185776414c6da09abf7d1058584f6925_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

185776414c6da09abf7d1058584f6925_JaffaCakes118
Size

468KB
MD5

185776414c6da09abf7d1058584f6925
SHA1

601877a24694a655e0c590004206cc2a526decdb
SHA256

2f86d7d5a0851b2e595dc4253d3c50515f9cb95025904deda06345e706940da2
SHA512

2bc8e58b03c16892390c9216c83effcd731dc08e05a14e2a7968ab3ab77c52ff3f20c24a706d7df8b7f1de118aa403151df605264f54fbac1bd51eb3447045da
SSDEEP

6144:O+iJ3y9ZlTuIS7jT4Iat6mPkN+9Vs5RHiJF00l/jd5CwIW/ROy3p/G0gEGR0AQ:OxJ30Z1SHet669vJFJXC4/hI0K5Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
185776414c6da09abf7d1058584f6925_JaffaCakes118

Files

185776414c6da09abf7d1058584f6925_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b6d4cc8ca75091a4f0ecc7bba1946342

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

duser

GetStdPalette
DUserPostMethod
GetGadgetTicket
PeekMessageExA
AttachWndProcW
DUserCastHandle
GetGadgetAnimation
UtilDrawBlendRect
WaitMessageEx
GetStdColorBrushI
InitGadgetComponent
GetGadgetScale
DrawGadgetTree
RemoveGadgetProperty
SetGadgetFocus
GetGadgetMessageFilter
SetGadgetRotation
DUserRegisterStub
GetGadgetProperty
RegisterGadgetProperty
RegisterGadgetMessageString
GetGadgetSize
DUserFindClass
GetGadgetRect
RemoveGadgetMessageHandler
GetGadgetRotation
DetachWndProc
FindGadgetMessages
GetStdColorName
GetGadgetRgn
BuildAnimation
DUserGetScalePRID
DUserGetAlphaPRID

kernel32

VirtualAlloc
GetFullPathNameW
LocalAlloc
SetFileApisToANSI
LoadLibraryA
HeapCreate
FillConsoleOutputAttribute
InterlockedFlushSList
UpdateResourceA
SetStdHandle
GetFileSize
ActivateActCtx
GlobalHandle
WriteProfileStringW
SetThreadContext
DuplicateHandle
LoadModule
SetThreadExecutionState
GetCalendarInfoW
SetFileApisToOEM
GetEnvironmentVariableA
GetPrivateProfileStringA
IsValidLocale
UnregisterConsoleIME
VirtualQuery
SetTapePosition
GetCompressedFileSizeA
CreateFileMappingW
GetSystemTimeAsFileTime
VirtualProtectEx

gdi32

EngMultiByteToUnicodeN
StretchBlt
GdiEntry12
GetTextFaceA
SetBitmapBits
GdiReleaseLocalDC
GetBitmapDimensionEx
CreateScalableFontResourceA
SetWinMetaFileBits
GetPixel
GetFontLanguageInfo
GetCharABCWidthsA
BRUSHOBJ_pvAllocRbrush
StrokeAndFillPath
GdiEntry14
DdEntry11
GdiProcessSetup
ExcludeClipRect
EnumObjects
GdiEntry4
GetGraphicsMode
OffsetClipRgn
DdEntry44
RestoreDC
GdiConvertBrush
HT_Get8BPPMaskPalette
AddFontResourceExA
BRUSHOBJ_hGetColorTransform
CreatePalette
Pie
Arc
GetRandomRgn
SetICMProfileA
EngQueryLocalTime

ufat

??1REAL_FAT_SA@@UAE@XZ
?Read@REAL_FAT_SA@@UAEEPAVMESSAGE@@@Z
?QueryFreeSectors@REAL_FAT_SA@@QBEKXZ
??0FAT_DIRENT@@QAE@XZ
?Write@CLUSTER_CHAIN@@UAEEXZ
??1EA_SET@@UAE@XZ
?QueryNthCluster@FAT@@QBEKKK@Z
?QueryCensusAndRelocate@FAT_SA@@QAEEPAU_CENSUS_REPORT@@PAVINTSTACK@@PAE@Z
?QueryCreationTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
??1FAT_SA@@UAE@XZ
??1FAT_DIRENT@@UAE@XZ
Format
Chkdsk
?QueryLastWriteTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?IsValidLastWriteTime@FAT_DIRENT@@QBEEXZ
??1FILEDIR@@UAE@XZ
??1EA_HEADER@@UAE@XZ
?Index12@FAT@@ABEKK@Z
??0EA_HEADER@@QAE@XZ
?QueryName@FAT_DIRENT@@QBEEPAVWSTRING@@@Z
?QueryLastAccessTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?AllocChain@FAT@@QAEKKPAK@Z
?Set12@FAT@@AAEXKK@Z
??0FAT_SA@@QAE@XZ
?GetEa@EA_SET@@QAEPAU_EA@@KPAJPAE@Z
?Initialize@FAT_DIRENT@@QAEEPAX@Z
?QueryLengthOfChain@FAT@@QBEKKPAK@Z
?Initialize@CLUSTER_CHAIN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?Initialize@FAT_DIRENT@@QAEEPAXE@Z
??0EA_SET@@QAE@XZ
?Read@EA_SET@@UAEEXZ

ifsutil

?CheckAndAdd@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?Initialize@CANNED_SECURITY@@QAEEXZ
?QueryMemberCount@TLINK@@QBEGXZ
?CheckAndRemove@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?InvalidateVolume@IO_DP_DRIVE@@QAEEXZ
?GetData@TLINK@@QAEAAVBIG_INT@@PAX@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?AddNext@NUMBER_SET@@QAEEVBIG_INT@@@Z
?Initialize@VOL_LIODPDRV@@IAEEPBVWSTRING@@0PAVSUPERAREA@@PAVMESSAGE@@E@Z
?QueryNtfsVersion@IFS_SYSTEM@@SGEPAE0PAVLOG_IO_DP_DRIVE@@PAX@Z
?Remove@NUMBER_SET@@QAEEPBV1@@Z
?Write@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?Write@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?GetMessageW@SUPERAREA@@QAEPAVMESSAGE@@XZ
?GetSortedFirst@TLINK@@QAEPAXXZ
?Look@INTSTACK@@QBE?AVBIG_INT@@K@Z
??0LOG_IO_DP_DRIVE@@QAE@XZ
??0MOUNT_POINT_TUPLE@@QAE@XZ
?EnableFileSystem@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?QueryDisjointRange@NUMBER_SET@@QBEXKPAVBIG_INT@@0@Z
?QueryRecommendedMediaType@DP_DRIVE@@QBE?AW4_MEDIA_TYPE@@XZ
?SendSonyMSTestUnitReadyCmd@DP_DRIVE@@QAEEPAU_SENSE_DATA@@@Z
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@0@Z
?Initialize@LOG_IO_DP_DRIVE@@QAEEPBVWSTRING@@0PAVMESSAGE@@E@Z
?CheckValidSecurityDescriptor@IFS_SYSTEM@@SGEKPAU_SECURITY_DESCRIPTOR@@@Z
??0DP_DRIVE@@QAE@XZ
?AddEdge@DIGRAPH@@QAEEKK@Z
?PushEntry@AUTOREG@@SGEPBVWSTRING@@@Z
?GetMessageW@IO_DP_DRIVE@@QAEPAVMESSAGE@@XZ
?QueryPageSize@IFS_SYSTEM@@SGKXZ
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0PAVNUMBER_SET@@@Z
??0SECRUN@@QAE@XZ
?Add@NUMBER_SET@@QAEEVBIG_INT@@@Z
?QueryContainingRange@NUMBER_SET@@QBEEVBIG_INT@@PAV2@1@Z
??1NUMBER_SET@@UAE@XZ
?QueryChildren@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?QueryFreeDiskSpace@IFS_SYSTEM@@SGEPBVWSTRING@@PAVBIG_INT@@@Z
??0READ_WRITE_CACHE@@QAE@XZ
?QueryAutochkTimeOut@VOL_LIODPDRV@@SGEPAK@Z
?CheckAndRemove@SPARSE_SET@@QAEEVBIG_INT@@PAE@Z
?GetNextDataSlot@TLINK@@QAEAAVBIG_INT@@XZ
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@E@Z
?Initialize@SPARSE_SET@@QAEEXZ
?Add@NUMBER_SET@@QAEEVBIG_INT@@0@Z

advapi32

SystemFunction035
SystemFunction001
LsaGetQuotasForAccount
SetSecurityDescriptorControl
AddAce
GetSecurityDescriptorLength
CryptDuplicateKey
GetTrusteeNameA
AdjustTokenGroups
CredProfileLoaded
LookupAccountSidW
QueryServiceConfig2W
CryptAcquireContextW
LookupPrivilegeValueW
ReportEventA
CreateProcessAsUserW
MD4Update
WmiQuerySingleInstanceA
OpenServiceA
CredpDecodeCredential
GetSecurityDescriptorGroup
BuildImpersonateExplicitAccessWithNameW
ElfReadEventLogA
CryptVerifySignatureA
RevertToSelf
CredMarshalCredentialW
CredWriteA
MapGenericMask
ConvertStringSidToSidA
TreeResetNamedSecurityInfoW
ElfCloseEventLog
SystemFunction013
GetTrusteeFormW
SystemFunction018
MakeSelfRelativeSD

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6d4cc8ca75091a4f0ecc7bba1946342

Headers

File Characteristics

Imports

duser

kernel32

gdi32

ufat

ifsutil

advapi32

Sections

.text Size: 178KB - Virtual size: 178KB

.rdata Size: 163KB - Virtual size: 163KB

.data Size: 1024B - Virtual size: 481KB

.rsrc Size: 124KB - Virtual size: 124KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 178KB - Virtual size: 178KB

.rdata
Size: 163KB - Virtual size: 163KB

.data
Size: 1024B - Virtual size: 481KB

.rsrc
Size: 124KB - Virtual size: 124KB

.reloc
Size: 1024B - Virtual size: 1024B