281a4edb25d9d9f253c39285c8b201c0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

281a4edb25d9d9f253c39285c8b201c0_JaffaCakes118
Size

616KB
MD5

281a4edb25d9d9f253c39285c8b201c0
SHA1

64c96c43cc445edaec712145038f86cf05fed35a
SHA256

32b01fd773304605048da24c19b75399dc1d627aeb627a1bc0ab1cb12d7e6b3d
SHA512

1e850046aa2215f371d80bd0bd3e296dfa5878801a069cb842a55660262e074adc22cdfc8a281af22e8518af06e7517bbe2cbd05a74a699c053cf8372207a272
SSDEEP

6144:yqEeVEHUCFEYWfCHwA9IqhvV52C02FT8kbgLS8cSzhm6UOda7cDDzkExgHJHWNti:7oJ+YWfCQAH952ClpgLSugoaiAWTi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
281a4edb25d9d9f253c39285c8b201c0_JaffaCakes118

Files

281a4edb25d9d9f253c39285c8b201c0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9b596788f0be8f6cfbddb00626727d06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

aqckgen

QCK_Generate

anioapi

NIOC_SendPacket
NIOC_SetRxTimeout
NIOC_SetMinToCopy
NIOC_SetBufferSize
NIOC_SetNdisPacketFilter
NIOC_ReceivePacket
NIOC_MonitorStatus
NIOC_QueryOid
NIOC_SetOid
NIOC_OpenInstance
NIOC_QueryMacAddress
NIOC_CloseInstance

crypt32

CertFreeCertificateContext
CertNameToStrA
CryptDecodeObject
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertOpenSystemStoreA
CertFindExtension
CryptAcquireCertificatePrivateKey
CertCreateCertificateContext
CertCloseStore

wlanapp

Group_GetFixIndex
Adv_SetAESCapable
ANSC_SetCurStatus
Profile_UpdateAt
ANSC_Filter_GetAt
Profile_GetAt
WPA_GetServerCertNameAt
Adv_SetKeepConnect
WPA2_SetCapable
Gen_GetBackupDescPath
Adv_SetIPConfig
Adv_GetIPConfig
Adv_GetRadioOFF
GroupCtrl_GetFixed
Adv_GetIdle
Adv_SetHoldUI
Group_SetFixIndex
GroupCtrl_SetFixed
Adv_SetAutoConnect
Adv_SetAccessMode
Adv_GetAutoConnect
Adv_GetAccessMode
ANSC_Filter_GetCount
Profile_GetAllCount
Profile_DeleteAt
Profile_GetCycleCount
Adv_SetIdle
Adv_SetRadioOFF
Profile_SetCycleCount
Profile_SetActiveIndex
WPA_SetCapable
WPA_GetAllServerCertCount
Adv_GetKeepConnect
WPA_SetServerCertNameAtEX
Profile_GetStartAtIndex
Gen_GetVender
ANSC_GetVendorPK
WPA_GetValidateServerTitle
WPA_GetValidateServerMsg1
WPA_GetValidateServerMsg2
Profile_ANSC
ANSC_GetCurStatus

ws2_32

WSASetLastError
shutdown
ioctlsocket
WSAGetLastError
recv
closesocket
connect
htons
gethostbyname
gethostbyaddr
inet_addr
socket
WSAStartup
send

wlanapi

apsInitialize
apsGetMIB
apsSetMIB
apsGetReady
apsRefreshMIB
apsApply
apsCloseHandle
apsGetInstanceName
apsGetInterfaceCount
apsSearchInterface
apsCreateMIB

mfc42

ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord641
ord324
ord609
ord2302
ord4234
ord4407
ord3092
ord4710
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402
ord4424
ord3574
ord567
ord860
ord800
ord540
ord3663
ord5450
ord6394
ord5440
ord6383
ord1669
ord1168
ord2652
ord2818
ord3584
ord543
ord803
ord755
ord6195
ord3870
ord470
ord6307
ord4167
ord521
ord2379
ord3610
ord656
ord4275
ord5622
ord2841
ord2107
ord6515
ord2642
ord6669
ord6743
ord2614
ord858
ord4129
ord537
ord616
ord922
ord4224
ord3874
ord6199
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord939
ord536
ord1200
ord940
ord1105
ord4160
ord5856
ord6467
ord4274
ord1946
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord815
ord561
ord3953
ord2725
ord1085
ord802
ord2645
ord5601
ord542
ord686
ord693
ord384
ord3286
ord6905
ord3996
ord2096
ord3571
ord3626
ord2414
ord1641
ord1146
ord6215
ord2582
ord4402
ord3370
ord3640
ord2862
ord6007
ord3998
ord1775
ord4078
ord6052
ord2514
ord4998
ord4376
ord5265
ord825
ord823
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord4853

msvcrt

fprintf
_iob
strerror
_errno
clock
_getpid
_ftol
fputc
putc
abort
vfprintf
fputs
malloc
realloc
getenv
fread
rewind
ftell
fseek
fclose
fopen
strncmp
strstr
fgets
gmtime
_assert
fwrite
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
_isctype
__mb_cur_max
_pctype
strtok
strncpy
_mbsnbicmp
memmove
time
srand
sprintf
_mbsicmp
free
_endthreadex
printf
exit
_beginthreadex
strcpy
strlen
rand
_mbscmp
memcmp
memset
memcpy
_purecall
__CxxFrameHandler
_read
_open
_write
_close
_fstat

kernel32

CloseHandle
InitializeCriticalSection
SleepEx
Sleep
EnterCriticalSection
lstrcpyA
WaitForSingleObject
LoadLibraryA
GetProcAddress
SetEvent
GetTickCount
CreateEventA
DeleteCriticalSection
ResetEvent
LeaveCriticalSection
LocalAlloc
LocalFree
QueryPerformanceFrequency
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetProcessHeap
GlobalMemoryStatus
GetThreadTimes
GetProcessTimes
GetProcessWorkingSetSize
GetStartupInfoA
QueryPerformanceCounter
lstrcatA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
CreateNamedPipeA
ConnectNamedPipe
DisconnectNamedPipe
GetCurrentProcess
WaitForMultipleObjects
GetExitCodeProcess
GetModuleHandleA
GetLastError
lstrcmpA
WriteFile
GetSystemDirectoryA
GetVersionExA
ResumeThread
SuspendThread
TerminateThread
GetExitCodeThread
FreeLibrary
ReadFile
GetFileSize
CreateFileA
lstrlenA

user32

GetActiveWindow
GetCapture
GetClipboardOwner
GetClipboardViewer
GetDesktopWindow
GetFocus
GetInputState
GetMessagePos
GetMessageTime
GetOpenClipboardWindow
GetProcessWindowStation
GetQueueStatus
GetCaretPos
GetCursorPos
LoadBitmapA
FindWindowA
SetForegroundWindow
GetWindowRect
SetWindowPos
MessageBoxA
wsprintfA
EnableWindow
SendMessageA
SetTimer
KillTimer
MessageBeep

advapi32

CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
CryptExportKey
CryptGetUserKey
RegCloseKey
RegQueryValueExA

shell32

ShellExecuteExA

comctl32

ImageList_AddMasked

Exports

Exports

WZCBDL_ShowUI
WZCBDL_StartService
WZCBDL_StopService

Sections

.text
Size: 484KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b596788f0be8f6cfbddb00626727d06

Headers

File Characteristics

Imports

aqckgen

anioapi

crypt32

wlanapp

ws2_32

wlanapi

mfc42

msvcrt

kernel32

user32

advapi32

shell32

comctl32

Exports

Exports

Sections

.text Size: 484KB - Virtual size: 480KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 52KB - Virtual size: 65KB

.idata Size: 12KB - Virtual size: 10KB

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 484KB - Virtual size: 480KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 52KB - Virtual size: 65KB

.idata
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 20KB - Virtual size: 18KB