f149dc61a6faeaaf63400dc8c697c1ee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f149dc61a6faeaaf63400dc8c697c1ee_JaffaCakes118
Size

871KB
MD5

f149dc61a6faeaaf63400dc8c697c1ee
SHA1

a48f7c1bd90c5f6031c1a88c2c580e867cffc38b
SHA256

748c0b365b113c544fe6e1769e8c15931de093258ab71fae1fa0b68fd5fca6dd
SHA512

4308b4ff12185db6932613a55b6b18ffd3bfb3ea2bf1334dd69ed3eecac299b2ce8dec4cdb8c1c8b358a34416c598d12dbb7b29889e7fd3b2a87acc90aa68381
SSDEEP

24576:VRzmF9YwFa+y8SNtDipXNFGp3GZQReYRF:VJmF9izompNR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f149dc61a6faeaaf63400dc8c697c1ee_JaffaCakes118

Files

f149dc61a6faeaaf63400dc8c697c1ee_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0d8e5db629f8f111088cec704c49c22e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dbnetlib

ConnectionWriteOOB
ConnectionServerEnumW
TermSSPIPackage
ConnectionErrorW
ConnectionOpen
ConnectionOpenW
ConnectionStatus
ConnectionObjectSize
TermSession
ConnectionCheckForData
CloseEnumServers
ConnectionWrite
ConnectionFlushCache
InitSSPIPackage
ConnectionError
ConnectionOption
ConnectionServerEnum
ConnectionTransact
ConnectionGetSvrUser
ConnectionSqlVer
GetNextEnumeration
InitEnumServers
ConnectionMode
GenClientContext
ConnectionVer
ConnectionClose
ConnectionRead
InitSession

kernel32

IsBadStringPtrA
GetConsoleAliasesLengthW
CreateActCtxA
WriteProfileStringA
LoadLibraryA
QueueUserWorkItem
SetFileAttributesA
GetCommState
IsValidCodePage
BaseFlushAppcompatCache
GetStringTypeExW
CreateThread
GetConsoleCommandHistoryW
lstrcpy
ExpungeConsoleCommandHistoryA
DelayLoadFailureHook
GetStartupInfoA
WriteConsoleInputW
FindNextVolumeMountPointA
FindFirstFileExA
ReadConsoleA
DuplicateConsoleHandle
WriteConsoleOutputCharacterW
GetEnvironmentStringsW
ScrollConsoleScreenBufferA
WriteConsoleInputVDMW
QueryInformationJobObject
SetEvent
IsDBCSLeadByteEx
NlsGetCacheUpdateCount
ReadConsoleW
Heap32Next
GetProfileStringW
GetPriorityClass
GetCurrentActCtx
IsDBCSLeadByte
SetConsoleNlsMode
FatalExit
EnumResourceTypesA
LZOpenFileA
GetProfileStringA
GetConsoleOutputCP
QueryActCtxW
FreeResource
CreateDirectoryA
GetUserDefaultLangID
LZCloseFile
GetProfileIntW
GetDevicePowerState
WritePrivateProfileStringW
lstrcmpiW
VirtualQuery
LZDone
SetLocaleInfoW
GetExitCodeThread
FreeEnvironmentStringsA
OpenMutexA
EnumResourceNamesW
GetNativeSystemInfo
SetConsoleHardwareState
InvalidateConsoleDIBits
GetStartupInfoW
VirtualAlloc
GetProcessTimes
LZInit
GetConsoleAliasExesW
CommConfigDialogW

msvcirt

??_Gostream@@UAEPAXI@Z
??0exception@@QAE@ABQBD@Z
?get@istream@@QAEAAV1@AAE@Z
?what@exception@@UBEPBDXZ
?tellg@istream@@QAEJXZ
?rdstate@ios@@QBEHXZ
??4stdiobuf@@QAEAAV0@ABV0@@Z
?gbump@streambuf@@IAEXH@Z
??1stdiobuf@@UAE@XZ
?sh_write@filebuf@@2HB
??0iostream@@QAE@PAVstreambuf@@@Z
?sunk_with_stdio@ios@@0HA
??_Efilebuf@@UAEPAXI@Z
??0ofstream@@QAE@H@Z
?sync_with_stdio@ios@@SAXXZ
?pbackfail@stdiobuf@@UAEHH@Z
??4stdiostream@@QAEAAV0@AAV0@@Z
?seekoff@streambuf@@UAEJJW4seek_dir@ios@@H@Z
?lockptr@ios@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
?open@ifstream@@QAEXPBDHH@Z
?underflow@stdiobuf@@UAEHXZ
??0ostream_withassign@@QAE@PAVstreambuf@@@Z
?sputc@streambuf@@QAEHH@Z
??0ifstream@@QAE@PBDHH@Z
??_Elogic_error@@UAEPAXI@Z
??4ios@@IAEAAV0@ABV0@@Z
?ignore@istream@@QAEAAV1@HH@Z
?openprot@filebuf@@2HB
?epptr@streambuf@@IBEPADXZ
??_8strstream@@7Bistream@@@
??0exception@@QAE@ABV0@@Z
?get@istream@@QAEAAV1@PADHD@Z
?close@ifstream@@QAEXXZ
??_8strstream@@7Bostream@@@
?setmode@filebuf@@QAEHH@Z
??_Gstrstreambuf@@UAEPAXI@Z
?seekp@ostream@@QAEAAV1@J@Z
?seekg@istream@@QAEAAV1@J@Z
??_8fstream@@7Bostream@@@
??4filebuf@@QAEAAV0@ABV0@@Z
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
?binary@filebuf@@2HB

cfgmgr32

CM_Set_DevNode_Registry_Property_ExA
CM_Get_Class_Registry_PropertyA
CM_Get_Res_Des_Data
CM_Get_Device_ID_Size
CM_Get_Device_Interface_AliasA
CM_Add_Range
CM_Query_Resource_Conflict_List
CM_Set_Class_Registry_PropertyA
CM_Query_Arbitrator_Free_Size_Ex
CM_Unregister_Device_Interface_ExW
CM_Delete_DevNode_Key_Ex
CM_Set_DevNode_Problem_Ex
CM_Get_Device_Interface_List_ExA
CM_Setup_DevNode_Ex
CM_Modify_Res_Des
CM_Get_Version_Ex
CM_Get_Sibling
CM_Enable_DevNode
CM_Test_Range_Available
CM_Free_Resource_Conflict_Handle
CM_Get_Device_ID_List_ExW
CM_Get_Hardware_Profile_Info_ExW
CM_Connect_MachineW
CM_Register_Device_Driver_Ex
CM_Get_DevNode_Registry_Property_ExA
CM_Intersect_Range_List
CM_Create_DevNode_ExW
CM_Move_DevNode
CM_Get_Device_Interface_List_SizeA
CM_Get_Device_ID_ExA
CM_Open_DevNode_Key_Ex
CM_Set_DevNode_Problem
CM_Open_Class_KeyW
CM_Register_Device_Interface_ExA
CM_Set_DevNode_Registry_Property_ExW
CM_Get_Device_ID_List_Size_ExW
CM_Enable_DevNode_Ex
CM_Add_Empty_Log_Conf
CM_Remove_SubTree
CM_Free_Log_Conf_Handle
CM_Create_DevNodeW
CM_Set_DevNode_Registry_PropertyW
CM_Get_Device_Interface_List_Size_ExA
CM_Get_Parent_Ex
CM_Run_Detection_Ex

