1b78989e45239d508293f45e3c57815d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1b78989e45239d508293f45e3c57815d_JaffaCakes118
Size

869KB
MD5

1b78989e45239d508293f45e3c57815d
SHA1

b26afc5fd6636c58af414fd2f4c080177d687fe6
SHA256

1f4850ba1d0ce16e2d5ccd211a5bdb947b2b6d6c7f810e5033c93eccdd14e46b
SHA512

e38f2fb4138abc8572289b1182c94292ee9985e76f1f6ce5e5649ed212b6a0de500e19c5c66ac2d4f580040da1a7c7e1cf26c81241f6311dd5a96b2a9f183b3a
SSDEEP

24576:lyKnI4WHI+fC4FytCkMtPWX4p1Dx4ZIOeLi1zGKSAK:0KnarKJMtP6e4SEK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b78989e45239d508293f45e3c57815d_JaffaCakes118

Files

1b78989e45239d508293f45e3c57815d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cf6e8f09bb897f7d3c32ddc255514cbb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ifsutil

??0INTSTACK@@QAE@XZ
?Initialize@INTSTACK@@QAEEXZ
?Initialize@NUMBER_SET@@QAEEXZ
?IsATformat@DP_DRIVE@@QBEEXZ
?QueryContainingRange@NUMBER_SET@@QBEEVBIG_INT@@PAV2@1@Z
?GetDrive@SUPERAREA@@QAEPAVIO_DP_DRIVE@@XZ
?ChkDsk@VOL_LIODPDRV@@QAEEW4FIX_LEVEL@@PAVMESSAGE@@KKGPAKPBVWSTRING@@@Z
?Read@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?RemoveAll@SPARSE_SET@@QAEEXZ
?PushEntry@AUTOREG@@SGEPBVWSTRING@@@Z
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@0@Z
??0VOL_LIODPDRV@@IAE@XZ
??1CANNED_SECURITY@@UAE@XZ
?Initialize@VOL_LIODPDRV@@IAEEPBVWSTRING@@0PAVSUPERAREA@@PAVMESSAGE@@E@Z
?FileSetAttributes@IFS_SYSTEM@@SGEPBVWSTRING@@KPAK@Z
?QueryDriveHandle@DP_DRIVE@@QBEPAXXZ
?SetVolumeLabelAndPrintFormatReport@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?QueryNtfsSupportInfo@DP_DRIVE@@SGJPAXPAE@Z
?GetCannedSecurityDescriptor@CANNED_SECURITY@@QAEPAXW4_CANNED_SECURITY_TYPE@@PAK@Z
?RemoveEdge@DIGRAPH@@QAEEKK@Z
?EnableVolumeUpgrade@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?Initialize@CANNED_SECURITY@@QAEEXZ
??1VOL_LIODPDRV@@UAE@XZ
?Write@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?QueryMemberCount@TLINK@@QBEGXZ
?Pop@INTSTACK@@QAEXK@Z
?QueryChildren@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?Write@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?AddVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?Initialize@DIGRAPH@@QAEEK@Z
??1SPARSE_SET@@UAE@XZ
?Write@SECRUN@@UAEEXZ
?GetNext@TLINK@@QAEPAXPAX@Z
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0@Z
?Lock@IO_DP_DRIVE@@QAEEXZ
?Initialize@READ_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
?IsArcSystemPartition@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?IsThisNtfs@IFS_SYSTEM@@SGEVBIG_INT@@KPAX@Z
?Initialize@TLINK@@QAEEG@Z
?Read@SECRUN@@UAEEXZ

kernel32

QueryPerformanceCounter
_llseek
OpenSemaphoreW
EnumerateLocalComputerNamesA
TryEnterCriticalSection
NlsGetCacheUpdateCount
GlobalMemoryStatus
EnumUILanguagesW
GlobalFix
CreateSocketHandle
FindResourceExA
SetEndOfFile
VerLanguageNameA
GetThreadSelectorEntry
HeapCompact
EnumCalendarInfoW
CreateNamedPipeW
LockResource
GetVersion
SetConsoleInputExeNameW
SetHandleCount
LoadLibraryA
EnumSystemLocalesW
SetConsoleCursorMode
GetCPInfoExW
OutputDebugStringW
GetPrivateProfileIntA
SetTermsrvAppInstallMode
AddConsoleAliasW
RemoveDirectoryW
GetFullPathNameW
lstrcatW
WritePrivateProfileSectionW
GetDiskFreeSpaceW
GetLogicalDrives
GetConsoleHardwareState
EnumSystemLocalesA
CancelIo
SetWaitableTimer
CreateTimerQueue
EnumSystemCodePagesW
VirtualAlloc
IsValidCodePage
AreFileApisANSI
LockFileEx
WriteConsoleA
SetConsoleKeyShortcuts
MoveFileWithProgressA
Process32FirstW
SetConsoleCursorPosition
GetCurrentProcess
VDMOperationStarted
SearchPathW
GetConsoleTitleA
GetOEMCP
DosPathToSessionPathA
GetModuleHandleA
FindNextVolumeMountPointW
IsBadReadPtr
LoadLibraryExA
CreatePipe
PulseEvent
SetConsoleCursorInfo
CreateWaitableTimerA
BackupRead
GetVersionExW
OpenEventA
SuspendThread
BaseUpdateAppcompatCache
SetConsoleWindowInfo
OpenMutexA
CancelWaitableTimer
LZCloseFile

msvcrt40

_inpd
?blen@streambuf@@IBEHXZ
__toascii
??1istrstream@@UAE@XZ
sin
_safe_fdivr
??0exception@@QAE@XZ
?write@ostream@@QAEAAV1@PBDH@Z
_wmakepath
_wfsopen
wcscspn
fgets
__p___wargv
??0ofstream@@QAE@ABV0@@Z
??1ofstream@@UAE@XZ
??0Iostream_init@@QAE@XZ
?oct@@YAAAVios@@AAV1@@Z
?sync@strstreambuf@@UAEHXZ
?lock@ios@@QAAXXZ
__threadid
perror
wcsrchr
??_Ebad_cast@@UAEPAXI@Z
_stati64
_mbsnbcmp
_CIlog10
_ismbbprint
_adjust_fdiv
tanh
_vsnprintf
_heapused
__RTCastToVoid
__initenv
?cerr@@3Vostream_withassign@@A
_spawnlpe
_isatty
?epptr@streambuf@@IBEPADXZ
_local_unwind2
?setrwbuf@stdiobuf@@QAEHHH@Z
??_Dstrstream@@QAEXXZ
_sys_errlist
_mbsset
setlocale
_safe_fprem
??_7strstream@@6B@
?_set_new_mode@@YAHH@Z
rename
iswalnum
towlower
_wexecve
?seekoff@stdiobuf@@UAEJJW4seek_dir@ios@@H@Z
?setbuf@streambuf@@UAEPAV1@PADH@Z
wcschr
_fsopen
_ultow
fgetws
wcstoul
??0ios@@IAE@XZ
fwscanf
_mbsbtype
_loaddll
??_Gifstream@@UAEPAXI@Z
??0stdiostream@@QAE@ABV0@@Z
_set_error_mode
_mbsrev
__STRINGTOLD
??0ostream_withassign@@QAE@ABV0@@Z
_getmbcp
??1Iostream_init@@QAE@XZ
??0istrstream@@QAE@ABV0@@Z
_wchdir

msdart

?ReadUnlock@CCritSec@@QAEXXZ
?TryReadLock@CSmallSpinLock@@QAE_NXZ
?GetDefaultSpinCount@CReaderWriterLock2@@SGGXZ
??1CSmallSpinLock@@QAE@XZ
?ReadUnlock@CLKRLinearHashTable@@QBEXXZ
?TryWriteLock@CCritSec@@QAE_NXZ
??0CLKRHashTableStats@@QAE@XZ
?IsWriteUnlocked@CReaderWriterLock3@@QBE_NXZ
?_CmpExch@CReaderWriterLock@@AAE_NJJ@Z
UMSEnterCSWraper
?TryWriteLock@CReaderWriterLock3@@QAE_NXZ
mpCalloc
?_LockSpin@CSmallSpinLock@@AAEXXZ
?WriteLock@CLKRLinearHashTable@@QAEXXZ
?_CalcKeyHash@CLKRHashTable@@ABEKK@Z
?s_aBucketSizes@?1??BucketSizes@CLKRHashTableStats@@SGPBJXZ@4QBJB
?WriteUnlock@CReaderWriterLock2@@QAEXXZ
?IsReadUnlocked@CFakeLock@@QBE_NXZ
??1CCritSec@@QAE@XZ
?ConvertSharedToExclusive@CReaderWriterLock2@@QAEXXZ
?InsertTail@CDoubleList@@QAEXQAVCListEntry@@@Z
?_BucketAddress@CLKRLinearHashTable@@ABEKK@Z
?GetSpinCount@CSmallSpinLock@@QBEGXZ
?SetTableLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
?ReadOrWriteUnlock@CReaderWriterLock3@@QAEX_N@Z
?IsReadLocked@CLKRHashTable@@QBE_NXZ
?SetTableLockSpinCount@CLKRHashTable@@QAEXG@Z
?ReadLock@CReaderWriterLock2@@QAEXXZ
??1CLockedSingleList@@QAE@XZ
?_LockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
?IsWriteUnlocked@CReaderWriterLock2@@QBE_NXZ
?ValidSignature@CLKRLinearHashTable@@QBE_NXZ
?_LockSpin@CReaderWriterLock@@AAEX_N@Z
?IsUnlocked@CLockedDoubleList@@QBE_NXZ

dnsapi

DnsIpv6AddressToString
DnsIsStringCountValidForTextType
CombineRecordsInBlob
DnsApiRealloc
DnsDhcpSrvRegisterInit
Dns_CloseSocket
DnsWriteQuestionToBuffer_W
DnsWriteQuestionToBuffer_UTF8
DnsValidateName_UTF8
DnsCopyStringEx
DnsUpdate
DnsQuery_A
DnsValidateName_A
DnsRecordCopyEx
QueryDirectEx
NetInfo_Build
Dns_InitializeMsgRemoteSockaddr
DnsAcquireContextHandle_A
Dns_CreateMulticastSocket
Dns_AddRecordsToMessage
Dns_ResetNetworkInfo
Dns_CreateSocketEx
DnsDhcpSrvRegisterTerm
NetInfo_ResetServerPriorities
DnsRegisterClusterAddress
DnsIpv6StringToAddress
DnsFreeConfigStructure
DnsFlushResolverCacheEntry_A

Sections

.text
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf6e8f09bb897f7d3c32ddc255514cbb

Headers

DLL Characteristics

File Characteristics

Imports

ifsutil

kernel32

msvcrt40

msdart

dnsapi

Sections

.text Size: 346KB - Virtual size: 346KB

.rdata Size: 346KB - Virtual size: 346KB

.data Size: 173KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 346KB - Virtual size: 346KB

.rdata
Size: 346KB - Virtual size: 346KB

.data
Size: 173KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B