700b99cb153c79ded6a05c2b92fa483d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

700b99cb153c79ded6a05c2b92fa483d_JaffaCakes118
Size

130KB
MD5

700b99cb153c79ded6a05c2b92fa483d
SHA1

6a8e1821365f2ae0d570a28aa95633ebd548178c
SHA256

48e97ac167bb3d65704e3cee436fe92b34305b663438c1d466b225b66ca1cb5c
SHA512

dbe5fdcfd738a17d966378a2dfde3292c51b03b7b81e1145384fb47250a83ab8b39e44e818879ed4234c1af1c122514ff02f8cd45c6328991a2463d325dd9af4
SSDEEP

3072:1GUDWHFDEEh33mnBdz9+BL7s5kfNT8DIfplLLw+Sj/:7S9EEtAHzQC5cT8DIfTw+S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
700b99cb153c79ded6a05c2b92fa483d_JaffaCakes118

Files

700b99cb153c79ded6a05c2b92fa483d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

41e2b10168a429c905acb029afc94e80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceW
SetFileShortNameA
SetLocalTime
GetNumaNodeProcessorMask
ReadConsoleOutputCharacterA
EnumCalendarInfoExA
FindCloseChangeNotification
GetProcessTimes
UnlockFileEx
VirtualAlloc
EnumTimeFormatsA
LoadResource
GetVDMCurrentDirectories
OpenMutexA
GetACP
CreateJobSet
FindActCtxSectionStringW
GetStartupInfoA
WaitForSingleObjectEx
FlushViewOfFile
SetConsoleWindowInfo
WaitNamedPipeA
ResumeThread
SetThreadExecutionState
_hwrite
IsValidLocale
UTRegister
GetCommConfig
SetClientTimeZoneInformation
LoadLibraryA
GlobalAddAtomW
SetLastError
GetModuleHandleA
WriteConsoleOutputCharacterW
GlobalAlloc
SetCalendarInfoW
LocalHandle
GetSystemInfo

ufat

??0ROOTDIR@@QAE@XZ
?QueryLastWriteTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?Index12@FAT@@ABEKK@Z
?Initialize@FAT_DIRENT@@QAEEPAXE@Z
ChkdskEx
??0CLUSTER_CHAIN@@QAE@XZ
?Read@CLUSTER_CHAIN@@UAEEXZ
FormatEx
?Initialize@REAL_FAT_SA@@UAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@E@Z
??0FILEDIR@@QAE@XZ
?FreeChain@FAT@@QAEXK@Z
?GetEa@EA_SET@@QAEPAU_EA@@KPAJPAE@Z
?InitFATChkDirty@REAL_FAT_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@@Z
??1FAT_DIRENT@@UAE@XZ
?Read@EA_SET@@UAEEXZ
?Read@REAL_FAT_SA@@UAEEPAVMESSAGE@@@Z
??1EA_SET@@UAE@XZ
?Initialize@EA_HEADER@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?QueryFreeSectors@REAL_FAT_SA@@QBEKXZ
?Initialize@ROOTDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KJ@Z
?QueryCreationTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
??0REAL_FAT_SA@@QAE@XZ
?IsValidCreationTime@FAT_DIRENT@@QBEEXZ
??1FAT_SA@@UAE@XZ
??0FAT_DIRENT@@QAE@XZ
?QueryFileStartingCluster@FAT_SA@@QAEKPBVWSTRING@@PAVHMEM@@PAPAVFATDIR@@PAEPAVFAT_DIRENT@@@Z
?IsValidLastAccessTime@FAT_DIRENT@@QBEEXZ
??1ROOTDIR@@UAE@XZ
?QueryLastAccessTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?Set12@FAT@@AAEXKK@Z

