18bd815654b85fa4ae4e3bcddb252274_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

18bd815654b85fa4ae4e3bcddb252274_JaffaCakes118
Size

874KB
MD5

18bd815654b85fa4ae4e3bcddb252274
SHA1

fc7cc5f9fae197ae71b9b50b969ec9583b260626
SHA256

d3ea82b2df173ac35b923a84ea321b00a52c3d168fe262c3d4b48db45caac93d
SHA512

fcd995e4a050c03f19919cdec10cb4f8590e5bf0e7456837ae50fcc97e207baeafb4ee1e5a4a0e38f69badc3a786d4855d4852997e6c9843abd6223ab5c911c8
SSDEEP

24576:GJZ24c3eIpcQT4wiRJSCFTf6LKsHpfNiwDDednZ0x3Zx6B:GHET5mSuTf6LKsHp05ZyP6B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18bd815654b85fa4ae4e3bcddb252274_JaffaCakes118

Files

18bd815654b85fa4ae4e3bcddb252274_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5b4c112dc32494800fb2444b7704bde5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cfgmgr32

CM_Get_Device_Interface_ListW
CM_Free_Res_Des
CM_Get_Device_Interface_Alias_ExW
CM_Query_Arbitrator_Free_Size
CM_Connect_MachineW
CM_Get_Log_Conf_Priority_Ex
CM_Free_Log_Conf_Ex
CM_Query_Arbitrator_Free_Data
CM_Get_Class_Name_ExA
CM_Locate_DevNodeW
CM_Get_First_Log_Conf
CM_Request_Eject_PC_Ex
CM_Get_Res_Des_Data
CM_Remove_SubTree_Ex
CMP_WaitNoPendingInstallEvents
CM_Set_DevNode_Registry_PropertyA
CM_Get_Device_Interface_Alias_ExA
CM_Open_Class_Key_ExA
CM_Get_Resource_Conflict_Count
CM_Query_Remove_SubTree_Ex
CM_Get_DevNode_Registry_PropertyW
CM_Get_Res_Des_Data_Size
CM_Set_DevNode_Registry_Property_ExA
CM_Set_Class_Registry_PropertyA
CM_Get_Device_Interface_List_ExW
CM_Set_HW_Prof_Flags_ExA
CM_Get_Next_Log_Conf_Ex
CM_Create_DevNode_ExA
CM_Query_Resource_Conflict_List
CM_Get_Device_Interface_ListA
CMP_UnregisterNotification
CM_Get_Next_Res_Des_Ex
CM_Enumerate_EnumeratorsA
CM_Run_Detection
CM_Get_Resource_Conflict_DetailsW
CM_Detect_Resource_Conflict
CM_Create_DevNodeA
CM_Get_Res_Des_Data_Size_Ex
CM_Register_Device_InterfaceA
CM_Get_Device_ID_Size_Ex
CM_Register_Device_Driver_Ex
CM_Delete_DevNode_Key_Ex
CM_Get_Hardware_Profile_Info_ExA

msvcp60

?denorm_min@?$numeric_limits@O@std@@SAOXZ
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?epsilon@?$numeric_limits@H@std@@SAHXZ
?sinh@std@@YA?AV?$complex@N@1@ABV21@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?setf@ios_base@std@@QAEHHH@Z
?cos@?$_Ctr@N@std@@SANN@Z
??4?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?_Ifmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@KAPADPADDH@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??0ostrstream@std@@QAE@PADHH@Z
?close@?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEXXZ
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAG@Z
?do_hash@?$collate@G@std@@MBEJPBG0@Z
?_Doraise@domain_error@std@@MBEXXZ
?_Doraise@runtime_error@std@@MBEXXZ
??X?$_Complex_base@N@std@@QAEAAV01@ABN@Z
??0range_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?pubseekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@JFF@Z
?seekpos@?$basic_filebuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@V32@H@Z
?sin@?$_Ctr@O@std@@SAOO@Z
?_Getcat@?$ctype@G@std@@SAIXZ
??_7?$ctype@D@std@@6B@
?pubimbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??_F?$moneypunct@G$0A@@std@@QAEXXZ
?epsilon@?$numeric_limits@_N@std@@SA_NXZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ
?to_int_type@?$char_traits@D@std@@SAHABD@Z
??0?$_Mpunct@G@std@@QAE@I_N@Z
_LXbig
?is@?$ctype@G@std@@QBE_NFG@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?pow@std@@YA?AV?$complex@M@1@ABMABV21@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_N@Z

