0a3e70c8fc34d96fde1a306bb33a905a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0a3e70c8fc34d96fde1a306bb33a905a_JaffaCakes118
Size

50KB
MD5

0a3e70c8fc34d96fde1a306bb33a905a
SHA1

0a0893d768d4af9402b48596966b76760d79ef98
SHA256

73634e99b7478f6bbf8949225ddecdc3d41bce02756c01bbcd6bd3a593359245
SHA512

86a44d5e77795c2347b5ee90e1f6b8e0a0f5cdaec1461d776c3aeaed57b8fc5cddd62ed5b624217e0b3d1322638ffb5f334ffd9434518e9a4acdc99ff5050324
SSDEEP

768:CdGXSjPkLdw77fe9t5OWPCH+bAcs+hs/hikHtyQ2I21juz+ui5Puv:BSPkJ4fmt5Jxb7khVtyFFhaGGv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a3e70c8fc34d96fde1a306bb33a905a_JaffaCakes118

Files

0a3e70c8fc34d96fde1a306bb33a905a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

84e81417229cf75138a7f60b6616821c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cmdial32

RasCustomHangUp
RasCustomDialDlg
CmReConnect
CmCustomDialDlg
_InetDialHandler@16
_AutoDialFunc@16
RasCustomEntryDlg
AutoDialFunc
RasCustomDeleteEntryNotify
CmCustomHangUp
InetDialHandler
RasCustomDial

msvcirt

?setbuf@streambuf@@UAEPAV1@PADH@Z
??_Efstream@@UAEPAXI@Z
?init@ios@@IAEXPAVstreambuf@@@Z
??_Gifstream@@UAEPAXI@Z
?adjustfield@ios@@2JB
?setlock@streambuf@@QAEXXZ
??_Estrstreambuf@@UAEPAXI@Z
??6ostream@@QAEAAV0@C@Z
??_Glogic_error@@UAEPAXI@Z
?setrwbuf@stdiobuf@@QAEHHH@Z
??_Gios@@UAEPAXI@Z
??_7stdiobuf@@6B@
?setf@ios@@QAEJJJ@Z
??0ofstream@@QAE@H@Z
?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
??1ifstream@@UAE@XZ
?seekg@istream@@QAEAAV1@J@Z
?eatwhite@istream@@QAEXXZ
?tie@ios@@QBEPAVostream@@XZ
?precision@ios@@QAEHH@Z
?sync_with_stdio@ios@@SAXXZ
?tellp@ostream@@QAEJXZ
??_Gstrstreambuf@@UAEPAXI@Z
??0fstream@@QAE@ABV0@@Z
??_8istream@@7B@
??0filebuf@@QAE@XZ
??_8strstream@@7Bostream@@@
?getint@istream@@AAEHPAD@Z
??0ostream_withassign@@QAE@XZ
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
??_Elogic_error@@UAEPAXI@Z
??4Iostream_init@@QAEAAV0@ABV0@@Z
??_7filebuf@@6B@
??_7stdiostream@@6B@
??4ostrstream@@QAEAAV0@ABV0@@Z
??6ostream@@QAEAAV0@I@Z
?str@strstreambuf@@QAEPADXZ
??_7streambuf@@6B@
?is_open@ofstream@@QBEHXZ
?floatfield@ios@@2JB
?str@ostrstream@@QAEPADXZ
??4filebuf@@QAEAAV0@ABV0@@Z
?x_curindex@ios@@0HA
??0istream@@QAE@PAVstreambuf@@@Z

sqlwoa

_SendMessage@16
_WinHelp@16
_GetFileTitle@12
_PostMessage@16
_GetComputerName@8
_GetTextExtentPoint32@16
_LoadMenu@8
_GetVersionEx@4
_GetDlgItemText@16
_SetProp@12
_LoadIcon@8
_StartDoc@8
_FormatMessage@28
_SendDlgItemMessage@20
_CallWindowProc@20
_GetObject@12
newMultiByteFromWideChar
_GetSaveFileName@4
_GetClassInfo@12
_LoadLibrary@4
_IsDialogMessage@8
_GetUserName@8
_TranslateAccelerator@12
_FindResource@12
_MessageBox@16
_CreateFile@28
_CommDlg_OpenSave_GetFilePath@12
_DrawText@20
_CommDlg_OpenSave_GetSpec@12
_LoadString@16
_GetWindowTextLength@4
_GetOpenFileName@4
_GetDiskFreeSpaceEx@16
_CreateFont@56
_FreeEnvironmentStrings@4
_TextOut@20
_SetWindowText@8
newMultiByteFromWideCharSize
_SetDlgItemText@12
_CharUpper@4
newMultiByteFromWideCharEx
_CreateFontIndirect@4
_DeleteFile@4
newWideCharFromMultiByte

