp60

ws2help

ntmarta

dinput

msoert2

kernel32

sqlwoa

advpack

deskadp

stclient

docprop

mciwave

iassvcs

mscms

certcli

pdh

cliconfg

Sections

.data Size: - Virtual size: 14.4MB

.rdata Size: 600KB - Virtual size: 600KB

.tls Size: 512B - Virtual size: 4KB

.text Size: 75KB - Virtual size: 75KB

.rsrc Size: 25KB - Virtual size: 24KB

.data
Size: - Virtual size: 14.4MB

.rdata
Size: 600KB - Virtual size: 600KB

.tls
Size: 512B - Virtual size: 4KB

.text
Size: 75KB - Virtual size: 75KB

.rsrc
Size: 25KB - Virtual size: 24KB