ntdll

RtlSetEnvironmentVariable
NtCreateNamedPipeFile
ZwSetDefaultHardErrorPort
RtlValidateProcessHeaps
RtlDeleteRegistryValue
NtDeleteObjectAuditAlarm
RtlSelfRelativeToAbsoluteSD
RtlpNtMakeTemporaryKey
NtCreateProcess
RtlSetUserFlagsHeap
RtlAppendUnicodeStringToString
NtQuerySection
ZwCreateJobSet
RtlMapGenericMask
isxdigit
RtlxAnsiStringToUnicodeSize
NtOpenSemaphore
ZwQueryIoCompletion
RtlSizeHeap
__iscsym
NtSetDefaultHardErrorPort
NtResumeThread
RtlInitializeAtomPackage
wcsstr
ZwSetLowEventPair
NtAccessCheckAndAuditAlarm
ZwClose
RtlReAllocateHeap
RtlInterlockedPopEntrySList
NtCompleteConnectPort
NtSetVolumeInformationFile
wcslen
iscntrl
ZwIsSystemResumeAutomatic
_allmul
NtNotifyChangeMultipleKeys
LdrQueryImageFileExecutionOptions
LdrGetProcedureAddress
NtFlushVirtualMemory
RtlAddAtomToAtomTable

shlwapi

SHDeleteOrphanKeyA
PathUnmakeSystemFolderW
StrPBrkA
PathStripToRootA
StrCmpW
UrlCombineW
StrStrW
PathRelativePathToW
PathIsDirectoryW
PathStripPathA
SHDeleteEmptyKeyA
PathIsUNCServerW
PathIsContentTypeW
PathCommonPrefixW
PathGetCharTypeW
AssocQueryStringByKeyA
PathFileExistsA
SHRegGetBoolUSValueA
PathFindExtensionA
PathQuoteSpacesA
PathSetDlgItemPathA
SHCreateStreamOnFileEx
PathRenameExtensionW
StrCmpLogicalW
ChrCmpIW
PathRemoveBlanksA
StrChrA
SHRegQueryUSValueW
PathStripToRootW
SHCreateStreamOnFileA
PathStripPathW
wnsprintfW
PathUnquoteSpacesW
StrToIntA
PathUndecorateA
SHRegSetPathA
PathSearchAndQualifyW
SHQueryInfoKeyA
ColorHLSToRGB
PathIsUNCServerA
SHRegDuplicateHKey
SHRegOpenUSKeyW
StrCpyW
StrDupA
AssocQueryStringW
ChrCmpIA
PathSkipRootW
PathIsSystemFolderA
SHRegQueryInfoUSKeyA
PathRemoveFileSpecW
PathIsURLA
AssocQueryKeyA
PathIsFileSpecA
SHCreateShellPalette
StrCmpNA
StrRetToBufW
StrCmpNIW
StrFormatByteSizeA

msvcrt40

_itow
??1strstream@@UAE@XZ
_mbsrev
??Bios@@QBEPAXXZ
??_Gfilebuf@@UAEPAXI@Z
?fail@ios@@QBEHXZ
ispunct
??0exception@@QAE@XZ
__p__wenviron
??0ostrstream@@QAE@PADHH@Z
?xsgetn@streambuf@@UAEHPADH@Z
_filbuf
_CIsinh
?set_unexpected@@YAP6AXXZP6AXXZ@Z
_j1
??0ostream@@IAE@ABV0@@Z
_wstati64
_chsize
??_Gios@@UAEPAXI@Z
_wspawnlp
_spawnle
??_7istream@@6B@
?sh_none@filebuf@@2HB
_seh_longjmp_unwind
ldiv
?get@istream@@IAEAAV1@PADHH@Z
??1streambuf@@UAE@XZ
fwscanf
fmod
_CIatan
_adj_fpatan
_CIcosh
??_Distrstream@@QAEXXZ
_copysign
??1fstream@@UAE@XZ
_wcreat
_mbsninc
??4istrstream@@QAEAAV0@ABV0@@Z
??_Estreambuf@@UAEPAXI@Z
_wunlink