advapi32

AddAccessDeniedAce
RemoveUsersFromEncryptedFile
AccessCheckByTypeResultListAndAuditAlarmByHandleA
BuildImpersonateTrusteeA
LsaLookupPrivilegeDisplayName
AccessCheckByTypeResultList
LsaLookupPrivilegeName
SaferCloseLevel
LsaRemovePrivilegesFromAccount
GetSidIdentifierAuthority
GetSecurityInfoExW
ElfClearEventLogFileW
CancelOverlappedAccess
ObjectOpenAuditAlarmW
WmiDevInstToInstanceNameW
LookupSecurityDescriptorPartsA
CryptEncrypt
CryptExportKey
WmiNotificationRegistrationW
GetSecurityInfoExA
RegLoadKeyA
OpenBackupEventLogW
RegEnumKeyExW
LsaSetSystemAccessAccount
LsaCreateTrustedDomainEx
GetSecurityDescriptorGroup
ConvertToAutoInheritPrivateObjectSecurity
LsaSetDomainInformationPolicy
ConvertSecurityDescriptorToStringSecurityDescriptorA
IsTokenRestricted
ElfChangeNotify
DuplicateTokenEx
SystemFunction032
CloseEncryptedFileRaw
SetNamedSecurityInfoA

ole32

HMENU_UserFree
StgIsStorageFile
PropVariantChangeType
OleCreateStaticFromData
HACCEL_UserUnmarshal
OleSave
CoResumeClassObjects
HWND_UserFree
CreateErrorInfo
CoDosDateTimeToFileTime
CoQueryAuthenticationServices
HICON_UserMarshal
RevokeDragDrop
SNB_UserMarshal
HBITMAP_UserMarshal
StringFromCLSID
CoRegisterPSClsid
HMETAFILEPICT_UserMarshal
CoFileTimeNow
HkOleRegisterObject
SNB_UserFree
STGMEDIUM_UserFree
DllGetClassObjectWOW
PropSysFreeString
CoRetireServer
STGMEDIUM_UserUnmarshal
CoMarshalHresult
CLSIDFromProgIDEx
PropStgNameToFmtId
HPALETTE_UserUnmarshal
OleRegGetUserType
CreateItemMoniker

msi

MsiDatabaseImportW
MsiGetPatchInfoW
MsiReinstallProductA
MsiEnumComponentsW
MsiGetFeatureValidStatesA
MsiGetPropertyW
MsiSetFeatureStateA
MsiGetSourcePathA
MsiUseFeatureExW
MsiSetTargetPathW
MsiGetActiveDatabase
MsiCreateRecord
MsiVerifyPackageA
MsiSourceListForceResolutionW
MsiGetProductCodeFromPackageCodeW
MsiQueryProductStateW
MsiGetProductCodeFromPackageCodeA
MsiSetFeatureAttributesA
MsiGetTargetPathW
MsiQueryFeatureStateW
MsiAdvertiseProductExA
MsiGetComponentStateA
MsiSummaryInfoGetPropertyCount
MsiProcessMessage
MsiViewGetErrorW
MsiDatabaseExportW
MsiProvideQualifiedComponentExA
MsiGetFeatureCostA
MsiSequenceW
MsiGetProductPropertyW
MsiNotifySidChangeA
MsiEnableLogW
MsiOpenPackageExA

perfctrs

OpenTcpIpPerformanceData
CloseNWNBPerformanceData
CloseTcpIpPerformanceData
OpenNWNBPerformanceData
CollectIPXPerformanceData
CollectSPXPerformanceData
CloseNbfPerformanceData
CloseIPXPerformanceData
CloseSPXPerformanceData
CollectDhcpPerformanceData
OpenDhcpPerformanceData
CollectNbfPerformanceData
CollectNWNBPerformanceData
OpenNbfPerformanceData
OpenSPXPerformanceData
CloseDhcpPerformanceData
OpenIPXPerformanceData
CollectTcpIpPerformanceData

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41e2b10168a429c905acb029afc94e80

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ufat

advapi32

ole32

msi

perfctrs

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 69KB - Virtual size: 142KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 69KB - Virtual size: 142KB

.rsrc
Size: 2KB - Virtual size: 1KB