05863aab82f167ca2df84f8acf7d930e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

05863aab82f167ca2df84f8acf7d930e_JaffaCakes118
Size

49KB
MD5

05863aab82f167ca2df84f8acf7d930e
SHA1

a461bd2bd32b87da126acfda8fb697e3478280b6
SHA256

72528961d079e6496971921af870a66efaf5e5b970fa62de5b222b5937543636
SHA512

246f3b56ba6db12f792c3417f5f5d5571af85aa91833184193233cbd89f12d97374cdfbc40105ac7d05d784c04871d4460fa8f43b4ae8716bc811c0889044c66
SSDEEP

768:/DRZWrCaX5j6W2a8LDtgzdvpNoFT4WzPowv1bIh+wuOk5L3F2lBAz/dvTfcghMw/:kC9WA/a+hRowvRI0w97wzVfWf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05863aab82f167ca2df84f8acf7d930e_JaffaCakes118

Files

05863aab82f167ca2df84f8acf7d930e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8a486fd7597c9bc2c8f751c92079596b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ufat

??1EA_HEADER@@UAE@XZ
?SearchForDirEntry@FATDIR@@QAEPAXPBVWSTRING@@@Z
?AllocChain@FAT@@QAEKKPAK@Z
?Initialize@FAT_DIRENT@@QAEEPAX@Z
?QueryName@FAT_DIRENT@@QBEEPAVWSTRING@@@Z
?QueryCensusAndRelocate@FAT_SA@@QAEEPAU_CENSUS_REPORT@@PAVINTSTACK@@PAE@Z
?IsValidLastAccessTime@FAT_DIRENT@@QBEEXZ
??1FILEDIR@@UAE@XZ
Format
??0FAT_SA@@QAE@XZ
?Initialize@ROOTDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KJ@Z
?QueryEaSetClusterNumber@EA_HEADER@@QBEGG@Z
?Initialize@CLUSTER_CHAIN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
??0CLUSTER_CHAIN@@QAE@XZ
?InitFATChkDirty@REAL_FAT_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@@Z
FormatEx
?Write@CLUSTER_CHAIN@@UAEEXZ
?GetEa@EA_SET@@QAEPAU_EA@@KPAJPAE@Z
??1FAT_SA@@UAE@XZ
Recover
?QueryLastWriteTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
??0EA_SET@@QAE@XZ
??0FAT_DIRENT@@QAE@XZ
?Read@REAL_FAT_SA@@UAEEPAVMESSAGE@@@Z
?Initialize@REAL_FAT_SA@@UAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@E@Z
?Initialize@EA_SET@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?Initialize@FILEDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@K@Z
?QueryLengthOfChain@FAT@@QBEKKPAK@Z
?QueryNthCluster@FAT@@QBEKKK@Z
?QueryLastAccessTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?Initialize@EA_HEADER@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?Read@CLUSTER_CHAIN@@UAEEXZ
??1ROOTDIR@@UAE@XZ
?IsValidCreationTime@FAT_DIRENT@@QBEEXZ
??0REAL_FAT_SA@@QAE@XZ
??1EA_SET@@UAE@XZ
??0ROOTDIR@@QAE@XZ
??0FILEDIR@@QAE@XZ
??1REAL_FAT_SA@@UAE@XZ
??0EA_HEADER@@QAE@XZ

msvcrt

_findnext
_adj_fdiv_r
_wfsopen
memchr
_stricoll
_mbctolower
_ismbcalpha
difftime
getenv
_CIpow
_gmtime64
_getdiskfree
getchar
_mbsdup
toupper
isalpha
??4bad_cast@@QAEAAV0@ABV0@@Z
_adj_fprem1
_ismbcdigit
_wfindnexti64
_strdup
_scalb
atexit
__doserrno
_CIatan2
strspn
?what@exception@@UBEPBDXZ
_getpid
_strcmpi
_mbsnccnt
_telli64
__p___argv
__getmainargs
qsort
_isnan
_sys_errlist
_aligned_malloc
_makepath
localtime
_adj_fdiv_m32i
wcsftime
_wcserror
_wperror
ldexp
_set_error_mode
__iscsym

ntdll

NtUnloadDriver
RtlCreateSecurityDescriptor
ZwQueryDefaultUILanguage
RtlInitString
__isascii
NtCreateTimer
RtlStartRXact
ZwNotifyChangeMultipleKeys
RtlCreateQueryDebugBuffer
ZwPrivilegeCheck
NtQueryEvent
NtLoadKey
RtlGetNtGlobalFlags
RtlDeleteTimerQueueEx
_wtol
RtlEqualComputerName
NtResumeProcess
NtSetSystemInformation
NtWaitForDebugEvent
RtlCreateActivationContext
NtQueryInformationPort
DbgUiGetThreadDebugObject
ZwResetWriteWatch
ZwResumeThread
ZwQueryBootOptions

msvcirt

??_Gistream@@UAEPAXI@Z
?sbumpc@streambuf@@QAEHXZ
?putback@istream@@QAEAAV1@D@Z
??0strstreambuf@@QAE@H@Z
??0istream_withassign@@QAE@PAVstreambuf@@@Z
?delbuf@ios@@QBEHXZ
?gcount@istream@@QBEHXZ
?blen@streambuf@@IBEHXZ
?endl@@YAAAVostream@@AAV1@@Z
?sputc@streambuf@@QAEHH@Z
??_Gistrstream@@UAEPAXI@Z
?str@ostrstream@@QAEPADXZ
??0strstream@@QAE@ABV0@@Z
??_7exception@@6B@
?writepad@ostream@@AAEAAV1@PBD0@Z
?x_curindex@ios@@0HA
??_Eiostream@@UAEPAXI@Z
?lockptr@ios@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
?write@ostream@@QAEAAV1@PBCH@Z
?setmode@ofstream@@QAEHH@Z
?x_maxbit@ios@@0JA
?rdbuf@ios@@QBEPAVstreambuf@@XZ
?getdouble@istream@@AAEHPADH@Z
??5istream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
??4ostream_withassign@@QAEAAVostream@@PAVstreambuf@@@Z
??0iostream@@QAE@PAVstreambuf@@@Z
??_Eostream_withassign@@UAEPAXI@Z
??0exception@@QAE@XZ
??4fstream@@QAEAAV0@AAV0@@Z
??4istream_withassign@@QAEAAV0@ABV0@@Z
??5istream@@QAEAAV0@AAC@Z
??0ostrstream@@QAE@ABV0@@Z
??5istream@@QAEAAV0@AAD@Z
??_Glogic_error@@UAEPAXI@Z
?tellp@ostream@@QAEJXZ
?attach@ifstream@@QAEXH@Z
??0ifstream@@QAE@HPADH@Z
??5istream@@QAEAAV0@PAE@Z
?setbuf@streambuf@@UAEPAV1@PADH@Z
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??_Estdiostream@@UAEPAXI@Z

cryptui

CryptUIDlgViewContext
CryptUIDlgViewSignerInfoW
CryptUIDlgViewCertificatePropertiesW
CryptUIWizSubmitCertRequestNoDS
CryptUIGetCertificatePropertiesPagesA
CryptUIDlgViewSignerInfoA
CryptUIDlgFreeCAContext
CryptUIWizExport
CryptUIDlgSelectCertificateFromStore
CryptUIGetViewSignaturesPagesA
RetrievePKCS7FromCA
ACUIProviderInvokeUI
CryptUIWizQueryCertRequestNoDS
CryptUIDlgSelectCertificateW
CryptUIGetCertificatePropertiesPagesW
CryptUIWizCreateCertRequestNoDS
CryptUIDlgViewCertificateW
CryptUIWizFreeDigitalSignContext
CryptUIDlgSelectCA
LocalEnroll
CryptUIDlgViewCertificatePropertiesA
EnrollmentCOMObjectFactory_getInstance
CryptUIDlgViewCertificateA
CryptUIDlgSelectStoreA
CryptUIFreeViewSignaturesPagesA
CryptUIWizFreeCertRequestNoDS
CryptUIWizImport
CryptUIGetViewSignaturesPagesW
I_CryptUIProtectFailure
CryptUIDlgViewCRLA
LocalEnrollNoDS
CryptUIFreeViewSignaturesPagesW
CryptUIFreeCertificatePropertiesPagesW
CryptUIDlgSelectCertificateA
CryptUIWizCertRequest
CryptUIDlgViewCTLA
CryptUIDlgCertMgr
CryptUIFreeCertificatePropertiesPagesA
CryptUIDlgSelectStoreW

kernel32

GetFileAttributesW
FindFirstFileExA
GetStringTypeW
FreeEnvironmentStringsA
GetSystemWow64DirectoryW
EraseTape
SetConsoleScreenBufferSize
GetQueuedCompletionStatus
GetExpandedNameA
GetEnvironmentStringsW
_lclose
GetCurrentThread
VDMOperationStarted
VirtualFree
OpenFile
ClearCommBreak
EnumResourceTypesA
SetThreadPriorityBoost
GetProfileStringA
CommConfigDialogW
SwitchToFiber
GetConsoleCommandHistoryW
QueryInformationJobObject
GetLocaleInfoW
FindVolumeMountPointClose
GetThreadContext
IsBadStringPtrA
FreeLibraryAndExitThread
GlobalReAlloc
DnsHostnameToComputerNameA
ProcessIdToSessionId
lstrcmpi
SetNamedPipeHandleState
LZStart
HeapDestroy
QueryPerformanceCounter
GetConsoleInputWaitHandle
VirtualAlloc
DosPathToSessionPathA
LoadLibraryA
EnumerateLocalComputerNamesW
SizeofResource
SetEnvironmentVariableA
WriteProfileStringA
AddVectoredExceptionHandler
GetCurrencyFormatW

Sections

.text
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a486fd7597c9bc2c8f751c92079596b

Headers

DLL Characteristics

File Characteristics

Imports

ufat

msvcrt

ntdll

msvcirt

cryptui

kernel32

Sections

.text Size: 34KB - Virtual size: 36KB

.rdata Size: 8KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 64KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 34KB - Virtual size: 36KB

.rdata
Size: 8KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 64KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB