146bb9cb74ce12041c6a3b11ef544c93_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

146bb9cb74ce12041c6a3b11ef544c93_JaffaCakes118
Size

853KB
MD5

146bb9cb74ce12041c6a3b11ef544c93
SHA1

52eccd9487766fae7f99e2c02dcee41d276f6e2a
SHA256

762dbc9fe3b0e2b2ea31266e10702f6615804b55efdc13d0121a4f2fa953e227
SHA512

5d599beda10ce28f49eb15e533367e1854e1b7c937315006e6cb469af91dfd1f8c78658dabb1295543ebae1dfcf74f12ffc87e3ae10f959c8c21b4c6a9e2b112
SSDEEP

24576:iSGhKI3oirv4rgzhBBbd7iPU6dqz2YPmXuhluxT:ijhKI3jrv4r4BRd74dedPv4xT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
146bb9cb74ce12041c6a3b11ef544c93_JaffaCakes118

Files

146bb9cb74ce12041c6a3b11ef544c93_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3c6c210de6e4cb880257040e672ef34e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfcsubs

??H@YG?AVCString@@PBGABV0@@Z
?MakeReverse@CString@@QAEXXZ
?MakeLower@CString@@QAEXXZ
??O@YG_NABVCString@@PBG@Z
??YCString@@QAEABV0@ABV0@@Z
?IsEmpty@CMapStringToPtr@@QBEHXZ
?Collate@CString@@QBEHPBG@Z
?CopyBeforeWrite@CString@@IAEXXZ
?LockBuffer@CString@@QAEPAGXZ
??BCString@@QBEPBGXZ
?Lock@CCriticalSection@@UAEHK@Z
?GetStartPosition@CMapStringToPtr@@QBEPAU__POSITION@@XZ
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
??0CString@@QAE@PBGH@Z
??9@YG_NABVCString@@PBG@Z
??H@YG?AVCString@@DABV0@@Z
??YCString@@QAEABV0@PBG@Z

rasman

RasRegisterPnPEvent
RasRegisterRedialCallback
RasSetPortUserData
RasServerPortClose
RasBundleGetStatisticsEx
RasReferenceCustomCount
RasGetNdiswanDriverCaps
RasAddConnectionPort
RasAddNotification
RasRequestNotification
RasRpcEnumConnections
RasPortFree
RasGetHportFromConnection
RasSetDialParams
RasBundleGetStatistics
RasDeviceGetInfo
RasGetUserCredentials
RasPortGetInfo
RasCreateConnection
RasPortSetProtocolCompression
RasGetNumPortOpen
RasSetConnectionParams
RasPortBundle

msdart

?ConvertSharedToExclusive@CSmallSpinLock@@QAEXXZ
FXMemDetach
?sm_llGlobalList@CLKRHashTable@@0VCLockedDoubleList@@A
?IsReadUnlocked@CLKRHashTable@@QBE_NXZ
?IsWriteUnlocked@CLKRLinearHashTable@@QBE_NXZ
?InsertHead@CDoubleList@@QAEXQAVCListEntry@@@Z
?DeleteKey@CLKRHashTable@@QAE?AW4LK_RETCODE@@K@Z
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGXN@Z
?SetTableLockSpinCount@CLKRHashTable@@QAEXG@Z
?WriteUnlock@CFakeLock@@QAEXXZ
?WriteUnlock@CReaderWriterLock@@QAEXXZ
?_Unlock@CSpinLock@@AAEXXZ
?WriteUnlock@CSpinLock@@QAEXXZ
?_TryWriteLock@CReaderWriterLock@@AAE_NXZ
?NumSubTables@CLKRHashTable@@QBEHXZ
?sm_pfnSetCriticalSectionSpinCount@CCriticalSection@@0P6GKPAU_RTL_CRITICAL_SECTION@@K@ZA
?_CurrentThreadId@CSmallSpinLock@@CGJXZ
?IsWin98orLater@CMdVersionInfo@@SAHXZ

apphelp

SdbGetStringTagPtr
SdbReadDWORDTag
SdbCreateMsiTransformFile
SdbGrabMatchingInfo
SdbReadStringTag
SdbTagIDToTagRef
SdbInitDatabase
SdbDeletePermLayerKeys
ApphelpCheckRunApp
ApphelpCheckExe
SdbCloseDatabase
ApphelpCheckIME
SdbFindFirstTagRef
SdbFindFirstNamedTag
ApphelpGetFileAttributes
SdbReadMsiTransformInfo
SdbGetEntryFlags
SdbFindNextTag
ApphelpUpdateCacheEntry
SdbGetTagFromTagID
SdbCloseApphelpInformation

kernel32

LoadLibraryA
GlobalHandle
TlsGetValue
BuildCommDCBW
ReadProcessMemory
ZombifyActCtx
GetBinaryTypeA
GetHandleContext
VirtualAlloc
FindResourceExA
GlobalLock
PeekConsoleInputW
GetCommModemStatus
GetConsoleCharType
GetEnvironmentStringsW
_lopen
FindVolumeClose
HeapCreate
FindResourceA
SetConsoleCursorPosition
GetTickCount
FlushViewOfFile
DeleteFileA
GetDiskFreeSpaceA
SetFileShortNameW
GetConsoleKeyboardLayoutNameW
SetMailslotInfo
CallNamedPipeW
FindResourceW
SetProcessWorkingSetSize

mmcbase

?MMCUpdateRegistry@@YGJHPBVCObjectRegParams@@PBVCControlRegParams@@@Z
?GetHelpFile@SC@mmcerror@@SGPBGXZ
?s_hWnd@SC@mmcerror@@0PAUHWND__@@A
?ScFlushPostponed@CEventBuffer@@AAE?AVSC@mmcerror@@XZ
??4CEventBuffer@@QAEAAV0@ABV0@@Z
?Release@CMMCStrongReferences@@SGKXZ
?s_pDispatcher@CConsoleEventDispatcherProvider@@0PAVCConsoleEventDispatcher@@A
??8SC@mmcerror@@QBE_NABV01@@Z
??1CEventBuffer@@QAE@XZ
??4CMMCStrongReferences@@QAEAAV0@ABV0@@Z
??0?$CEventLock@UAppEvents@@@@QAE@XZ
?s_dwMainThreadID@SC@mmcerror@@0KA
?Lock@CEventBuffer@@QAEXXZ
??1?$CEventLock@UAppEvents@@@@QAE@XZ
?MMCErrorBox@@YGHIVSC@mmcerror@@I@Z
?FormatErrorShort@@YGXVSC@mmcerror@@IPAG@Z
?HrFromSc@@YGJABVSC@mmcerror@@@Z
??9SC@mmcerror@@QBE_NJ@Z
?GetFacility@SC@mmcerror@@ABE?AW4facility_type@12@XZ
?FormatErrorString@@YGXPBGVSC@mmcerror@@IPAGH@Z
?InternalRelease@CMMCStrongReferences@@AAEKXZ

Sections

.text
Size: 727KB - Virtual size: 726KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c6c210de6e4cb880257040e672ef34e

Headers

DLL Characteristics

File Characteristics

Imports

mfcsubs

rasman

msdart

apphelp

kernel32

mmcbase

Sections

.text Size: 727KB - Virtual size: 726KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 6KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 727KB - Virtual size: 726KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 6KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB