1558ad9c359fd23d599b6639be6ff279_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1558ad9c359fd23d599b6639be6ff279_JaffaCakes118
Size

862KB
MD5

1558ad9c359fd23d599b6639be6ff279
SHA1

c63f3d1023f81f31b5afff8b591ab699afc0a1d5
SHA256

3138c8d1f5f2c3d990b025bf68ae35fdc5634184d50b3bbff005d01218011672
SHA512

6a00b57dfaebfe675582e782a9f81319757020030b70f4527ed0aa9d39e2afc59eaebc2661b6be1402c84a2a468fd2f754c2d279eb1ef589292038056d7d19f8
SSDEEP

24576:ydXGdo51lmsw7umJuz7//FsDX9AvvzllsL/Ds:kXualmsw7P6//FsDuHq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1558ad9c359fd23d599b6639be6ff279_JaffaCakes118

Files

1558ad9c359fd23d599b6639be6ff279_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a4882e83080a68ef061c0e6a495b9945

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlDllShutdownInProgress
RtlEqualString
RtlClearBits
RtlDeleteTimerQueue
strpbrk
NtRaiseHardError
ZwMapViewOfSection
NtSaveKey
ZwRequestWaitReplyPort
swprintf
RtlCreateAndSetSD
NtCreatePort
RtlVerifyVersionInfo
RtlDeleteSecurityObject
NtFlushKey
ZwCreateSymbolicLinkObject
ZwQueryMultipleValueKey
ZwFsControlFile
RtlGenerate8dot3Name
RtlAllocateAndInitializeSid
RtlDosSearchPath_Ustr
NtCreateKeyedEvent
ZwSetSystemPowerState
RtlUpperChar
RtlStartRXact
RtlLockHeap
RtlGetFrame
ZwCreateFile
ZwConnectPort
NtSetLdtEntries
isupper
RtlApplicationVerifierStop
ZwPowerInformation
NtLockProductActivationKeys
NtCreateJobSet
DbgQueryDebugFilterState
RtlDeleteRegistryValue
ZwGetDevicePowerState
NtProtectVirtualMemory
RtlFindLeastSignificantBit

rasapi32

RasAutoDialSharedConnection
RasEditPhonebookEntryW
RasSetCredentialsA
RasGetConnectStatusA
RasFreeEapUserIdentityA
RasGetConnectionStatistics
RasGetProjectionInfoW
RasEditPhonebookEntryA
RasGetEapUserDataW
RasGetConnectStatusW
RasDialW
DwEnumEntryDetails
RasSetEntryPropertiesW
RasConnectionNotificationW
RasIsSharedConnection
RasSetEapUserDataA
RasScriptGetIpAddress
RasSetSharedAutoDial
RasHangUpA
RasGetHport
RasEnumDevicesA
RasGetAutodialEnableW
RasSetAutodialEnableA
RasAutodialEntryToNetwork
RasGetEntryPropertiesW
RasGetErrorStringA
RasGetEntryPropertiesA
DwCloneEntry
RasAutodialAddressToNetwork
RasSetAutodialAddressW
RasQueryRedialOnLinkFailure
RasSetEntryPropertiesA
RasDeleteSubEntryA
RasGetCredentialsW
RasGetEapUserIdentityW

kernel32

DnsHostnameToComputerNameW
FillConsoleOutputCharacterA
LZInit
SetTapeParameters
GetThreadSelectorEntry
WriteFile
GlobalFindAtomA
IsWow64Process
lstrcmpiW
CreatePipe
GetSystemTimeAsFileTime
SetConsoleTitleA
SetTermsrvAppInstallMode
GetConsoleCP
GetProfileSectionW
GetCurrentThread
ReadConsoleW
CreateProcessInternalW
LocalUnlock
SetProcessPriorityBoost
SetConsoleNumberOfCommandsW
LoadLibraryA
LZStart
CreateHardLinkW
BackupWrite
CreateActCtxA
VirtualProtectEx
CreateThread
FatalAppExitW
VirtualAlloc
SetThreadContext
GetCurrentDirectoryW
EnumLanguageGroupLocalesW
GetProcessVersion
GetConsoleTitleA
SignalObjectAndWait
GetConsoleCursorInfo

msi

MsiRecordSetStreamA
MsiGetFeatureUsageA
MsiPreviewBillboardW
MsiGetProductInfoA
MsiEvaluateConditionW
MsiAdvertiseProductA
MsiDatabaseGetPrimaryKeysW
MsiEnumComponentCostsW
MsiRecordGetStringW
MsiViewFetch
MsiDeleteUserDataW
MsiVerifyPackageW
MsiNotifySidChangeA
MsiOpenDatabaseW
MsiRecordGetFieldCount
MsiOpenPackageExW
MsiSourceListClearAllW
MsiGetSourcePathW
MsiSummaryInfoGetPropertyA
MsiOpenProductW
MsiDatabaseIsTablePersistentW
MsiUseFeatureExA
MsiSetFeatureAttributesW
MsiGetMode
MsiOpenPackageA
MsiGetTargetPathW
MsiSourceListClearAllA
MsiConfigureFeatureFromDescriptorA
MsiDatabaseMergeW
MsiSetInternalUI
MsiInstallMissingComponentA
MsiEnumComponentQualifiersA
MsiReinstallProductW
MsiDatabaseCommit

usp10

ScriptStringOut
ScriptStringFree
ScriptString_pSize
ScriptApplyLogicalWidth
ScriptTextOut
ScriptStringCPtoX
UspFreeMem
ScriptBreak
ScriptShape
UspAllocTemp
ScriptJustify
ScriptStringXtoCP
ScriptGetGlyphABCWidth
ScriptStringAnalyse
ScriptGetLogicalWidths
ScriptLayout
LpkPresent
ScriptCacheGetHeight
ScriptGetProperties
ScriptItemize
ScriptStringGetLogicalWidths
ScriptFreeCache
ScriptApplyDigitSubstitution
ScriptGetCMap
ScriptStringValidate
ScriptString_pLogAttr
ScriptRecordDigitSubstitution
ScriptStringGetOrder
ScriptString_pcOutChars
ScriptCPtoX
ScriptPlace
ScriptGetFontProperties
ScriptIsComplex
ScriptXtoCP
UspAllocCache

regapi

RegPdDeleteW
WaitForTSConnectionsPolicyChanges
RegGetMachinePolicyEx
RegDefaultUserConfigQueryA
RegIsMachinePolicyAllowHelp
RegPdDeleteA
RegWinStationDeleteW
RegPdEnumerateA
RegUserConfigQuery
RegCdCreateA
RegOpenServerA
RegPdEnumerateW
RegWinStationQueryValueW
RegWinStationQueryDefaultSecurity
RegWinStationCreateA
RegWinStationCreateW
RegQueryUtilityCommandList
RegMergeUserConfigWithUserParameters
RegQueryOEMId
RegWinStationDeleteA
RegIsTServer
RegGetMachinePolicy
RegBuildNumberQuery
RegWinStationQuerySecurityW
RegWinStationAccessCheck
RegFreeUtilityCommandList
RegGetUserPolicy
RegWinStationSetNumValueW
RegPdCreateA

setupapi

CM_Request_Device_Eject_ExW
CM_Free_Range_List
SetupDiInstallClassA
SetupTermDefaultQueueCallback
SetupInstallFileExW
SetupDiOpenDeviceInfoW
SetupDiInstallDeviceInterfaces
SetupLogFileA
SetupCopyOEMInfA
SetupQueueCopyW
SetupDiGetClassDevsW
SetupQuerySpaceRequiredOnDriveW
pSetupUnmapAndCloseFile
SetupCopyOEMInfW
CM_Get_Device_ID_List_SizeW
SetupDiGetActualSectionToInstallExW
CM_Enable_DevNode
SetupCloseFileQueue
SetupGetInfFileListW
CM_Connect_MachineW
SetupFindNextLine
CM_Query_And_Remove_SubTreeA
SetupRemoveFromSourceListA
pSetupShouldDeviceBeExcluded
SetupAddInstallSectionToDiskSpaceListW
CM_Get_Global_State_Ex

Sections

.text
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4882e83080a68ef061c0e6a495b9945

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

rasapi32

kernel32

msi

usp10

regapi

setupapi

Sections

.text Size: 358KB - Virtual size: 358KB

.rdata Size: 336KB - Virtual size: 336KB

.data Size: 165KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 358KB - Virtual size: 358KB

.rdata
Size: 336KB - Virtual size: 336KB

.data
Size: 165KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B