14a1dcf45429cebe7e8899c4e57addc1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14a1dcf45429cebe7e8899c4e57addc1_JaffaCakes118
Size

452KB
MD5

14a1dcf45429cebe7e8899c4e57addc1
SHA1

37c6ec398e70204e3e5cbeb6219b08c5d484eaa6
SHA256

2bc89448e67b8bf4d16fed65c96825a95ac9e3627811484457db3f4b3110a10d
SHA512

737388756ca05c20848b0d988caea60cede047a6d5a68cbbfe48b2b274de710ee7678808340d54926a32ffb7e01ef092ff13fe4072d9715deab722f11c56a90e
SSDEEP

12288:2yvP3iV+RrTegtM0cibCqAvp9w/BwAPXc:/v6+UAM0Nb+R987c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14a1dcf45429cebe7e8899c4e57addc1_JaffaCakes118

Files

14a1dcf45429cebe7e8899c4e57addc1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

33ceae4a97f16ab1267a5fde95b7daa9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wcsnicmp
wcschr
_wcsicmp
wcscpy
_wcsupr
wcslen
wcspbrk
memmove
wcstoul
_snwprintf
wcsrchr
??3@YAXPAX@Z
_itow
_ultow
wcscat
qsort
_wcslwr
wcsspn
towlower
_vsnwprintf
free
_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit
_except_handler3
__CxxFrameHandler
??2@YAPAXI@Z
wcsstr
wcsncpy

msvcp60

?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIIG@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGPAG@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?_Xran@std@@YAXXZ
?_Xlen@std@@YAXXZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPAGII@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z

advapi32

RegCreateKeyExW
RegDeleteValueW
EqualSid
RegConnectRegistryW
RegDeleteKeyW
GetOldestEventLogRecord
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
IsValidSid
ClearEventLogW
ReadEventLogW
OpenBackupEventLogW
OpenEventLogW
GetNumberOfEventLogRecords
CloseEventLog
BackupEventLogW
ConvertStringSidToSidW
LookupAccountSidW
GetLengthSid
RegQueryValueExW

kernel32

GetLocalTime
GetTimeZoneInformation
GetProcessHeap
HeapAlloc
HeapFree
GetWindowsDirectoryW
WideCharToMultiByte
DisableThreadLibraryCalls
IsBadReadPtr
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
GetLocaleInfoW
IsBadStringPtrW
LocalAlloc
GlobalAlloc
GlobalLock
CloseHandle
GlobalFree
LoadLibraryA
lstrcpynW
GetSystemWindowsDirectoryW
FileTimeToSystemTime
lstrcatW
GetTimeFormatW
GetDateFormatW
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetDriveTypeW
SetUnhandledExceptionFilter
CreateThread
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetUserDefaultLCID
GlobalUnlock
GetComputerNameW
GetCommandLineW
DeleteFileW
GetFileAttributesExW
WriteFile
GetFileSize
DeleteCriticalSection
InterlockedIncrement
MultiByteToWideChar
GetLastError
InterlockedDecrement
LocalFree
GetModuleHandleA
GetModuleHandleW
GetProcAddress
lstrcmpiW
lstrcmpW
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
LoadLibraryExW
FreeLibrary
FormatMessageW
ExpandEnvironmentStringsW
lstrcpyW
lstrlenW
CreateFileW

user32

EnableWindow
CloseClipboard
SetClipboardData
IsDlgButtonChecked
EmptyClipboard
OpenClipboard
ShowWindow
SetDlgItemTextW
SetFocus
ReleaseDC
GetDC
SetWindowPos
CheckRadioButton
PostMessageW
DestroyWindow
GetWindowLongW
CreateDialogParamW
DialogBoxParamW
EndDialog
GetClientRect
CharLowerBuffW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
PostQuitMessage
GetWindow
IsCharAlphaW
GetWindowTextLengthW
SetDlgItemInt
GetDlgItemInt
LoadStringW
RegisterClassW
CreateWindowExW
DefWindowProcW
WinHelpW
FindWindowExW
EnumThreadWindows
IsWindowEnabled
SetWindowLongW
GetDlgItem
RegisterClipboardFormatW
wsprintfW
GetSystemMetrics
LoadCursorW
SetCursor
GetParent
GetDlgItemTextW
SendMessageW
LoadBitmapW
LoadImageW
LoadIconW
GetSysColor
MessageBoxW
SetForegroundWindow
DestroyIcon
GetWindowTextW
CheckDlgButton
SetWindowTextW
GetWindowRect
GetClassNameW

gdi32

CreateFontIndirectW
GetMapMode
SetMapMode
GetTextMetricsW
DeleteObject
GetObjectW

ole32

CoUninitialize
IIDFromString
CoInitialize
CreateStreamOnHGlobal
CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc
ReleaseStgMedium
CoCreateInstance
CoGetInterfaceAndReleaseStream

rpcrt4

CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
NdrDllGetClassObject
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrCStdStubBuffer_Release
CStdStubBuffer_AddRef
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs

shlwapi

PathCombineW
wnsprintfW
PathRemoveBlanksW

shell32

ShellExecuteW
CommandLineToArgvW

ntdsapi

DsFreeSchemaGuidMapW
DsCrackNamesW
DsMapSchemaGuidsW
DsFreeNameResultW
DsBindW
DsUnBindW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

activeds

ord9
ord20
ord15

mpr

WNetGetUniversalNameW

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 274B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vdata
Size: 512B - Virtual size: 75B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kpack
Size: 512B - Virtual size: 39B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 530B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33ceae4a97f16ab1267a5fde95b7daa9

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

msvcp60

advapi32

kernel32

user32

gdi32

ole32

rpcrt4

shlwapi

shell32

ntdsapi

version

activeds

mpr

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 113KB - Virtual size: 113KB

.data Size: 104KB - Virtual size: 104KB

.xdata Size: 104KB - Virtual size: 104KB

.tls Size: 104KB - Virtual size: 104KB

.pdata Size: 512B - Virtual size: 274B

.vdata Size: 512B - Virtual size: 75B

.kpack Size: 512B - Virtual size: 39B

.CRT Size: 512B - Virtual size: 12B

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 1024B - Virtual size: 530B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 113KB - Virtual size: 113KB

.data
Size: 104KB - Virtual size: 104KB

.xdata
Size: 104KB - Virtual size: 104KB

.tls
Size: 104KB - Virtual size: 104KB

.pdata
Size: 512B - Virtual size: 274B

.vdata
Size: 512B - Virtual size: 75B

.kpack
Size: 512B - Virtual size: 39B

.CRT
Size: 512B - Virtual size: 12B

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 1024B - Virtual size: 530B