wininet

UnlockUrlCacheEntryStream
InternetCombineUrlW
GopherGetLocatorTypeA
FindNextUrlCacheContainerA
InternetSecurityProtocolToStringA
FtpCreateDirectoryA
FtpRemoveDirectoryW
InternetReadFileExA
InternetGoOnlineA
DeleteUrlCacheEntry
InternetErrorDlg
InternetCreateUrlW
InternetWriteFile
FindNextUrlCacheEntryA
InternetReadFileExW
CreateUrlCacheContainerW
ShowSecurityInfo
UrlZonesDetach
InternetCombineUrlA
InternetShowSecurityInfoByURLA
HttpEndRequestW
FtpCommandW
InternetFindNextFileW
InternetGetCertByURLA
IsHostInProxyBypassList
InternetSetDialStateA
InternetTimeToSystemTimeW
FtpGetCurrentDirectoryA
GetUrlCacheEntryInfoA
InternetGetConnectedStateExA
InternetQueryDataAvailable
InternetSetDialState
CommitUrlCacheEntryA
FreeUrlCacheSpaceA
SetUrlCacheGroupAttributeW
FindNextUrlCacheEntryExA
InternetGetLastResponseInfoW
FtpRenameFileW
IncrementUrlCacheHeaderData
FtpPutFileA
ForceNexusLookupExW
InternetConfirmZoneCrossingW

kernel32

LoadLibraryA
HeapFree
lstrcpynA
GetStringTypeExA
VirtualAlloc
AllocConsole
GlobalFindAtomW
Process32NextW
LZStart
BaseDumpAppcompatCache
VerLanguageNameW
GetProcessIoCounters
GetVolumeNameForVolumeMountPointA
CreateMailslotW
ClearCommError
FindActCtxSectionStringA
ActivateActCtx
GetProcAddress
GetProcessAffinityMask
IsBadWritePtr
IsValidLanguageGroup
lstrlenA
BuildCommDCBA
WaitForMultipleObjects
GetConsoleTitleA
RemoveLocalAlternateComputerNameW
RemoveDirectoryA
OutputDebugStringA
GetQueuedCompletionStatus
RegisterWowBaseHandlers
Process32FirstW
TransmitCommChar
HeapReAlloc
GetStartupInfoW
QueryPerformanceCounter
ChangeTimerQueueTimer
GetFileSize
GetModuleHandleW
FreeLibrary
SetComputerNameW
GlobalSize
EndUpdateResourceA
ConvertFiberToThread
GetVersionExW
ResetWriteWatch
CreateFileW
ExpandEnvironmentStringsA

advapi32

CommandLineFromMsiDescriptor
BackupEventLogW
OpenEventLogA
LsaEnumeratePrivilegesOfAccount
WmiReceiveNotificationsA
AddAce
GetTraceLoggerHandle
InitializeSecurityDescriptor
WmiNotificationRegistrationW
GetCurrentHwProfileW
StartTraceA
AllocateLocallyUniqueId
A_SHAFinal
ConvertSidToStringSidA
ClearEventLogW
GetSecurityDescriptorRMControl
OpenTraceA
UninstallApplication
PrivilegedServiceAuditAlarmW
GetAuditedPermissionsFromAclA
SaferSetPolicyInformation
RegFlushKey
RegisterServiceCtrlHandlerW
SetSecurityDescriptorControl
SystemFunction040
LookupPrivilegeValueA
GetMultipleTrusteeOperationW
LsaNtStatusToWinError
SetEntriesInAccessListW
SetAclInformation
LogonUserW
CreateServiceA
EqualSid
AccessCheckByTypeResultListAndAuditAlarmA
SystemFunction016
RegCreateKeyA
LsaEnumerateAccounts
GetAccessPermissionsForObjectW
CryptGetUserKey

ntdll

ZwGetWriteWatch
RtlZombifyActivationContext
NtUnmapViewOfSection
RtlTraceDatabaseUnlock
RtlQuerySecurityObject
ZwOpenThread
RtlAddressInSectionTable
RtlLargeIntegerNegate
RtlSetThreadIsCritical
atan
ZwDeleteValueKey
ZwFilterToken
ZwSetInformationDebugObject
wcspbrk
RtlFindSetBits
NtFlushVirtualMemory
NtFindAtom
NtQuerySemaphore
NtQueryMutant
LdrVerifyImageMatchesChecksum
NtRemoveProcessDebug
RtlAddAccessDeniedAce
RtlSplay
ceil
ZwCreateKeyedEvent
RtlAddAuditAccessAceEx

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84e81417229cf75138a7f60b6616821c

Headers

DLL Characteristics

File Characteristics

Imports

cmdial32

msvcirt

sqlwoa

wininet

kernel32

advapi32

ntdll

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 33KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 33KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B