2670ae89f08ee708959ef10c9cf3e086_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2670ae89f08ee708959ef10c9cf3e086_JaffaCakes118
Size

98KB
MD5

2670ae89f08ee708959ef10c9cf3e086
SHA1

948a5570712720d99399fd80c8d2aa9b408eeb2f
SHA256

e028566927d8a251c7a4212b83f22f34360cd7613ac391cd646fc1ad4d6646c6
SHA512

8b43444e5d9e4f4ffb27666fa85676ac1aefb96c6c7db252eb54bbb99101ccd5bdbda753b7c959f396a601f117911161144fca0b3cfd8a17580eef35aaf5f92d
SSDEEP

1536:DWnU4B91dc4GpTw5J3stCS5qzJXKOZfBDc4bVkYr7t4vuuqYrXF/PV8abH:IUEBGdtCSmNpFbFKvudYrXV9bH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2670ae89f08ee708959ef10c9cf3e086_JaffaCakes118

Files

2670ae89f08ee708959ef10c9cf3e086_JaffaCakes118
.exe windows:1 windows x86 arch:x86

a7565227ac40fc2bd277a71ea54fe0a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateWindowExW
GetIconInfo
CharPrevA
GetTabbedTextExtentW
ScrollDC
ChangeDisplaySettingsExW
PaintDesktop
CharToOemW
DefMDIChildProcW
UserLpkPSMTextOut
BringWindowToTop
ScrollWindow
GetMessageTime
GetClassNameW
SetDebugErrorLevel
EnumChildWindows
ScrollChildren
CtxInitUser32
WaitForInputIdle
UnregisterUserApiHook
SetClassLongW
DestroyCaret
UnregisterHotKey
BroadcastSystemMessageA
DrawIcon
GetDlgItemInt
DeleteMenu

winmm

midiInGetDevCapsA
auxGetDevCapsA
waveOutGetNumDevs
GetDriverModuleHandle
mciSetDriverData
waveOutClose
mmioAscend
waveOutGetErrorTextW
mixerGetLineControlsW
mciSendCommandA
aux32Message
mixerSetControlDetails
waveInMessage
mmTaskSignal
mmioRenameW
mid32Message
midiOutSetVolume
auxOutMessage
mciExecute
sndPlaySoundW
WOWAppExit
waveInAddBuffer
joySetThreshold
waveOutPause
midiOutShortMsg
DefDriverProc
mixerGetID
joyGetThreshold
midiOutGetDevCapsW
mixerGetDevCapsW
PlaySoundW
NotifyCallbackData
mciSendStringA
tid32Message
midiStreamProperty
midiOutGetNumDevs
timeEndPeriod

msvcrt

_wexecvpe
_unlock
_mbclen
_get_sbh_threshold
tolower
_wcstoi64
_onexit
_mbsicoll
__getmainargs
_kbhit
??4bad_cast@@QAEAAV0@ABV0@@Z
_nextafter
pow
fseek
_putwch
cos
iswalnum
__RTDynamicCast
asin
_mbschr
__argv
_strtoi64
fgetws
_wctime64
_wcsrev
_spawnle
$I10_OUTPUT
_inp

mprapi

MprAdminInterfaceSetInfo
MprDomainQueryRasServer
MprInfoBlockSet
MprAdminServerDisconnect
MprAdminUserSetInfo
MprAdminPortClearStats
MprAdminInterfaceSetCredentialsEx
MprAdminDeregisterConnectionNotification
MprDomainRegisterRasServer
MprAdminInterfaceTransportSetInfo
MprAdminInterfaceUpdateRoutes
MprConfigInterfaceTransportGetInfo
MprAdminMIBEntryCreate
MprAdminMIBEntryGet
MprAdminInterfaceSetCredentials
MprAdminServerGetCredentials
MprAdminMIBEntryDelete
MprConfigTransportCreate
MprConfigServerDisconnect
MprAdminInterfaceGetInfo
MprAdminServerGetInfo
MprAdminConnectionEnum
MprInfoDuplicate
MprAdminPortReset
MprAdminMIBServerDisconnect
MprAdminMIBEntrySet
MprInfoRemoveAll
RasPrivilegeAndCallBackNumber
MprAdminSendUserMessage
MprAdminInterfaceTransportRemove
MprConfigTransportGetHandle
MprConfigInterfaceGetInfo
MprConfigInterfaceEnum
MprAdminInterfaceConnect
MprAdminGetPDCServer
MprAdminIsDomainRasServer
MprConfigInterfaceTransportAdd
MprAdminInterfaceGetCredentialsEx
MprAdminInterfaceGetCredentials
MprAdminInterfaceDeviceGetInfo
MprAdminUserReadProfFlags
MprAdminDeviceEnum
MprConfigBufferFree

ntdll

ZwOpenSemaphore
ZwAccessCheck
CsrCaptureTimeout
ZwCreateJobSet
RtlAddAccessDeniedAce
RtlQueryTagHeap
RtlSetCurrentDirectory_U
RtlDeleteRegistryValue
NtContinue
RtlGetFrame
NtTerminateThread
NtOpenObjectAuditAlarm
NtQueryVolumeInformationFile
RtlAddAttributeActionToRXact
NtLockProductActivationKeys
RtlInterlockedPopEntrySList
RtlUpcaseUnicodeStringToAnsiString
RtlGetAce
RtlEnterCriticalSection
NtNotifyChangeKey
CsrFreeCaptureBuffer
RtlDestroyAtomTable
NtReplyWaitReceivePortEx
RtlSetInformationAcl
ZwNotifyChangeMultipleKeys
_allshr
RtlIsDosDeviceName_U
NtCreateDirectoryObject
RtlRunEncodeUnicodeString
CsrGetProcessId
RtlTimeToSecondsSince1980
CsrClientCallServer
NtCreateProfile
RtlTraceDatabaseValidate
ZwModifyBootEntry
PfxInitialize
RtlRunDecodeUnicodeString
RtlGetNtVersionNumbers
RtlDeleteTimer
ZwAccessCheckByTypeResultList
ZwRaiseHardError

kernel32

WriteConsoleInputVDMA
FindNextVolumeMountPointW
SetConsoleFont
GetCurrentThread
GetPrivateProfileStructW
GetCurrentProcessId
EnumSystemLocalesA
AllocConsole
LoadResource
DeactivateActCtx
Heap32First
GetProcAddress
SetFileAttributesA
TlsFree
AreFileApisANSI
InitializeCriticalSection
GetHandleContext
GlobalCompact
SetFileApisToANSI
LCMapStringW
GetProcessPriorityBoost
GetEnvironmentStringsW
GetModuleHandleExW
MoveFileWithProgressW
GetExpandedNameA
GetConsoleAliasExesLengthW
QueryPerformanceCounter
WriteConsoleW
WritePrivateProfileStructA
SetCriticalSectionSpinCount
AddLocalAlternateComputerNameA
SetThreadPriority
DelayLoadFailureHook
SetFileShortNameW
VirtualAlloc
WaitForSingleObject
BackupRead
AddConsoleAliasA
GetPrivateProfileSectionNamesA
GetVolumePathNamesForVolumeNameW
GetConsoleOutputCP
LocalAlloc
MoveFileWithProgressA
LoadLibraryA

cmutil

CmIsSpaceW
?SetPrimaryFile@CIniA@@QAEXPBD@Z
?GetLogFilePath@CmLogFile@@QAEPBGXZ
?CIniA_GetEntryFromReg@CIniA@@IBEPAEPAUHKEY__@@PBD1KK@Z
CmLoadSmallIconW
?GetHInst@CIniA@@QBEPAUHINSTANCE__@@XZ
CmLoadIconA
?LoadEntry@CIniA@@IBEPADPBD@Z
CmMoveMemory
CmStrCatAllocW
?WPPB@CIniW@@QAEXPBG0H@Z
?GPPS@CIniW@@QBEPAGPBG00@Z
CmLoadIconW
?GetFile@CIniA@@QBEPBDXZ
?GPPI@CIniW@@QBEKPBG0K@Z
?WPPB@CIniA@@QAEXPBD0H@Z
CmLoadSmallIconA
CmFmtMsgW
?SetSection@CIniA@@QAEXPBD@Z
??4CIniA@@QAEAAV0@ABV0@@Z
CmStrStrW
?CIniW_DeleteEntryFromReg@CIniW@@IBEHPAUHKEY__@@PBG1@Z
?LoadSection@CIniA@@QBEPADPBD@Z
?GPPI@CIniA@@QBEKPBD0K@Z
GetOSBuildNumber
CmIsDigitW
CmParsePathW
IsFarEastNonOSR2Win95
??0CmLogFile@@QAE@XZ
??4CIniW@@QAEAAV0@ABV0@@Z
?SetICSDataPath@CIniA@@QAEXPBD@Z
?DeInit@CmLogFile@@QAEJXZ
?SetICSDataPath@CIniW@@QAEXPBG@Z
CmStrrchrA
?IsEnabled@CmLogFile@@QAEHXZ

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7565227ac40fc2bd277a71ea54fe0a7

Headers

File Characteristics

Imports

user32

winmm

msvcrt

mprapi

ntdll

kernel32

cmutil

Sections

.text Size: 53KB - Virtual size: 53KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 1KB - Virtual size: 157KB

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 53KB - Virtual size: 53KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 1KB - Virtual size: 157KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 1024B - Virtual size: 1024B