381ba7631b54e06b487720267c79d8e9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

381ba7631b54e06b487720267c79d8e9_JaffaCakes118
Size

57KB
MD5

381ba7631b54e06b487720267c79d8e9
SHA1

20c6b2d404bc2d3aa2aea9d1f060ab1bfb91616f
SHA256

d5587cf4302b97ec7911c1182417e37e31c620dddd963d9433ad07bf44b4d5d4
SHA512

f7e1499b39fcb377dd7fb7c72d9a92fd9eeab628cb16503e823ccb827b9a56217277ba9150ad81067ef78ed336ed1606ed8b30b146a7110526c5919395dfd17a
SSDEEP

1536:QPmQWMK3tlEIjKyTgkGdGs85HXZvHQzkWTCwRDdB1:Qul3jhRZBH5H18kCCwRDdB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
381ba7631b54e06b487720267c79d8e9_JaffaCakes118

Files

381ba7631b54e06b487720267c79d8e9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ed0d567382ab34c06c159fabf158e0e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

atmlib

ATMEnumFontsA
ATMBBoxBaseXYShowTextW
ATMGetPostScriptNameW
ATMForceFontChange
ATMGetNtmFields
ATMGetOutlineW
ATMGetPostScriptNameA
ATMXYShowText
ATMAddFont
ATMGetNtmFieldsA
ATMAddFontEx
ATMGetOutline
ATMGetVersionExA
ATMRemoveFontA
ATMFinish
ATMFontStatusA
ATMGetNtmFieldsW
ATMRemoveSubstFontW
ATMGetFontPaths
ATMSelectEncoding
ATMGetFontBBox
ATMGetPostScriptName
ATMGetBuildStrA
ATMRemoveFont
ATMGetFontInfoA
ATMAddFontExA
ATMGetMenuNameW
ATMGetVersion
ATMGetMenuName
ATMProperlyLoaded
ATMEnumFontsW
ATMClient
ATMGetVersionExW

sqlunirl

_DeviceCapabilities_@20
_SendMessageTimeout_@28
_IsCharLower_@4
_FindAtom_@4
_GetFileVersionInfo_@16
_SetFileSecurity_@12
_CharPrev_@8
_QueryDosDevice_@12
_GetCharacterPlacement_@24
_CreateFontIndirect@4
_OpenMutex_@12
_PropertySheet_@4
_FindExecutable_@12
_GetFileAttributes_@4
_PolyTextOut_@12
_IsBadStringPtr_@8
_NDdeGetTrustedShare_@20
_ChangeMenu_@20
_GetTimeFormat_@24
_DefFrameProc_@20
_ChangeDisplaySettings_@8
_LoadKeyboardLayout_@8
_GetProp@8
_PageSetupDlg_@4
_RegConnectRegistry_@12
_NDdeGetShareSecurity_@24

advapi32

AbortSystemShutdownA
GetServiceKeyNameA
LsaQuerySecurityObject
CredpEncodeCredential
CloseTrace
CredRenameA
WmiFileHandleToInstanceNameA
LsaAddAccountRights
MapGenericMask
LsaQueryDomainInformationPolicy
WmiSetSingleItemA
RegSetValueExA
LsaEnumeratePrivileges
FindFirstFreeAce
RevertToSelf
ReadEncryptedFileRaw
WmiExecuteMethodA
AddAccessAllowedAce
GetSecurityDescriptorDacl
CreateRestrictedToken
GetInformationCodeAuthzLevelW
OpenBackupEventLogW
SetSecurityInfoExW
SystemFunction025
SystemFunction021
StartTraceA
LsaQueryForestTrustInformation
RegSetKeySecurity
SaferiRecordEventLogEntry
I_ScSetServiceBitsA
RegQueryValueExW
CredWriteDomainCredentialsW
ConvertSecurityDescriptorToStringSecurityDescriptorW
StartServiceCtrlDispatcherA

kernel32

CloseProfileUserMapping
WaitCommEvent
PulseEvent
lstrcpyn
SetFirmwareEnvironmentVariableA
FatalExit
GetDiskFreeSpaceExA
MapUserPhysicalPagesScatter
InvalidateConsoleDIBits
GetDiskFreeSpaceA
GlobalFix
VirtualAlloc
SetHandleCount
lstrcpynW
NlsGetCacheUpdateCount
CreateJobSet
WriteConsoleInputW
GetTempPathA
LoadLibraryA
SetTapePosition
SetConsoleTitleA
UnlockFile
SetProcessShutdownParameters
GetVolumeInformationA
SetSystemTimeAdjustment
VirtualFree
GetFileType
GlobalAlloc
GetCommState
GetConsoleAliasExesLengthW
ReadConsoleOutputCharacterA
GetProcAddress
LocalHandle
RtlMoveMemory
GetSystemTimeAsFileTime
AllocateUserPhysicalPages

rasapi32

RasGetEntryPropertiesA
RasCreatePhonebookEntryA
RasDeleteEntryW
RasGetErrorStringW
RasCreatePhonebookEntryW
RasGetAutodialAddressW
RasSetCredentialsW
RasRenameEntryW
RasClearLinkStatistics
RasValidateEntryNameW
RasDeleteSubEntryA
RasScriptTerm
RasDeleteEntryA
RasGetEntryHrasconnW
RasValidateEntryNameA
RasGetSubEntryHandleA
RasInvokeEapUI
RasRenameEntryA
RasEnumConnectionsA
RasGetEapUserDataW
RasSetCustomAuthDataA
RasGetEntryDialParamsW
RasEnumAutodialAddressesW
RasClearConnectionStatistics
RasSetEntryPropertiesA
DwEnumEntryDetails
RasSetAutodialEnableA
RasDeleteSubEntryW

msvcirt

?blen@streambuf@@IBEHXZ
??_Gstreambuf@@UAEPAXI@Z
?getline@istream@@QAEAAV1@PACHD@Z
?fill@ios@@QBEDXZ
??_Diostream@@QAEXXZ
??0stdiobuf@@QAE@ABV0@@Z
??6ostream@@QAEAAV0@PBX@Z
?oct@@YAAAVios@@AAV1@@Z
?put@ostream@@QAEAAV1@E@Z
??1ostrstream@@UAE@XZ
??_Efstream@@UAEPAXI@Z
?pcount@strstream@@QBEHXZ
??0stdiostream@@QAE@ABV0@@Z
?ws@@YAAAVistream@@AAV1@@Z
??0iostream@@QAE@PAVstreambuf@@@Z
??0istream_withassign@@QAE@PAVstreambuf@@@Z
?setbuf@streambuf@@UAEPAV1@PADH@Z
?close@ofstream@@QAEXXZ
?is_open@filebuf@@QBEHXZ
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??0ios@@IAE@ABV0@@Z
??0strstream@@QAE@ABV0@@Z
?is_open@ifstream@@QBEHXZ
??1filebuf@@UAE@XZ
??5istream@@QAEAAV0@AAO@Z
?getint@istream@@AAEHPAD@Z
??5istream@@QAEAAV0@AAJ@Z
??1streambuf@@UAE@XZ
??_Elogic_error@@UAEPAXI@Z
??_Gostream_withassign@@UAEPAXI@Z
?seekp@ostream@@QAEAAV1@J@Z

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed0d567382ab34c06c159fabf158e0e1

Headers

DLL Characteristics

File Characteristics

Imports

atmlib

sqlunirl

advapi32

kernel32

rasapi32

msvcirt

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB