0f5bd3adadc6d1c76bff245655a72798_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f5bd3adadc6d1c76bff245655a72798_JaffaCakes118
Size

869KB
MD5

0f5bd3adadc6d1c76bff245655a72798
SHA1

9d4d399b9922e7768ad826925de6c4b9c8371d9e
SHA256

cd4c36f3940f0fdb92d8cb342e6da36c4051a369150b6861aaba86a3d17b8dac
SHA512

203871f601c9d7b22dcd2572c8ad1676c9b91a9200acc505f99d763dd7d8d740c16fe6eb2156735e56a59c9dd26fce95cfda27b386605cf5485488aa7cf3ffdf
SSDEEP

24576:03IANy3t1dBYUo2cSxNx2YSP5m2NbVoWv2dwA:9qybdBxtNEPMcNr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f5bd3adadc6d1c76bff245655a72798_JaffaCakes118

Files

0f5bd3adadc6d1c76bff245655a72798_JaffaCakes118
.exe windows:5 windows x86 arch:x86

afa371ed04ae8a54af97033746b1aaea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessId
FreeUserPhysicalPages
ReadConsoleOutputAttribute
GetCurrentConsoleFont
GetSystemDefaultLCID
SetConsoleMaximumWindowSize
GetSystemWindowsDirectoryW
RequestWakeupLatency
lstrcmpiW
CreateActCtxA
GetVolumePathNameW
GetConsoleCommandHistoryLengthW
FlushViewOfFile
SetMessageWaitingIndicator
SetThreadExecutionState
lstrcmpW
GetConsoleHardwareState
AddVectoredExceptionHandler
GetProcessPriorityBoost
LoadLibraryA
WritePrivateProfileStructW
GetVolumeInformationA
lstrcpyW
LocalSize
BackupWrite
DeleteTimerQueue
GetConsoleOutputCP
PulseEvent
DebugActiveProcess
GetDriveTypeW
GetConsoleAliasExesLengthW
CreateFileMappingW
GetStartupInfoW
FatalExit
SetFileTime
LockFileEx
_hwrite
SetLastError
VirtualAlloc
UnlockFileEx
SetTapeParameters
lstrcpynA
IsBadCodePtr
RtlZeroMemory
GetNamedPipeHandleStateW
ReadConsoleInputExA
lstrcatW
WriteConsoleInputVDMA

ntdll

ZwQueryOpenSubKeys
ZwShutdownSystem
ZwAllocateUserPhysicalPages
ZwSetEventBoostPriority
ZwQueryTimer
RtlAddAuditAccessObjectAce
RtlAddRefActivationContext
NtOpenThreadTokenEx
RtlInitializeCriticalSection
RtlLargeIntegerShiftRight
NtRaiseHardError
ZwQuerySymbolicLinkObject
RtlCreateAtomTable
ZwCreatePort
ZwIsProcessInJob
ZwAddBootEntry
NtQueryBootOptions
NtNotifyChangeMultipleKeys
RtlGetAce
RtlUnicodeToMultiByteN
RtlGUIDFromString
isalnum
NtRestoreKey
ZwCompareTokens
RtlInitializeBitMap
RtlConvertUiListToApiList
RtlEqualComputerName
LdrDisableThreadCalloutsForDll
RtlAppendPathElement
RtlUnwind
NtSetSystemInformation
NtSetVolumeInformationFile
NtQueryFullAttributesFile
ZwGetWriteWatch

cfgmgr32

CM_Get_Class_Name_ExW
CM_Get_DevNode_Registry_Property_ExA
CM_Get_Class_Key_NameW
CM_Query_Remove_SubTree_Ex
CM_Setup_DevNode_Ex
CM_Get_Device_Interface_ListA
CM_Set_DevNode_Registry_PropertyW
CM_Enumerate_EnumeratorsW
CM_Is_Dock_Station_Present
CM_Enumerate_Enumerators_ExA
CM_Get_Child_Ex
CM_Get_Device_Interface_List_ExW
CMP_Init_Detection
CM_Get_Res_Des_Data_Ex
CM_Detect_Resource_Conflict_Ex
CM_Get_Log_Conf_Priority
CM_Register_Device_Driver_Ex
CM_Intersect_Range_List
CM_Free_Log_Conf_Handle
CM_Get_HW_Prof_FlagsA
CM_Open_DevNode_Key_Ex
CM_Get_Resource_Conflict_DetailsA
CM_Add_Range
CM_Run_Detection
CM_Request_Eject_PC_Ex
CM_Get_Device_ID_ExA
CM_Add_ID_ExW
CM_Add_ID_ExA
CM_Get_Hardware_Profile_InfoW
CM_Free_Log_Conf_Ex
CM_Set_DevNode_Problem_Ex
CM_Disconnect_Machine
CM_Set_HW_Prof
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Device_Interface_ListW
CM_Enumerate_Classes_Ex
CMP_RegisterNotification
CM_Free_Res_Des
CM_Set_DevNode_Registry_Property_ExW
CM_Get_Res_Des_Data
CM_Add_Res_Des

msvcrt

??0bad_typeid@@QAE@PBD@Z
ungetc
swprintf
_wexecvp
__getmainargs
_wctime64
__RTDynamicCast
__lc_codepage
labs
towupper
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_wutime64
__set_app_type
_wcmdln
ldiv
_mbsncpy
strpbrk
log
_wgetenv
exit
_mbscspn
__unguarded_readlc_active
??1exception@@UAE@XZ
_ismbclegal
_wutime
putchar
__p__commode
vwprintf
tmpnam
_ismbcspace
_getmaxstdio
isxdigit
_futime64

user32

EndDialog
MessageBoxA

ifsutil

?Read@SECRUN@@UAEEXZ
??1VOL_LIODPDRV@@UAE@XZ
?GetFirst@TLINK@@QAEPAXXZ
?RemoveEdge@DIGRAPH@@QAEEKK@Z
?Recover@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?Read@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?Add@NUMBER_SET@@QAEEVBIG_INT@@0@Z
?GetNextDataSlot@TLINK@@QAEAAVBIG_INT@@XZ
?GetDrive@SECRUN@@QAEPAVIO_DP_DRIVE@@XZ
?GetAt@MOUNT_POINT_MAP@@QAEEKPAVWSTRING@@0@Z
?Add@NUMBER_SET@@QAEEPBV1@@Z
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0PAVNUMBER_SET@@@Z
?IsFileSystemEnabled@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
??0DP_DRIVE@@QAE@XZ
?EnableVolumeCompression@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@E@Z
?Look@INTSTACK@@QBE?AVBIG_INT@@K@Z
?QueryNtfsSupportInfo@DP_DRIVE@@SGJPAXPAE@Z
?Write@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?QuerySectors@DP_DRIVE@@UBE?AVBIG_INT@@XZ
??1TLINK@@UAE@XZ
?QueryNumber@NUMBER_SET@@QBE?AVBIG_INT@@V2@@Z
?Remove@NUMBER_SET@@QAEEVBIG_INT@@0@Z
?SendSonyMSModeSenseCmd@DP_DRIVE@@QAEEPAUSONY_MS_MODE_SENSE_DATA@@@Z
?Initialize@SECRUN@@QAEEPAVMEM@@PAVIO_DP_DRIVE@@VBIG_INT@@K@Z
?Initialize@CANNED_SECURITY@@QAEEXZ
?QueryParentsWithChildren@DIGRAPH@@QBEEPAVNUMBER_SET@@K@Z
??1NUMBER_SET@@UAE@XZ
?Initialize@LOG_IO_DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EG@Z
?DumpHashTable@SPARSE_SET@@QAEXXZ
?Initialize@TLINK@@QAEEG@Z
?SendSonyMSRequestSenseCmd@DP_DRIVE@@QAEEPAU_SENSE_DATA@@@Z
?SetAutochkTimeOut@VOL_LIODPDRV@@SGEK@Z
?FileSetAttributes@IFS_SYSTEM@@SGEPBVWSTRING@@KPAK@Z
?ShellSort@TLINK@@QAEXXZ
??1MOUNT_POINT_MAP@@UAE@XZ
?ChkDsk@VOL_LIODPDRV@@QAEEW4FIX_LEVEL@@PAVMESSAGE@@KKGPAKPBVWSTRING@@@Z
?DoesIntersectSet@NUMBER_SET@@QBEEVBIG_INT@@0@Z
??1SUPERAREA@@UAE@XZ
?IsThisNtfs@IFS_SYSTEM@@SGEVBIG_INT@@KPAX@Z
?AddVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?AddDriveName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?CheckAndRemove@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?AddNext@NUMBER_SET@@QAEEVBIG_INT@@@Z
?GetData@TLINK@@QAEAAVBIG_INT@@PAX@Z

mpr

WNetGetConnection2W
WNetGetConnection3W
WNetDirectoryNotifyW
WNetGetSearchDialog
WNetGetNetworkInformationW
WNetSupportGlobalEnum
WNetConnectionDialog2
WNetGetResourceInformationW
I_MprSaveConn
WNetLogonNotify
WNetGetResourceInformationA
MultinetGetConnectionPerformanceW
WNetGetHomeDirectoryW
WNetDisconnectDialog1W
WNetGetConnection2A
WNetDisconnectDialog
WNetSetLastErrorA
WNetCloseEnum
WNetAddConnection3A
WNetDirectoryNotifyA
WNetPropertyDialogW
WNetGetConnection3A
WNetFormatNetworkNameW
MultinetGetErrorTextW
WNetClearConnections
WNetGetProviderTypeW
WNetDisconnectDialog2
WNetUseConnectionW
WNetPasswordChangeNotify
WNetGetConnectionA

shell32

SHGetMalloc

Sections

.tixt
Size: 544KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 314KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afa371ed04ae8a54af97033746b1aaea

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

cfgmgr32

msvcrt

user32

ifsutil

mpr

shell32

Sections

.tixt Size: 544KB - Virtual size: 544KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 314KB - Virtual size: 1.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.tixt
Size: 544KB - Virtual size: 544KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 314KB - Virtual size: 1.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B