f3ee28c43dfc3d89d8feeca64bc8a859_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f3ee28c43dfc3d89d8feeca64bc8a859_JaffaCakes118
Size

860KB
MD5

f3ee28c43dfc3d89d8feeca64bc8a859
SHA1

6e12e97583956355264d9006ae54d636feb3d899
SHA256

ed4cf3a282e1f545178fc48c9545e1c179fedcbd972c193a962ec2ca192146be
SHA512

0e492d14039d0a35acdc0821a92c426c33ff0fd0e37c8bc02be43acd8fe50e21d0bd3a0141fe7437e0f6586f1fdc6d8c360f13bd909f197c85c88e6d2f5606cb
SSDEEP

24576:BfYEsG9cc5C96d+fhxPBOwdEAJ3R7zjXwHVJD:B/sG9x5afxPB5/PXGVh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3ee28c43dfc3d89d8feeca64bc8a859_JaffaCakes118

Files

f3ee28c43dfc3d89d8feeca64bc8a859_JaffaCakes118
.exe windows:5 windows x86 arch:x86

38dcd0ac14e495c268b8a430ad111efb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CsrBroadcastSystemMessageExW
IsWindowUnicode
GetScrollInfo
GetClipboardSequenceNumber
InvalidateRect
UnhookWindowsHookEx
DdeGetLastError
RegisterLogonProcess
MenuItemFromPoint
DestroyAcceleratorTable
TranslateAccelerator
EnumPropsExA
MBToWCSEx
GetClientRect
RealGetWindowClassA
BroadcastSystemMessage
UnregisterUserApiHook
MessageBoxA
GetWindowWord
UserLpkPSMTextOut
GetWinStationInfo
CreateSystemThreads
GetDoubleClickTime
UnhookWindowsHook
MapVirtualKeyExA
SetWindowTextW
EnumDesktopWindows
GetAncestor
GetWindowLongA
SetCaretBlinkTime
DdeNameService
CalcMenuBar
OffsetRect
ImpersonateDdeClientWindow
GetCursor
GetAltTabInfoW
WINNLSGetIMEHotkey
ScrollChildren
GetWindowInfo
OpenDesktopW
CharNextW
CreateWindowExA

kernel32

VirtualAlloc
GlobalHandle
GetConsoleCommandHistoryLengthW
IsProcessInJob
GetLocaleInfoW
GetNumberOfConsoleMouseButtons
GetThreadContext
WriteProfileStringW
GetConsoleKeyboardLayoutNameW
UpdateResourceA
GetNumaAvailableMemoryNode
TerminateThread
WriteConsoleW
LoadLibraryA
WaitNamedPipeA
CreateNamedPipeA
GetEnvironmentStrings
GetSystemDefaultLangID
CreateIoCompletionPort
PrivCopyFileExW
SetLocaleInfoW
WriteProcessMemory
IsValidCodePage
CreateHardLinkA
FormatMessageW
BackupSeek
SetProcessShutdownParameters
GetTickCount
WriteConsoleInputW
GlobalCompact
IsBadStringPtrA
GetLongPathNameW
OutputDebugStringA
OpenEventW
GetCalendarInfoA
SetTermsrvAppInstallMode
GetSystemDefaultLCID
TermsrvAppInstallMode

setupapi

SetupInitDefaultQueueCallbackEx
CM_Get_DevNode_Registry_Property_ExA
CM_Add_IDW
SetupDiSetDeviceInstallParamsW
SetupDiOpenDeviceInterfaceRegKey
SetupDiClassGuidsFromNameExW
SetupInstallFileW
SetupCopyOEMInfA
SetupCloseInfFile
SetupInstallServicesFromInfSectionExA
SetupTermDefaultQueueCallback
CM_Get_Hardware_Profile_Info_ExA
SetupDiGetDeviceInstanceIdA
SetupDiGetActualSectionToInstallW
SetupQueueCopySectionW
MyMalloc
CM_Get_Device_ID_List_Size_ExA
SetupGetFileCompressionInfoExW
SetupDiOpenClassRegKeyExW
CM_Get_Device_ID_List_SizeW
SetupRemoveFromSourceListA
SetupDiMoveDuplicateDevice
CM_Remove_SubTree_Ex
CM_Is_Dock_Station_Present
SetupDiOpenDeviceInfoW
SetupDiGetClassImageIndex
CMP_WaitServicesAvailable
pSetupAccessRunOnceNodeList

d3d8thk

OsThunkDdGetMoCompBuffInfo
OsThunkDdColorControl
OsThunkDdCreateSurface
OsThunkD3dContextDestroy
OsThunkDdUnattachSurface
OsThunkDdBeginMoCompFrame
OsThunkDdLockD3D
OsThunkDdAddAttachedSurface
OsThunkDdSetColorKey
OsThunkDdGetDriverInfo
OsThunkDdRenderMoComp
OsThunkDdEndMoCompFrame
OsThunkDdQueryDirectDrawObject
OsThunkDdSetExclusiveMode
OsThunkDdGetBltStatus
OsThunkDdGetScanLine
OsThunkDdSetGammaRamp
OsThunkDdGetInternalMoCompInfo
OsThunkDdUnlock
OsThunkDdGetMoCompGuids
OsThunkDdCanCreateD3DBuffer
OsThunkDdGetAvailDriverMemory
OsThunkDdGetFlipStatus
OsThunkDdSetOverlayPosition
OsThunkDdGetMoCompFormats
OsThunkDdDestroyD3DBuffer
OsThunkDdResetVisrgn
OsThunkD3dDrawPrimitives2
OsThunkDdDestroySurface
OsThunkDdCreateDirectDrawObject
OsThunkD3dValidateTextureStageState
OsThunkDdCreateSurfaceEx
OsThunkDdDeleteDirectDrawObject
OsThunkD3dContextCreate

sqlsrv32

SQLAllocHandle
SQLPrimaryKeysW
SQLGetInfoW
SQLExecute
BCP_writefmt
SQLGetConnectAttrW
SQLGetConnectOptionW
SQLSetDescRec
BCP_setcolfmt
SQLGetEnvAttr
SQLSetEnvAttr
BCP_collen
SQLSetConnectAttrW
BCP_control
BCP_bind
SQLMoreResults
SQLGetTypeInfoW
ConnectDlgProc
ConfigDSNW
SQLSpecialColumnsW
SQLGetCursorNameW
SQLParamOptions
BCP_done
FinishDlgProc
ConfigDriverW

ufat

??1EA_SET@@UAE@XZ
??0FAT_DIRENT@@QAE@XZ
??1FAT_SA@@UAE@XZ
?Initialize@FAT_DIRENT@@QAEEPAX@Z
?IsValidCreationTime@FAT_DIRENT@@QBEEXZ
?QueryFreeSectors@REAL_FAT_SA@@QBEKXZ
?Set12@FAT@@AAEXKK@Z
?Initialize@CLUSTER_CHAIN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?Initialize@ROOTDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KJ@Z
?IsValidLastAccessTime@FAT_DIRENT@@QBEEXZ
?QueryLongName@FATDIR@@QAEEJPAVWSTRING@@@Z
Recover
??0FILEDIR@@QAE@XZ
??0EA_SET@@QAE@XZ
?Index12@FAT@@ABEKK@Z
?QueryCensusAndRelocate@FAT_SA@@QAEEPAU_CENSUS_REPORT@@PAVINTSTACK@@PAE@Z
?AllocChain@FAT@@QAEKKPAK@Z
?QueryFileStartingCluster@FAT_SA@@QAEKPBVWSTRING@@PAVHMEM@@PAPAVFATDIR@@PAEPAVFAT_DIRENT@@@Z
??0CLUSTER_CHAIN@@QAE@XZ
?Write@CLUSTER_CHAIN@@UAEEXZ
?InitFATChkDirty@REAL_FAT_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@@Z
??0REAL_FAT_SA@@QAE@XZ
Chkdsk
?Initialize@REAL_FAT_SA@@UAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@E@Z
??1ROOTDIR@@UAE@XZ
?Read@CLUSTER_CHAIN@@UAEEXZ
ChkdskEx
?QueryAllocatedClusters@FAT@@QBEKXZ

iassvcs

IASSetMaxThreadIdle
IASAdler32
IASGetLocalDictionary
IASGetDictionary
IASInitialize
IASReportEvent
IASRequestThread
IASVariantChangeType
IASUninitialize
IASGetHostByName
IASAllocateUniqueID
IASSetMaxNumberOfThreads
IASRegisterComponent
DllGetClassObject
IASRadiusCrypt

Sections

.text
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38dcd0ac14e495c268b8a430ad111efb

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

setupapi

d3d8thk

sqlsrv32

ufat

iassvcs

Sections

.text Size: 364KB - Virtual size: 364KB

.rdata Size: 352KB - Virtual size: 352KB

.data Size: 141KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 364KB - Virtual size: 364KB

.rdata
Size: 352KB - Virtual size: 352KB

.data
Size: 141KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB