161a289c1ecc41a6f92c09b446cb5ba0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

161a289c1ecc41a6f92c09b446cb5ba0_JaffaCakes118
Size

824KB
MD5

161a289c1ecc41a6f92c09b446cb5ba0
SHA1

a84048dece23bc53d6d1bd4e4b3f3b3467999ab3
SHA256

b9e07f42b845394c810065d40046b7df157f4b19ddbc0366737a1f0eb7645373
SHA512

72f9c98cae7610e5bac72d1d7238d7387b7b29d368d2a308458a02589beb3461df6edb3a30fcc7cbe6dbca23673d3a9de2fb3618f88b4c9f7c096251f181e8a3
SSDEEP

24576:nAPEjRyJxnWK5HFMoqSjMTLbqvXxdL1y:APEloPtjebqfxdL1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
161a289c1ecc41a6f92c09b446cb5ba0_JaffaCakes118

Files

161a289c1ecc41a6f92c09b446cb5ba0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9816bed7b190b4aa65d725ce4607aaca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

activeds

PropVariantToAdsType
ReallocADsMem
AdsTypeToPropVariant
PropVariantToAdsType2
AdsFreeAdsValues
ReallocADsStr
ADsFreeEnumerator
ADsDecodeBinaryData
AdsTypeToPropVariant2
ADsSetLastError
ADsGetLastError
ConvertSecDescriptorToVariant
ADsBuildEnumerator
ADsBuildVarArrayStr
DllCanUnloadNow
FreeADsMem
FreeADsStr
AllocADsMem
ConvertSecurityDescriptorToSecDes
SecurityDescriptorToBinarySD
BinarySDToSecurityDescriptor
DllGetClassObject
ADsOpenObject
ADsEnumerateNext
ADsEncodeBinaryData
AllocADsStr
ADsBuildVarArrayInt
ADsGetObject

kernel32

TerminateProcess
HeapValidate
GetProcessTimes
WinExec
UnregisterWaitEx
PrivCopyFileExW
LoadLibraryA
GetTapePosition
GetSystemTime
WriteConsoleOutputAttribute
VDMOperationStarted
FindNextVolumeMountPointW
GetDiskFreeSpaceA
GlobalMemoryStatusEx
Module32FirstW
GetThreadTimes
BuildCommDCBAndTimeoutsA
OpenEventA
InterlockedExchangeAdd
FindNextChangeNotification
LocalFileTimeToFileTime
HeapReAlloc
GetNextVDMCommand
VerLanguageNameA
FatalExit
SetConsoleNumberOfCommandsW
EnumCalendarInfoW
GetLogicalDriveStringsA
SetFileShortNameA
GetVolumePathNameW
SleepEx
ZombifyActCtx
GetFileSizeEx
ShowConsoleCursor
ExitProcess
CreateMemoryResourceNotification
PeekNamedPipe
DisconnectNamedPipe
FindNextVolumeW
SetFirmwareEnvironmentVariableW
LZDone
SignalObjectAndWait
GetConsoleMode
VerifyVersionInfoW
CreateFileMappingA
LockFile
SwitchToFiber
InterlockedDecrement
GetConsoleCommandHistoryA
GetConsoleAliasA
GetVolumeNameForVolumeMountPointA
GetVolumeInformationA
SetCommConfig
VirtualAlloc
EndUpdateResourceA
FindFirstVolumeMountPointA
UnmapViewOfFile
GetOverlappedResult
MoveFileWithProgressA
LZRead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
BackupSeek
WriteFile
ReadConsoleOutputW
lstrcatW
BeginUpdateResourceA
_llseek
BaseUpdateAppcompatCache
SetComPlusPackageInstallStatus
SetFilePointerEx
EnumCalendarInfoA
SetConsoleOS2OemFormat
FindNextVolumeA
TlsAlloc
GetConsoleAliasesLengthW
AddConsoleAliasW
GetCurrentDirectoryW
OutputDebugStringA

advapi32

GetCurrentHwProfileA
EnumDependentServicesW
CloseEventLog
AccessCheckByTypeResultList
SetTokenInformation
OpenBackupEventLogW
SystemFunction010
SaferiSearchMatchingHashRules
EnumServicesStatusExA
EnumServiceGroupW
WmiQuerySingleInstanceA
AbortSystemShutdownW
MD5Init
CredGetSessionTypes
WmiFreeBuffer
RegOpenKeyExW
RegEnumKeyW
IsTokenUntrusted
OpenEncryptedFileRawA
CheckTokenMembership
RegUnLoadKeyA
GetOverlappedAccessResults
TraceMessageVa
StartServiceA
LsaSetSystemAccessAccount
LsaLookupPrivilegeDisplayName
GetTraceEnableLevel
QueryServiceConfig2W
SaferiIsExecutableFileType
StartTraceW
GetInheritanceSourceA
SystemFunction029
WmiMofEnumerateResourcesA
ConvertSecurityDescriptorToAccessA
DestroyPrivateObjectSecurity
GetTrusteeTypeA
RegOpenUserClassesRoot
GetInformationCodeAuthzPolicyW
BuildImpersonateExplicitAccessWithNameW
OpenBackupEventLogA
SaferiChangeRegistryScope
SystemFunction012

setupapi

pSetupStringTableAddStringEx
SetupInstallFileExA
SetupGetLineCountA
SetupDiCreateDeviceInterfaceA
SetupPrepareQueueForRestoreA
SetupDiRegisterCoDeviceInstallers
CM_Reenumerate_DevNode
CM_Request_Eject_PC
CM_Get_Class_Key_Name_ExW
SetupDiMoveDuplicateDevice
CM_Get_Version
pSetupVerifyQueuedCatalogs
CM_Modify_Res_Des_Ex
SetupGetSourceInfoA
CM_Set_DevNode_Registry_PropertyW
SetupGetIntField
CM_Query_Arbitrator_Free_Data_Ex
SetupDiSelectBestCompatDrv
SetupScanFileQueueA
SetupDiGetClassDevsExA
SetupDiSetDeviceInterfaceDefault
CM_First_Range
SetupDiGetDeviceInfoListDetailW
SetupDiDrawMiniIcon
SetupDiGetDeviceRegistryPropertyW
SetupDiClassNameFromGuidA
SetupQuerySpaceRequiredOnDriveW
SetupQueueCopyIndirectW
CMP_GetServerSideDeviceInstallFlags
SetupDiOpenDeviceInfoA
SetupDiGetDeviceInfoListClass
CM_Get_Device_ID_ListW
SetupDiGetINFClassA

inetcomm

CreateIMAPTransport
MimeOleSetPropW
MimeOleGetDefaultCharset
EssKeyExchPreferenceEncodeEx
MimeOleSetCompatMode
EssMLHistoryDecodeEx
EssSecurityLabelDecodeEx
MimeOleGetPropW
DllCanUnloadNow
MimeOleEncodeHeader
MimeOleUnEscapeStringInPlace
HrDoAttachmentVerb
HrGetAttachIconByFile
MimeOleSMimeCapAddSMimeCap
EssContentHintDecodeEx
MimeOleFileTimeToInetDate
MimeOleObjectFromMoniker
MimeOleGenerateFileName
MimeOleGetFileExtension
MimeOleCreatePropertySet
HrGetDisplayNameWithSizeForFile
EssMLHistoryEncodeEx
MimeOleAlgStrengthFromSMimeCap
MimeOleParseMhtmlUrl
GetDllMajorVersion
MimeOleGetFileInfo
EssSignCertificateEncodeEx
MimeOleGetCodePageCharset
MimeOleGetInternat
MimeOleFindCharset
MimeOleParseRfc822Address
MimeOleAlgNameFromSMimeCap
MimeOleGetPropA
MimeEditDocumentFromStream
MimeOleGetCodePageInfo
MimeOleInetDateToFileTime
MimeOleCreateSecurity
CreateSMTPTransport
MimeOleDecodeHeader
MimeOleGetBodyPropA
DllGetClassObject
MimeOleSetDefaultCharset

ntdll

RtlSetAttributesSecurityDescriptor
ZwReadFileScatter
NtVdmControl
NtOpenEvent
ZwTranslateFilePath
isprint
NtPrivilegedServiceAuditAlarm
RtlUpcaseUnicodeChar
RtlAbortRXact
NtRequestWaitReplyPort
NtReplyPort
RtlExitUserThread
RtlFindSetBits
NtCreateKey
_allrem
ZwModifyBootEntry
RtlConvertToAutoInheritSecurityObject
ZwSetInformationProcess
RtlNewInstanceSecurityObject
RtlNumberOfSetBits
_aulldvrm
RtlEqualComputerName
ZwSetInformationObject
RtlSetTimer
RtlPrefixString
_memccpy
ZwGetPlugPlayEvent
ZwSetInformationFile
RtlDeleteAtomFromAtomTable
DbgUiSetThreadDebugObject

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 612KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9816bed7b190b4aa65d725ce4607aaca

Headers

DLL Characteristics

File Characteristics

Imports

activeds

kernel32

advapi32

setupapi

inetcomm

ntdll

Sections

.text Size: 85KB - Virtual size: 85KB

.rdata Size: 118KB - Virtual size: 118KB

.data Size: 612KB - Virtual size: 1.9MB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 396B

.text
Size: 85KB - Virtual size: 85KB

.rdata
Size: 118KB - Virtual size: 118KB

.data
Size: 612KB - Virtual size: 1.9MB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 396B