d3d8thk

OsThunkDdSetColorKey
OsThunkDdDestroyMoComp
OsThunkDdLock
OsThunkDdGetDxHandle
OsThunkDdSetExclusiveMode
OsThunkDdAlphaBlt
OsThunkDdCreateD3DBuffer
OsThunkDdLockD3D
OsThunkDdBeginMoCompFrame
OsThunkDdGetScanLine
OsThunkDdReleaseDC
OsThunkDdResetVisrgn
OsThunkDdGetBltStatus
OsThunkDdWaitForVerticalBlank
OsThunkDdUnattachSurface
OsThunkDdCreateSurfaceEx
OsThunkDdCanCreateD3DBuffer
OsThunkDdQueryDirectDrawObject
OsThunkDdEndMoCompFrame
OsThunkDdCreateMoComp
OsThunkDdCreateSurfaceObject
OsThunkDdCreateDirectDrawObject
OsThunkDdUnlockD3D
OsThunkD3dValidateTextureStageState
OsThunkDdFlipToGDISurface
OsThunkDdSetGammaRamp
OsThunkD3dContextDestroy
OsThunkDdCanCreateSurface
OsThunkDdDeleteDirectDrawObject
OsThunkDdBlt
OsThunkDdGetAvailDriverMemory
OsThunkDdUnlock
OsThunkDdCreateSurface
OsThunkDdGetMoCompBuffInfo
OsThunkDdUpdateOverlay

untfs

?InsertEntry@NTFS_INDEX_TREE@@QAEEKPAXU_MFT_SEGMENT_REFERENCE@@E@Z
?GetNextAttributeListEntry@NTFS_ATTRIBUTE_LIST@@QBEPBU_ATTRIBUTE_LIST_ENTRY@@PBU2@@Z
??0NTFS_INDEX_TREE@@QAE@XZ
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MFT_FILE@@@Z
?InsertIntoFile@NTFS_ATTRIBUTE@@UAEEPAVNTFS_FILE_RECORD_SEGMENT@@PAVNTFS_BITMAP@@@Z
?QueryExtentList@NTFS_ATTRIBUTE_RECORD@@QBEEPAVNTFS_EXTENT_LIST@@@Z
?Relocate@NTFS_CLUSTER_RUN@@QAEXVBIG_INT@@@Z
?Initialize@NTFS_BAD_CLUSTER_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?IsDosName@NTFS_SA@@SGEPBU_FILE_NAME@@@Z
??1NTFS_BITMAP_FILE@@UAE@XZ
?Read@NTFS_FRS_STRUCTURE@@UAEEXZ
?Initialize@NTFS_LOG_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Write@NTFS_ATTRIBUTE@@UAEEPBXVBIG_INT@@KPAKPAVNTFS_BITMAP@@@Z
?CreateDataAttribute@NTFS_LOG_FILE@@QAEEVBIG_INT@@KPAVNTFS_BITMAP@@@Z
??0NTFS_BAD_CLUSTER_FILE@@QAE@XZ
??0NTFS_BOOT_FILE@@QAE@XZ
?NtfsUpcaseCompare@@YGJPBGK0KPBVNTFS_UPCASE_TABLE@@E@Z
?QueryVolumeFlagsAndLabel@NTFS_SA@@QAEGPAE00PAVWSTRING@@@Z
?Initialize@NTFS_BITMAP@@QAEEVBIG_INT@@EPAVLOG_IO_DP_DRIVE@@K@Z
?Initialize@NTFS_ATTRIBUTE@@QAEEPAVLOG_IO_DP_DRIVE@@KPBXKKPBVWSTRING@@G@Z
??0NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAE@XZ
?ReadNext@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
??1NTFS_UPCASE_TABLE@@UAE@XZ
??0NTFS_FILE_RECORD_SEGMENT@@QAE@XZ
Extend
?Read@NTFS_SA@@QAEEPAVMESSAGE@@@Z
?QueryNumberOfExtents@NTFS_EXTENT_LIST@@QBEKXZ
Format
?QuerySegmentReference@NTFS_MFT_INFO@@SG?AU_MFT_SEGMENT_REFERENCE@@PAX@Z
?Initialize@NTFS_MFT_INFO@@QAEEVBIG_INT@@PAVNTFS_UPCASE_TABLE@@EE_K@Z
?Initialize@NTFS_UPCASE_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?AllocateFileRecordSegment@NTFS_MASTER_FILE_TABLE@@QAEEPAVBIG_INT@@E@Z
?AddExtent@NTFS_EXTENT_LIST@@QAEEVBIG_INT@@00@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MASTER_FILE_TABLE@@@Z
Chkdsk
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEXZ
??1NTFS_EXTENT_LIST@@UAE@XZ
ChkdskEx
?Write@NTFS_FRS_STRUCTURE@@QAEEXZ
?QueryAttributeList@NTFS_FRS_STRUCTURE@@QAEEPAVNTFS_ATTRIBUTE_LIST@@@Z

wsock32

NPLoadNameSpaces
EnumProtocolsA
inet_network
GetServiceA
sethostname
WSAAsyncGetServByName
gethostname
getnetbyname
GetNameByTypeA
rexec
WSAAsyncGetServByPort
WSAAsyncSelect
send
WSACancelBlockingCall
htonl
recvfrom
closesocket
WSACancelAsyncRequest
WSAStartup
ntohl
WSAGetLastError
ioctlsocket
WSAAsyncGetHostByAddr
AcceptEx
connect
shutdown
GetAcceptExSockaddrs
accept

ntdsapi

DsFreeSpnArrayW
DsGetSpnA
DsFreeDomainControllerInfoA
DsInheritSecurityIdentityA
DsCrackNamesW
DsListSitesA
DsReplicaModifyW
DsReplicaSyncA
DsCrackUnquotedMangledRdnW
DsBindWithCredW
DsReplicaVerifyObjectsA
DsRemoveDsServerW
DsBindW
DsQuoteRdnValueW
DsGetSpnW
DsBindWithSpnW
DsUnBindW
DsUnBindA
DsaopBindWithSpn
DsReplicaGetInfoW
DsRemoveDsDomainA
DsWriteAccountSpnW
DsIsMangledDnW
DsaopPrepareScript
DsFreeSpnArrayA
DsUnquoteRdnValueW
DsIsMangledRdnValueA
DsListInfoForServerW
DsIsMangledDnA
DsCrackSpn2W
DsCrackSpn3W
DsServerRegisterSpnW
DsCrackUnquotedMangledRdnA
DsIsMangledRdnValueW
DsReplicaUpdateRefsA
DsGetRdnW
DsRemoveDsDomainW
DsCrackSpnW

kernel32

LeaveCriticalSection
DuplicateHandle
GetDiskFreeSpaceExA
GetCompressedFileSizeA
EnterCriticalSection
WriteConsoleInputA
GetFileAttributesExW
SetLocalPrimaryComputerNameW
PeekNamedPipe
GetCommandLineW
GetPrivateProfileSectionA
SetConsoleTitleA
GetUserDefaultLCID
BaseCleanupAppcompatCacheSupport
BeginUpdateResourceW
WriteConsoleInputW
GetSystemDefaultLCID
RemoveDirectoryA
WriteTapemark
SetLocalTime
DebugSetProcessKillOnExit
CloseConsoleHandle
CopyFileExA
VirtualAlloc
ReadDirectoryChangesW
AreFileApisANSI
SetCurrentDirectoryA
GetVersion
IsValidCodePage
GetDateFormatA
ScrollConsoleScreenBufferW
IsValidLocale
IsDebuggerPresent
GetConsoleSelectionInfo
LoadLibraryA
CloseHandle
ResetWriteWatch

lz32

GetExpandedNameA
LZSeek
LZStart
CopyLZFile
LZOpenFileW
LZInit
LZOpenFileA
LZClose
LZDone
LZCloseFile
LZRead
LZCopy
LZCreateFileW

Sections

.text
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 428KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b4c112dc32494800fb2444b7704bde5

Headers

DLL Characteristics

File Characteristics

Imports

cfgmgr32

msvcp60

d3d8thk

untfs

wsock32

ntdsapi

kernel32

lz32

Sections

.text Size: 211KB - Virtual size: 211KB

.rdata Size: 231KB - Virtual size: 231KB

.data Size: 428KB - Virtual size: 1.8MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 211KB - Virtual size: 211KB

.rdata
Size: 231KB - Virtual size: 231KB

.data
Size: 428KB - Virtual size: 1.8MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB