05561364ac06d78ab650e881bcf8f0c6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

05561364ac06d78ab650e881bcf8f0c6_JaffaCakes118
Size

24KB
MD5

05561364ac06d78ab650e881bcf8f0c6
SHA1

9554431761ee15cee96018e9c77c103b4704930f
SHA256

453b96c7d8bfb76cfe0225c0ce2b17e1a4aedc7b049cef9b1b8b48451fc3b24b
SHA512

7256c5245272091b771b41d12013891bd8e650b0d87bc26b4a6ae144a86156dbbad28835502932aed809eeb9f4b07c7757259f37cf36a4b0ce3193964f1c9d1c
SSDEEP

384:bMFKgrEqjuAbckhefBGN0G9EazLwdCSJo8A60PeJIK53f6Nb7cWPyuv:4FJjuAbHq0N04EGL7SGL7WJLZfE7/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05561364ac06d78ab650e881bcf8f0c6_JaffaCakes118

Files

05561364ac06d78ab650e881bcf8f0c6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

aad0db7dbb43249c560fbf47d0358fd3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt20

_setmbcp
strrchr
fseek
_putws
??_7fstream@@6B@
_fmode
_commode
_ismbbkprint
vprintf
_y1
_mbsstr
_mbsnccnt
_tcsicmp
?rdbuf@ostrstream@@QBEPAVstrstreambuf@@XZ
?rdbuf@fstream@@QBEPAVfilebuf@@XZ
_mbsncat
strerror
??4ios@@IAEAAV0@ABV0@@Z
?setmode@fstream@@QAEHH@Z
_wrmdir
_wgetenv
_ismbblead
_tcsncset
_setsystime
ftell
mblen
fgetwc
_wchdir
?width@ios@@QAEHH@Z
_mbsinc
putchar
?clrlock@streambuf@@QAEXXZ
?doallocate@streambuf@@MAEHXZ
??_Eios@@UAEPAXI@Z
??0stdiobuf@@QAE@ABV0@@Z
_stricmp
_ismbcprint
wprintf
?ignore@istream@@QAEAAV1@HH@Z

kernel32

GetPrivateProfileIntA
BuildCommDCBAndTimeoutsA
FatalAppExitW
GetFileAttributesExW
EnumCalendarInfoExW
GetVolumeInformationW
VirtualAlloc
GetTimeFormatW
ResetEvent
TransactNamedPipe
SetVDMCurrentDirectories
GetExpandedNameA
DeleteVolumeMountPointW
lstrlenA
RegisterConsoleIME
GetTapeParameters
GetThreadPriority
Beep
Sleep
HeapWalk
GetConsoleAliasExesW
GetProcessAffinityMask
GetPrivateProfileSectionW
SetConsolePalette
GetVersion
GetModuleHandleA

ifsutil

?GetAt@MOUNT_POINT_MAP@@QAEEKPAVWSTRING@@0@Z
?GetNext@TLINK@@QAEPAXPAX@Z
?Initialize@DP_DRIVE@@QAEEPBVWSTRING@@0PAVMESSAGE@@EE@Z
??1NUMBER_SET@@UAE@XZ
?ShellSort@TLINK@@QAEXXZ
?Initialize@DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EEG@Z
?QuerySize@TLINK@@QBEGXZ
?SendSonyMSInquiryCmd@DP_DRIVE@@QAEEPAUSONY_MS_INQUIRY_DATA@@@Z
?QuerySectorSize@DP_DRIVE@@UBEKXZ
?Write@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
??1TLINK@@UAE@XZ
?QueryPageSize@IFS_SYSTEM@@SGKXZ
?SetVolumeLabelAndPrintFormatReport@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?Remove@NUMBER_SET@@QAEEPBV1@@Z
??0VOL_LIODPDRV@@IAE@XZ
?DumpHashTable@SPARSE_SET@@QAEXXZ
?PushEntry@AUTOREG@@SGEPBVWSTRING@@@Z
?QueryDriveHandle@DP_DRIVE@@QBEPAXXZ
?Initialize@INTSTACK@@QAEEXZ
?QueryRecommendedMediaType@DP_DRIVE@@QBE?AW4_MEDIA_TYPE@@XZ
?QueryAutochkTimeOut@VOL_LIODPDRV@@SGEPAK@Z
?EnableFileSystem@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?GetMessageW@SUPERAREA@@QAEPAVMESSAGE@@XZ
??0READ_CACHE@@QAE@XZ
?SendSonyMSModeSenseCmd@DP_DRIVE@@QAEEPAUSONY_MS_MODE_SENSE_DATA@@@Z
??0CANNED_SECURITY@@QAE@XZ
?AddNext@NUMBER_SET@@QAEEVBIG_INT@@@Z
?SetAutochkTimeOut@VOL_LIODPDRV@@SGEK@Z
?Initialize@TLINK@@QAEEG@Z
?RemoveEdge@DIGRAPH@@QAEEKK@Z
??0MOUNT_POINT_TUPLE@@QAE@XZ
?Format@VOL_LIODPDRV@@QAE?AW4FORMAT_ERROR_CODE@@PBVWSTRING@@PAVMESSAGE@@KKK@Z
?SendSonyMSTestUnitReadyCmd@DP_DRIVE@@QAEEPAU_SENSE_DATA@@@Z
?SetCache@IO_DP_DRIVE@@QAEXPAVDRIVE_CACHE@@@Z
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@E@Z
?GetMessageW@IO_DP_DRIVE@@QAEPAVMESSAGE@@XZ
??0READ_WRITE_CACHE@@QAE@XZ
??1SECRUN@@UAE@XZ
?QueryCanonicalNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z

oleaut32

VarUI4FromCy
VarDateFromI1
VarUI8FromI8
VarI2FromCy
GetRecordInfoFromGuids
VariantCopy
VarDateFromI8
VarBstrFromBool
VarR8Round
VarI1FromUI4
VarR4FromI8
VarI8FromDisp
SafeArrayGetUBound
VarR8FromI2
VarDateFromUI4
VarUI4FromStr
VarOr
VarI1FromI2
VarI4FromUI8
VarBstrFromDate
VarBstrCmp
VarCyMulI8
VarI8FromUI2
SafeArrayGetElement
VarMod
VarBoolFromStr
VarI8FromR8

msvcrt40

_mbsnccnt
_wcsnicoll
??0exception@@QAE@ABV0@@Z
??5istream@@QAEAAV0@AAJ@Z
localeconv
atof
_stricmp
_daylight
?setmode@filebuf@@QAEHH@Z
_wutime
_wfreopen
wcsrchr
_ctype
_y1
_wcsicmp
??0ofstream@@QAE@HPADH@Z
_mbstrlen
_set_error_mode
_y0
??0filebuf@@QAE@H@Z
??_Eistrstream@@UAEPAXI@Z
memmove
_wpgmptr
strncmp

shlwapi

UrlCombineW
SHLoadIndirectString
PathSkipRootW
SHRegSetUSValueW
PathIsDirectoryW
PathIsDirectoryEmptyW
SHRegSetPathW
PathIsUNCServerShareA
PathCombineA
PathIsDirectoryEmptyA
wvnsprintfW
IntlStrEqWorkerA
PathMakePrettyA
PathAppendA
SHRegOpenUSKeyW
UrlIsOpaqueA
StrRStrIW
StrChrA
PathRemoveExtensionW
PathRemoveBlanksA
StrPBrkA
SHGetInverseCMAP
StrRetToBufW
SHSetThreadRef
StrCatW
SHQueryInfoKeyW

opengl32

glRectdv
glEvalCoord2dv
glTexCoord2iv
glEdgeFlagv
glGetMapdv
glPixelStoref
glColor3b
glLightModelf
glVertex3dv
glPassThrough
glNormal3dv
glNormal3bv
glIndexfv
glCopyTexImage1D
glTexCoord4i
glRects
glClearDepth
glTexCoord2dv
glMap1d
glPixelTransferi
glNormal3b
wglSwapLayerBuffers
glEdgeFlagPointer
glShadeModel
glVertex4fv
glIndexsv
wglUseFontOutlinesA
wglDescribePixelFormat
glVertex3iv

tapisrv

ServiceMain

user32

SetFocus

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aad0db7dbb43249c560fbf47d0358fd3

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt20

kernel32

ifsutil

oleaut32

msvcrt40

shlwapi

opengl32

tapisrv

user32

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1KB - Virtual size: 3KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 3KB