f86ac684d5c6745cec0273987d38ac83_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f86ac684d5c6745cec0273987d38ac83_JaffaCakes118
Size

372KB
MD5

f86ac684d5c6745cec0273987d38ac83
SHA1

9a34cdcf09c1f689e9da3beb7a04c764e34756e4
SHA256

5a2a2da67d64c623127bb73597fb418a24c5047d1d3218144b8cca8831520379
SHA512

4f24705cb225d4b38f1809508256f89a426e07e22668833472c0940527f777c95e34fcc9607bb6029dc946d8ff7400071f3ab5525fa4e5f5a0525e5f39a61b3a
SSDEEP

6144:8X1RDLjTEWAImKlUUQE9zSlI14/SdJ8EWtRS0Gsj2BGa36P+GjhudnKNifU:Q1RjTDAImVUQWtQ2aw4jYYPjcEis

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f86ac684d5c6745cec0273987d38ac83_JaffaCakes118

Files

f86ac684d5c6745cec0273987d38ac83_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c3122b7462f3af6d1b8192dad80ec9b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

mscms

GetPS2ColorRenderingIntent
UninstallColorProfileA
DeleteColorTransform
RegisterCMMW
InternalGetPS2CSAFromLCS
GetColorProfileFromHandle
GetStandardColorSpaceProfileW
TranslateBitmapBits
GetColorProfileHeader
GetPS2ColorRenderingDictionary
InternalGetDeviceConfig
AssociateColorProfileWithDeviceW
GetColorProfileElementTag
GetColorDirectoryA
IsColorProfileTagPresent
OpenColorProfileW
SetColorProfileElementSize
IsColorProfileValid
DisassociateColorProfileFromDeviceA
GetPS2ColorSpaceArray
DisassociateColorProfileFromDeviceW
SetStandardColorSpaceProfileA
SetColorProfileElementReference
RegisterCMMA
OpenColorProfileA
InternalGetPS2PreviewCRD
InternalSetDeviceConfig
GetColorProfileElement
CloseColorProfile
SpoolerCopyFileEvent
CheckBitmapBits
CreateProfileFromLogColorSpaceW
SetStandardColorSpaceProfileW
InternalGetPS2ColorSpaceArray
CreateMultiProfileTransform
InternalGetPS2ColorRenderingDictionary
CreateDeviceLinkProfile
TranslateColors
CreateColorTransformA
UnregisterCMMW
GetNamedProfileInfo
EnumColorProfilesW
GetStandardColorSpaceProfileA

clusapi

GetClusterNetInterfaceState
GetClusterFromNode
FailClusterResource
GetClusterNodeKey
CloseClusterNode
ClusterNodeGetEnumCount
SetClusterName
GetClusterInformation
ClusterNodeControl
BackupClusterDatabase
GetClusterNetworkKey
GetClusterNodeId
ChangeClusterResourceGroup
ClusterControl
OpenClusterGroup
ClusterResourceCloseEnum
GetClusterResourceState
ClusterNodeEnum
ClusterRegGetKeySecurity
GetClusterResourceKey
GetClusterNetworkState
PauseClusterNode
SetClusterGroupName
GetClusterFromNetwork
ClusterRegOpenKey
CloseClusterNetInterface
GetClusterNotify
SetClusterNetworkPriorityOrder
ClusterCloseEnum

secur32

LsaCallAuthenticationPackage
InitSecurityInterfaceW
SecpTranslateNameEx
MakeSignature
SaslAcceptSecurityContext
LsaEnumerateLogonSessions
TranslateNameW
LsaLogonUser
DeleteSecurityPackageA
LsaUnregisterPolicyChangeNotification
EncryptMessage
QuerySecurityPackageInfoA
EnumerateSecurityPackagesW
ExportSecurityContext
LsaRegisterPolicyChangeNotification
QueryCredentialsAttributesW
ImpersonateSecurityContext
LsaDeregisterLogonProcess
SaslEnumerateProfilesW
DeleteSecurityContext
SetContextAttributesW
InitSecurityInterfaceA
InitializeSecurityContextA
LsaFreeReturnBuffer
LsaConnectUntrusted
UnsealMessage
SaslInitializeSecurityContextA
AcceptSecurityContext
CompleteAuthToken
SaslGetProfilePackageA
ImportSecurityContextW
SecpTranslateName
ApplyControlToken
AddCredentialsA
AcquireCredentialsHandleA
SaslEnumerateProfilesA
AcquireCredentialsHandleW
VerifySignature
EnumerateSecurityPackagesA
LsaGetLogonSessionData
RevertSecurityContext
SetContextAttributesA