ifsutil

??1MOUNT_POINT_MAP@@UAE@XZ
?Initialize@CANNED_SECURITY@@QAEEXZ
?Push@INTSTACK@@QAEEVBIG_INT@@@Z
??1DIGRAPH@@UAE@XZ
?QueryMediaByte@DP_DRIVE@@QBEEXZ
?Remove@NUMBER_SET@@QAEEVBIG_INT@@0@Z
??1NUMBER_SET@@UAE@XZ
?QueryFreeDiskSpace@IFS_SYSTEM@@SGEPBVWSTRING@@PAVBIG_INT@@@Z
?RemoveAll@NUMBER_SET@@QAEEXZ
?CheckAndRemove@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?Initialize@INTSTACK@@QAEEXZ
?Initialize@DP_DRIVE@@QAEEPBVWSTRING@@0PAVMESSAGE@@EE@Z
?QueryDisjointRangeAndAssignBuffer@TLINK@@QAEPAXPAVBIG_INT@@PAG1PAXK2@Z
?SetSystemId@LOG_IO_DP_DRIVE@@QAEEE@Z
?QueryCanonicalNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?Look@INTSTACK@@QBE?AVBIG_INT@@K@Z
?QuerySectors@DP_DRIVE@@UBE?AVBIG_INT@@XZ
??1INTSTACK@@UAE@XZ
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@E@Z
?SetVolumeLabelAndPrintFormatReport@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?Read@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
??0SPARSE_SET@@QAE@XZ
?QueryDriveName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?DiskCopyMainLoop@@YGHPBVWSTRING@@000EPAVMESSAGE@@1@Z
?Initialize@LOG_IO_DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EG@Z
?AddEdge@DIGRAPH@@QAEEKK@Z
?GetData@TLINK@@QAEAAVBIG_INT@@PAX@Z
?Read@SECRUN@@UAEEXZ
?Add@NUMBER_SET@@QAEEVBIG_INT@@@Z
?EnableVolumeCompression@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?DumpHashTable@SPARSE_SET@@QAEXXZ
?QueryFileSystemName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@PAJ1@Z
??1VOL_LIODPDRV@@UAE@XZ
?GetDrive@SECRUN@@QAEPAVIO_DP_DRIVE@@XZ
?QueryPageSize@IFS_SYSTEM@@SGKXZ
??0SUPERAREA@@IAE@XZ
?Initialize@READ_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
??0READ_WRITE_CACHE@@QAE@XZ
?QueryParents@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?Initialize@VOL_LIODPDRV@@IAEEPBVWSTRING@@0PAVSUPERAREA@@PAVMESSAGE@@E@Z
?SendSonyMSTestUnitReadyCmd@DP_DRIVE@@QAEEPAU_SENSE_DATA@@@Z
?RemoveAll@SPARSE_SET@@QAEEXZ
?GetCannedSecurity@IFS_SYSTEM@@SGPAVCANNED_SECURITY@@XZ
??0VOL_LIODPDRV@@IAE@XZ

ole32

HICON_UserFree
OleRegGetUserType
CoFreeUnusedLibrariesEx
ComPs_NdrDllRegisterProxy
CLSIDFromOle1Class
CoGetMarshalSizeMax
CoUnloadingWOW
UtGetDvtd32Info
StgConvertVariantToProperty
WdtpInterfacePointer_UserUnmarshal
OleSetAutoConvert
OleFlushClipboard
RevokeDragDrop
OleCreateFromData
StgCreateStorageEx
CoInitializeSecurity
CoGetCurrentProcess
CoLockObjectExternal
DcomChannelSetHResult
CoSetCancelObject
CoInstall
HACCEL_UserMarshal
CLSIDFromProgIDEx
CoCreateFreeThreadedMarshaler
SNB_UserUnmarshal
OleCreateLink
OleCreateLinkToFileEx
RegisterDragDrop
CoGetObjectContext

wshext

DllGetClassObject
VerifyIndirectData
PutSignedDataMsg
CreateIndirectData
RemoveSignedDataMsg
GetSignedDataMsg
IsFileSupportedName

Sections

.tixt
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 323KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d8e5db629f8f111088cec704c49c22e

Headers

DLL Characteristics

File Characteristics

Imports

dbnetlib

kernel32

msvcirt

cfgmgr32

ntdll

shlwapi

msvcrt40

ifsutil

ole32

wshext

Sections

.tixt Size: 349KB - Virtual size: 349KB

.rdata Size: 193KB - Virtual size: 193KB

.data Size: 323KB - Virtual size: 1.7MB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

.tixt
Size: 349KB - Virtual size: 349KB

.rdata
Size: 193KB - Virtual size: 193KB

.data
Size: 323KB - Virtual size: 1.7MB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB