2a67ea47fde46e7eb6ebd2fd6983ed8f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a67ea47fde46e7eb6ebd2fd6983ed8f_JaffaCakes118
Size

58KB
MD5

2a67ea47fde46e7eb6ebd2fd6983ed8f
SHA1

07109289a1a7ba24f41ad67f356102f50f55249b
SHA256

1bfa7c87b854238ffacbb69fbfd96ef558329d9609105d9802355072aacef7a5
SHA512

e29e106d0a7c3db3acb9e8057feddd7c4ef7a7e3a62ae7bbcda32d561e0fd597b5738715d9a200a91133e376e810a0dc53f0501d73c2436d0b7dd7b5e6a35a4a
SSDEEP

1536:beXszWNw+GEBk0CK0jGnfo1KY7eEHEO9u2kAOX6:a8iN5CK0jGnfo1Hy+9V+q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a67ea47fde46e7eb6ebd2fd6983ed8f_JaffaCakes118

Files

2a67ea47fde46e7eb6ebd2fd6983ed8f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

10ff6343ed5d333b69d986cf3c417aa8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtIsSystemResumeAutomatic
ZwUnloadDriver
RtlDestroyQueryDebugBuffer
RtlInitializeSid
RtlCopySecurityDescriptor
RtlAddAccessDeniedAceEx
RtlUlongByteSwap
ZwOpenSection
LdrQueryImageFileExecutionOptions
NtSetTimer
RtlInitializeContext
RtlFindClearBits
RtlGetProcessHeaps
qsort
RtlDnsHostNameToComputerName
ZwQuerySystemTime
RtlDeleteRegistryValue
RtlDeleteAtomFromAtomTable
ZwAddAtom
ZwGetPlugPlayEvent
NtQueryQuotaInformationFile
iswctype
ZwFreeUserPhysicalPages
NtCreateNamedPipeFile
RtlCompressBuffer
ZwReplyWaitReceivePort
NtOpenFile

winmm

mid32Message
mciLoadCommandResource
waveOutOpen
waveOutBreakLoop
midiStreamProperty
timeGetSystemTime
mmioStringToFOURCCW
joyGetNumDevs
PlaySoundW
mmioOpenA
waveOutSetPitch
waveInUnprepareHeader
midiInClose
wid32Message
mixerGetLineInfoW
timeEndPeriod
mci32Message
joyGetPos
mciGetErrorStringW
mod32Message
DefDriverProc
midiInStart
auxGetDevCapsW
midiOutOpen
waveOutWrite
mciGetCreatorTask
midiOutGetVolume
mixerGetControlDetailsA
midiOutSetVolume
SendDriverMessage

query

?RemoveCatalogFiles@CMachineAdmin@@QAEXPBG@Z
?ciIsValidPointer@@YGHPBX@Z
?UnMarshall@CDbNumeric@@QAEHAAVPDeSerStream@@@Z
?InitIterator@CCombinedPropertyList@@UAEXXZ
?Enum@CWin32RegAccess@@QAEHPAGK@Z
?Release@CEmptyPropertyList@@UAGKXZ
?_ftFile@CGlobalPropFileRefresher@@0U_FILETIME@@A
?DoIt@CCopyRcovObject@@QAEJXZ
?IsWaitingForDocument@CFilterDaemon@@QAEHXZ
?ExtensionHasScriptMap@CMetaDataMgr@@QAEHPBG@Z
?StrLen@CKey@@QBEIXZ
??0CDbColId@@QAE@XZ
?FPSToPROPID@CPidConverter@@UAEJABVCFullPropSpec@@AAK@Z
?Copy@CDbProp@@QAEHABUtagDBPROP@@@Z
?Set@CPidRemapper@@QAEXAAV?$XArray@K@@@Z
?GetI8@CAllocStorageVariant@@QBE?AT_LARGE_INTEGER@@I@Z
??1CNotRestriction@@QAE@XZ
?NewWordBreaker@CCiOle@@SGPAUIWordBreaker@@ABU_GUID@@@Z
?Marshall@CDbByGuid@@QBEXAAVPSerStream@@@Z
?BorrowBuffer@CPhysStorage@@QAEPAKKHH@Z
CIRestrictionToFullTree
?ClearList@CCombinedPropertyList@@QAEXXZ
?QueryInterface@CDbProperties@@UAGJABU_GUID@@PAPAX@Z
??0CPropNameArray@@QAE@I@Z
?MakeICommand@@YGJPAPAUIUnknown@@PBG1PAU1@@Z
?UnMarshall@CDbParameter@@QAEHAAVPDeSerStream@@@Z
?SetUI2@CStorageVariant@@QAEXGI@Z

gdi32

FONTOBJ_vGetInfo
SelectObject
SetBitmapBits
DdEntry12
GetOutlineTextMetricsW
GdiConvertBitmap
DdEntry9
GdiConvertToDevmodeW
EngLoadModule
CreateFontIndirectA
DdEntry10
UpdateICMRegKeyA
DdEntry27
ExcludeClipRect
FillPath
StartPage
GetBitmapAttributes
CheckColorsInGamut
SetMapperFlags
CreatePen

rastapi

PortSend
PortDisconnect
GetConnectInfo
UnloadRastapiDll
PortSetInfo
DeviceGetDevConfigEx
PortGetIOHandle
AddPorts
EnableDeviceForDialIn
DeviceDone
RastapiSetCalledID
PortTestSignalState
PortSetFraming
DeviceGetDevConfig
DeviceConnect
PortGetInfo
DeviceWork
SetCommSettings
PortReceiveComplete
RemovePort
RastapiGetCalledID

hhsetup

?CheckTitleRef@CCollection@@AAEKPBGG@Z
?GetCollectionFileName@CCollection@@QAEPBDXZ
?bIsVisable@CFolder@@QAEHXZ
?DeleteLocalFiles@CCollection@@AAEXPAULocationHistory@@PAVCTitle@@@Z
?AddLocationHistory@CTitle@@QAEKKPBD00PBVCLocation@@00H@Z
?GetMasterCHM@CCollection@@QAEHPAPAGPAG@Z
??4CCollection@@QAEAAV0@ABV0@@Z
?MergeKeywords@CCollection@@QAEHPAD@Z
?GetSampleLocation@CCollection@@QAEPADXZ
?GetTitleW@CFolder@@QAEPBGXZ
?WriteFolders@CCollection@@AAEHPAPAVCFolder@@@Z
?NewTitle@CCollection@@AAEPAVCTitle@@XZ
?GetTitle@CLocation@@QAEPADXZ
??1CLocation@@QAE@XZ
?SetId@CTitle@@QAEXPBD@Z
?GetMasterCHM@CCollection@@QAEHPAPADPAG@Z
?CheckTitleRef@CCollection@@AAEKPBDG@Z
?Save@CCollection@@QAEKXZ
?GetSampleLocationW@CCollection@@QAEPBGXZ
?GetCollectionFileNameW@CCollection@@QAEPBGXZ

setupapi

CM_Setup_DevNode_Ex
pSetupAccessRunOnceNodeList
CM_Get_Device_ID_ExA
CM_Enable_DevNode_Ex
VerifyCatalogFile
SetupQuerySourceListW
CM_Request_Eject_PC
CM_Get_HW_Prof_FlagsA
SetupDiGetClassImageListExA
CM_Get_Res_Des_Data_Size
SetupDiCreateDevRegKeyA
SetupDiOpenDeviceInfoA
SetupRemoveFromSourceListA
CMP_RegisterNotification
CM_Get_Parent
CM_Get_HW_Prof_Flags_ExA
SetupQueueDeleteSectionA
SetupGetFileCompressionInfoW
CM_Set_HW_Prof_Flags_ExA
pSetupStringTableLookUpString
SetupQueryDrivesInDiskSpaceListW
CM_Disable_DevNode
SetupUninstallNewlyCopiedInfs
SetupDiDeleteDeviceInfo
pSetupAddTagToGroupOrderListEntry
SetupQueryInfVersionInformationA
CM_Get_Sibling
SetupDiGetClassDevsExA

kernel32

SetThreadUILanguage
VirtualAlloc
lstrcpyW
HeapReAlloc
WritePrivateProfileStructA
GlobalFree
GetProcessWorkingSetSize
GetTempPathA
ProcessIdToSessionId
DeleteFileA
GetNumberFormatW
FindAtomA
GetLocaleInfoW
MoveFileA
GetExitCodeProcess
DnsHostnameToComputerNameA
LoadLibraryA
WaitForSingleObjectEx
HeapCreate
GetDiskFreeSpaceExW
ExitThread
GetVDMCurrentDirectories
EraseTape
GetConsoleCommandHistoryW
SetCurrentDirectoryA
GetGeoInfoW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10ff6343ed5d333b69d986cf3c417aa8

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

winmm

query

gdi32

rastapi

hhsetup

setupapi

kernel32

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 16KB - Virtual size: 108KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 192B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 16KB - Virtual size: 108KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 192B