user32

GetShellWindow
MessageBoxIndirectW
DdeNameService
AnyPopup
SetCursorPos
SendMessageCallbackW
SetShellWindowEx
GetWindowWord
CreateWindowExW
DrawTextExW
SetLayeredWindowAttributes
IsDialogMessage
LoadImageW
SetProcessWindowStation
RegisterUserApiHook
DrawEdge
ArrangeIconicWindows
GetCaretBlinkTime
WinHelpW
OpenDesktopW
GetListBoxInfo
DestroyAcceleratorTable
QuerySendMessage
EnumDesktopWindows
GetKeyboardLayoutList
GetWindowDC
SubtractRect
DefFrameProcA
ChildWindowFromPoint
RegisterShellHookWindow
SetMenu
EnumPropsExW
SetCursor
wvsprintfA

kernel32

SetUserGeoID
WritePrivateProfileSectionW
GetProcessPriorityBoost
GlobalLock
GetConsoleAliasesW
IsSystemResumeAutomatic
lstrlenA
GetLogicalDriveStringsA
LoadLibraryA
GetNextVDMCommand
EnumDateFormatsExW
GlobalMemoryStatusEx
EnumResourceLanguagesW
GetCurrentActCtx
GetConsoleCommandHistoryLengthA
OpenProfileUserMapping
CreatePipe
VirtualAlloc
HeapLock
InitializeCriticalSectionAndSpinCount
SetFileAttributesW
GlobalSize
TransmitCommChar
GlobalHandle
LocalAlloc
GetLocaleInfoW
SleepEx
ReadConsoleInputExW
GetSystemTimeAsFileTime
LoadLibraryExA
RegisterConsoleVDM
SetConsoleMenuClose
SetTapeParameters
GetDevicePowerState
GetPrivateProfileStructW
FreeConsole
GetConsoleDisplayMode
HeapCreate
LocalLock
GetConsoleInputExeNameA

query

?GetVolumeName@CDriveInfo@@QAEPBGH@Z
_LoadBHIFilter@16
??0CWordRestriction@@QAE@ABVCKeyBuf@@KKKH@Z
?Resume@CProcess@@QAEXXZ
?GetCY@CAllocStorageVariant@@QBE?ATtagCY@@I@Z
?My_wcstoui64@@YA_KPBGPAPAGH@Z
?GetCGIVariableW@CWebServer@@QAEHPBGAAV?$XArray@G@@AAK@Z
?Marshall@CDbParameter@@QBEXAAVPSerStream@@@Z
?Next@CScopeEnum@@QAEHXZ
?Commit@CRcovStrmWriteTrans@@QAEXXZ
?GetCLSID@CAllocStorageVariant@@QBE?AU_GUID@@I@Z
?GetDATE@CAllocStorageVariant@@QBENI@Z
?ReturnBuffer@CPhysStorage@@QAEXKHH@Z
?AddCatalog@CMachineAdmin@@QAEXPBG0@Z
?Initialize@CImpersonationTokenCache@@QAEXPBGHHHKKK@Z
?SetUI4@CStorageVariant@@QAEXKI@Z
?Marshall@CRestriction@@QBEXAAVPSerStream@@@Z
?Empty@CPropStoreManager@@QAEXXZ
?SetProperty@CFullPropSpec@@QAEXK@Z
?Copy@CDbProp@@QAEHABUtagDBPROP@@@Z
?CheckHasIndexTable@CiStorage@@SGHPBG@Z
?ShrinkToFit@CPhysStorage@@QAEXXZ
?UpdateContentIndex@@YGKPBG00H@Z
?RefreshParams@CWorkQueue@@QAEXKK@Z
?ChangeCurrentScope@CCatState@@QAEXPBG@Z
?AddEntry@CPropertyList@@UAEXPAVCPropEntry@@H@Z
??0CException@@QAE@XZ
?CloseRecord@CPropStoreManager@@QAEXPAVCCompositePropRecordForWrites@@@Z
?AddRef@CFwPropertyMapper@@UAGKXZ
?Init@CRcovStorageHdr@@QAEXK@Z
?WriteProperty@CPropStoreManager@@QAEJAAVCCompositePropRecordForWrites@@KABVCStorageVariant@@@Z

dfsshlex

DllGetClassObject

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3122b7462f3af6d1b8192dad80ec9b0

Headers

File Characteristics

Imports

mscms

clusapi

secur32

user32

kernel32

query

dfsshlex

Sections

.text Size: 147KB - Virtual size: 147KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 1KB - Virtual size: 457KB

.rsrc Size: 113KB - Virtual size: 113KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 147KB - Virtual size: 147KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 1KB - Virtual size: 457KB

.rsrc
Size: 113KB - Virtual size: 113KB

.reloc
Size: 1024B - Virtual size: 1024B