0ce0efedab347be9f0e29e99115ae36e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ce0efedab347be9f0e29e99115ae36e_JaffaCakes118
Size

871KB
MD5

0ce0efedab347be9f0e29e99115ae36e
SHA1

930dbb2cf2a091621812cdaf7fcde4ef81e09352
SHA256

6016f6f5b1cfab22ca50fb8d716f5e4709ec4cdde2da4f20aadd5d6cdb482c75
SHA512

8db64881423f0d34fd7ae48c4bcaaaa850b40e3d53984623b1395cd6c8840df7fd7379c986e51fd2bc764888fc27058cb33c9fb148fddc752f8a30ae2c19eb7a
SSDEEP

24576:MPqwTZu4OpJ+KAZUCEW4t6SPg7994ymRvK/y:J0YJRaTywp94LRv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ce0efedab347be9f0e29e99115ae36e_JaffaCakes118

Files

0ce0efedab347be9f0e29e99115ae36e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

92e03515b6c7eeb182725db4371553c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

OleIsCurrentClipboard
CreateDataCache
CoGetClassVersion
CreateILockBytesOnHGlobal
CoGetCancelObject
HBITMAP_UserMarshal
HGLOBAL_UserSize
IsAccelerator
FreePropVariantArray
OleSaveToStream
HDC_UserSize
HENHMETAFILE_UserMarshal
HWND_UserMarshal
FmtIdToPropStgName
HICON_UserUnmarshal
OleLoad
GetHookInterface
CoCancelCall
HMETAFILE_UserSize
CoRevokeMallocSpy
HWND_UserSize
CoCreateObjectInContext
OleCreateFromData
HPALETTE_UserMarshal
CoGetInstanceFromFile
IIDFromString
CreateAntiMoniker
CLIPFORMAT_UserFree
CLIPFORMAT_UserUnmarshal
StgCreatePropSetStg
StgSetTimes
SNB_UserSize
WriteFmtUserTypeStg
ReleaseStgMedium
OleRegEnumVerbs
CoMarshalHresult
BindMoniker
CoQueryClientBlanket
DoDragDrop
CoGetMarshalSizeMax
CoCreateInstance
SNB_UserUnmarshal

cfgmgr32

CM_Is_Dock_Station_Present
CM_Is_Dock_Station_Present_Ex
CM_Query_Arbitrator_Free_Data
CM_Get_Version_Ex
CM_Get_HW_Prof_FlagsW
CM_Get_Device_ID_ExA
CM_Locate_DevNodeA
CM_Get_Child
CM_Set_DevNode_Registry_Property_ExA
CM_Enumerate_Classes
CM_Delete_Range
CM_Create_Range_List
CM_Query_Remove_SubTree
CM_Query_And_Remove_SubTree_ExW
CM_Query_And_Remove_SubTree_ExA
CM_Get_Device_ID_List_Size_ExA
CM_Connect_MachineA
CM_Disable_DevNode_Ex
CM_Get_Device_ID_ExW
CM_Reenumerate_DevNode
CM_Get_Hardware_Profile_Info_ExW
CM_Add_ID_ExA
CM_Get_Device_ID_List_SizeW
CM_Get_Next_Res_Des
CM_Delete_Class_Key_Ex
CM_Get_First_Log_Conf_Ex
CM_Add_Res_Des_Ex
CM_Get_Class_NameW
CM_Set_HW_Prof
CMP_Init_Detection
CM_Set_DevNode_Registry_PropertyA
CM_Query_Arbitrator_Free_Size
CM_Move_DevNode
CM_Unregister_Device_InterfaceA
CM_Get_Device_ID_ListA
CM_Get_Next_Res_Des_Ex
CM_Get_Class_Key_NameW
CM_Query_Remove_SubTree_Ex
CM_Get_DevNode_Registry_PropertyA
CM_Get_Depth_Ex
CM_Open_DevNode_Key_Ex
CM_Get_Res_Des_Data_Size_Ex
CM_Free_Res_Des_Handle

advapi32

ReadEventLogA
SystemFunction025
RegEnumValueA
EnumServicesStatusExW
CredDeleteW
SystemFunction001
CryptSetProviderA
SystemFunction027
CreateServiceW
BackupEventLogA
MD4Final
FreeInheritedFromArray
CryptEncrypt
SetEntriesInAclA
SetPrivateObjectSecurity
CredWriteDomainCredentialsW
SystemFunction026
CloseEventLog
LsaCreateTrustedDomain
RegQueryMultipleValuesW
ObjectPrivilegeAuditAlarmA
SystemFunction003
CredRenameW
QueryServiceStatusEx
SaferiCompareTokenLevels
I_ScGetCurrentGroupStateW
SystemFunction016
LookupSecurityDescriptorPartsA
EncryptedFileKeyInfo

shlwapi

StrRStrIW
PathFindOnPathW
PathFindExtensionA
PathSearchAndQualifyA
StrCSpnA
SHRegEnumUSKeyW
StrCatChainW
SHGetThreadRef
UrlHashA
wvnsprintfA
PathRemoveBackslashA
SHRegQueryInfoUSKeyW
wnsprintfA
PathSetDlgItemPathA
UrlIsW
SHOpenRegStream2W
AssocQueryKeyW
StrFormatKBSizeW
SHLoadIndirectString
PathSkipRootW
StrCSpnIA
StrRetToBufW
StrFormatByteSizeA
PathFindFileNameA
SHEnumValueW
StrRChrIW
SHRegGetBoolUSValueA
SHRegDeleteEmptyUSKeyA
PathCanonicalizeW
PathFileExistsW
PathRemoveExtensionA
SHSetValueA
PathStripToRootW
PathUnmakeSystemFolderA
SHRegGetPathA
PathStripPathW
PathFindSuffixArrayW

kernel32

QueryInformationJobObject
SetWaitableTimer
FindResourceExA
GetCurrentThread
FindVolumeClose
GetStdHandle
FindFirstFileA
SetConsoleHardwareState
_lopen
BuildCommDCBAndTimeoutsA
PostQueuedCompletionStatus
IsValidCodePage
GetCurrentThreadId
LoadLibraryA
SetComputerNameExW
GetConsoleInputExeNameW
VirtualQueryEx
WaitForSingleObjectEx
CreateActCtxA
lstrcpy
BaseCleanupAppcompatCacheSupport
FindNextVolumeA
VirtualAlloc
GlobalWire
GetEnvironmentStringsA
FindFirstChangeNotificationW
HeapCreate
GlobalAlloc
VDMOperationStarted
LoadLibraryExW
ReleaseSemaphore
UTRegister
CompareStringW
GetNamedPipeHandleStateA
OutputDebugStringW
SetLastError
GetVolumeNameForVolumeMountPointW
GetLogicalDriveStringsA
ReadConsoleOutputA
InvalidateConsoleDIBits
FindNextVolumeMountPointA

ntmarta

AccRewriteGetHandleRights
AccProvGetTrusteesAccess
AccProvHandleGetTrusteesAccess
AccGetAccessForTrustee
AccProvHandleRevokeAccessRights
AccProvGetAllRights
AccProvRevokeAccessRights
AccTreeResetNamedSecurityInfo
AccFreeIndexArray
AccLookupAccountName
AccProvIsAccessAudited
AccProvHandleGetAccessInfoPerObjectType
AccProvGetAccessInfoPerObjectType
AccProvGetOperationResults
AccConvertAccessToSecurityDescriptor
AccProvHandleSetAccessRights
AccConvertAclToAccess
AccProvHandleGrantAccessRights
AccProvHandleRevokeAuditRights
AccConvertSDToAccess
AccConvertAccessToSD
AccProvGetCapabilities
AccLookupAccountTrustee
AccProvHandleIsObjectAccessible
AccRewriteGetExplicitEntriesFromAcl
AccProvRevokeAuditRights
AccLookupAccountSid
AccSetEntriesInAList
EventNameFree
AccRewriteSetEntriesInAcl
AccProvSetAccessRights

ntdll

NtOpenIoCompletion
NtClearEvent
RtlQueueApcWow64Thread
NtQueryMutant
RtlGetProcessHeaps
RtlNewSecurityObjectEx
NtCompareTokens
RtlImageRvaToSection
NtSetLdtEntries
RtlFreeOemString
RtlIsValidIndexHandle
NtOpenThread
RtlCopyUnicodeString
RtlNumberGenericTableElementsAvl
_lfind
NtRemoveIoCompletion
RtlEqualLuid
ZwUnmapViewOfSection
ZwQueryDirectoryObject
RtlUlonglongByteSwap
isdigit
NtPrivilegeObjectAuditAlarm
NtCreateJobSet
DbgUiWaitStateChange
RtlTimeFieldsToTime
RtlCreateUserSecurityObject
ZwQuerySymbolicLinkObject
RtlDestroyHeap
wcsspn
NtMakePermanentObject
ZwVdmControl
ZwEnumerateValueKey

Sections

.text
Size: 208KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 584KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92e03515b6c7eeb182725db4371553c4

Headers

DLL Characteristics

File Characteristics

Imports

ole32

cfgmgr32

advapi32

shlwapi

kernel32

ntmarta

ntdll

Sections

.text Size: 208KB - Virtual size: 212KB

.rdata Size: 584KB - Virtual size: 588KB

.data Size: 74KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 208KB - Virtual size: 212KB

.rdata
Size: 584KB - Virtual size: 588KB

.data
Size: 74KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB