362935b0f4f5b4f3f7b32177bec388e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

362935b0f4f5b4f3f7b32177bec388e5_JaffaCakes118
Size

32KB
MD5

362935b0f4f5b4f3f7b32177bec388e5
SHA1

c62c8122f7c9ea5cf4edbae4f3ddb5cedcaef9f0
SHA256

2730d0de51d576cc979924f7000d63dd676a7341c9aed65ef3061054f6fc4a0a
SHA512

ff5c2d4670eb48daa7fd55a4b2435e530af0505b9fa0a355613e77544cc762218bd7846b0e2846fb7b334dffe61d0c753248de54066886cee502882d2b0c0c8b
SSDEEP

768:+nDratjcFezY76KffgjFQfCQTpiDyFfgjTM961:+CtQFKYlfGQfCQTpiDyFmMk1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
362935b0f4f5b4f3f7b32177bec388e5_JaffaCakes118

Files

362935b0f4f5b4f3f7b32177bec388e5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ba3981eff5e23025555dffa623d657f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtQueryDirectoryObject
RtlLeaveCriticalSection
toupper
wcstol
LdrUnlockLoaderLock
ZwQueryEvent
isalnum
RtlCutoverTimeToSystemTime
ZwWaitForKeyedEvent
RtlQueryRegistryValues
RtlAnsiStringToUnicodeString
ZwReleaseMutant
RtlUpperString
NtOpenTimer
RtlResetRtlTranslations
RtlDeNormalizeProcessParams
NtSetEaFile
RtlCreateBootStatusDataFile
NtCreateJobObject
ZwPowerInformation
ZwQueryInformationJobObject
NtCompressKey
NtQueryKey
RtlCopySidAndAttributesArray
RtlDeactivateActivationContext
LdrShutdownThread
ZwUnlockVirtualMemory
NtClose
RtlLookupAtomInAtomTable
NtReadFileScatter
vsprintf
NtWriteRequestData
RtlUnlockHeap

oleaut32

VarNeg
VarCyFix
SafeArrayGetLBound
VarCmp
LPSAFEARRAY_UserUnmarshal
VarCyFromR8
VarUI8FromDec
VarR4FromI8
VarDateFromUI2
SysStringByteLen
GetRecordInfoFromTypeInfo
CreateErrorInfo
VarDecFromI1
SysAllocString
VarBstrFromI1
VarXor
VarUI2FromUI8
VarBstrFromUI1
VarR4FromI1
CreateTypeLib2
VarDecFromR8
VarR8FromUI4
QueryPathOfRegTypeLib
DllCanUnloadNow
VARIANT_UserUnmarshal
VarI4FromUI2
VarFormatNumber
DispGetParam
VarR8Pow
VarUI8FromI8
VarCyMulI4
VarDateFromDisp
VarCyFromDec
SafeArraySetIID
VarI1FromR8
SetErrorInfo
VarR8FromI4
VarBoolFromI1
VarBoolFromUI1
VariantClear
VarUI4FromDate
VarUI2FromI8
VarI2FromI4
VarI4FromI2
VarBstrFromR8

msvcrt20

_chmod
_winmajor
_wremove
_tcscspn
??2@YAPAXI@Z
_fdopen
??_Efilebuf@@UAEPAXI@Z
??_Gistream@@UAEPAXI@Z
_execvp
?freeze@strstreambuf@@QAEXH@Z
??0strstreambuf@@QAE@ABV0@@Z
_wenviron
??_8strstream@@7Bistream@@@
_tcsncmp
??0ifstream@@QAE@XZ
gets
?openprot@filebuf@@2HB
_getsystime
_ismbcl1
_mbsset
__p__environ
sin
?sync_with_stdio@ios@@SAXXZ
_mbsdec
_toupper
_creat
_mbsinc
_ismbcalpha
?rdbuf@fstream@@QBEPAVfilebuf@@XZ
_fcloseall
_mbsnbcoll
gmtime
_assert
_spawnle
?eback@streambuf@@IBEPADXZ
pow

dmdskmgr

?Command@CContextMenu@@QAEJJPAUIDataObject@@J@Z
?EnumVolumes@CTaskData@@QAEXAAKPAPAJ@Z
?GetDiskInfo@CDMNodeObj@@QAEHAAUdiskinfoex@@@Z
?RecalculateSpace@CDMNodeObj@@QAEXXZ
?IsRevertable@CDMNodeObj@@QAEHXZ
?GetDiskCookiesForSig@CTaskData@@QAEXAAKPAPAJ@Z
?RefreshFileSys@CContextMenu@@QAEXJ@Z
DllCanUnloadNow
?EnhancedIsUpgradeable@CDMNodeObj@@QAEHPAVCTaskData@@@Z
?IsMember@CDMNodeObj@@QAEHPAV1@@Z
?HasExtendedPartition@CDMNodeObj@@QAEHXZ
?IsUnknownPartition@CDMNodeObj@@QAEHXZ
?HasNTFSwithDriveLetter@CDataCache@@QAEHXZ
?IsDiskEmpty@CDMNodeObj@@QAEHXZ
?GetUIState@CTaskData@@QAEKXZ
?GetIconId@CDMNodeObj@@QAEIH@Z
?IsMbrEEPartition@CDMNodeObj@@QAEHXZ
?GetStatus@CDMNodeObj@@QAEHXZ
?GetDriveLetter@CDMNodeObj@@QAEXAAG@Z
?GetDMDataObjPtrFromId@CTaskData@@QAEPAVCDMNodeObj@@_J@Z
?ContainsBootIniPartition@CDMNodeObj@@QAEHXZ
?GetRegionColorStructPtr@CTaskData@@QAEXPAPAU_REGION_COLORS@@AAH@Z
?GetColorRef@CDMNodeObj@@QAEKXZ
?GetDiskCookies@CTaskData@@QAEXAAKPAPAJHKH@Z
?GetRegionInfo@CDMNodeObj@@QAEHAAUregioninfoex@@@Z
?GetDiskSpec@CDMNodeObj@@QAEHAAUdiskspec@@@Z
?GetDiskStatus@CDMNodeObj@@QAEHAAVCString@@@Z
?IsOemPartition@CDMNodeObj@@QAEHXZ
?ContainsBootIniPartitionForWolfpack@CDMNodeObj@@QAEHXZ
?GetName@CDMNodeObj@@QAEXAAVCString@@@Z
?FindDriveLetter@CTaskData@@QAEX_JAAG@Z
?GetAssignedDriveLetter@CTaskData@@QAEHJAAG@Z
?GetDriveLetters@CTaskData@@QAEXAAFPAPAGG@Z
?GetParentDiskPtr@CDMNodeObj@@QAEPAV1@XZ
?GetDiskCookiesToEncap@CTaskData@@QAEXAAKPAPAJ@Z
?IsEECoveredGPTDisk@CDMNodeObj@@QAEHXZ
?GetLayoutType@CDMNodeObj@@QAE?AW4_LAYOUT_TYPES@@XZ
?GetPort@CDMNodeObj@@QAEHXZ
?IsHiddenRegion@CDMNodeObj@@QAEHXZ
?ConvertMBToBytes@@YG_J_J@Z
?GetFileSystemLabel@CDMNodeObj@@QAEXAAVCString@@@Z
?GetLogicalDriveCount@CDMNodeObj@@QAEKXZ

kernel32

CopyFileExW
UnmapViewOfFile
SetThreadPriorityBoost
lstrcat
SetFileAttributesW
VirtualAlloc
lstrlenA
LoadLibraryW
ExitVDM
GlobalFlags
GetCurrentDirectoryW
GetConsoleAliasExesA
EndUpdateResourceA
Sleep
Beep
ExitThread
FindAtomA
GetHandleContext
GetConsoleKeyboardLayoutNameW
GetSystemWow64DirectoryW
IsWow64Process
FlushViewOfFile
InterlockedCompareExchange
SetLastConsoleEventActive
GetOverlappedResult
DeleteTimerQueueTimer
EnumCalendarInfoA
GetVersion
GetPriorityClass

query

?DumpWorkId@@YGJPBGKPAEAAK00K@Z
?QueryCatalogAdmin@CMachineAdmin@@QAEPAVCCatalogAdmin@@PBG@Z
??0CQueryScanner@@QAE@PBGHKH@Z
?AcqPhrase@CQueryScanner@@QAEPAGXZ
?StopFiltering@CFilterDaemon@@QAEXXZ
?AllocHeapAndGetWString@@YGPAGAAVPDeSerStream@@@Z
??1CPropertyStore@@QAE@XZ
?GetCategory@CCatState@@QBEPBGI@Z
?FillMax@CKeyArray@@QAEHH@Z
?GetOleDBErrorInfo@@YGJPAUIUnknown@@ABU_GUID@@KIPAUtagERRORINFO@@PAPAUIErrorInfo@@@Z
?StrLen@CKeyBuf@@QBEIXZ
?Read@CRcovStrmTrans@@QAEKPAXK@Z
??1CAllocStorageVariant@@IAE@XZ
?EnableVPathNotify@CMetaDataMgr@@QAEXPAVCMetaDataVPathChangeCallBack@@@Z
?PutMinValue@CValueNormalizer@@QAEXKAAKW4VARENUM@@@Z
?Init@CMmStreamConsecBuf@@QAEXPAVPMmStream@@@Z
DoneCIPerformanceData
DoneCIISAPIPerformanceData
?ClearList@CPropertyList@@QAEXXZ
?Marshall@CRestriction@@QBEXAAVPSerStream@@@Z
?GetCLSID@CAllocStorageVariant@@QBE?AU_GUID@@I@Z
?MakePrivileged@CImpersonateSystem@@AAEXXZ
?SetProperty@CDbPropBaseRestriction@@QAEHABUtagDBID@@@Z
??3CDbCmdTreeNode@@SGXPAX@Z
?ReportEventW@CFwEventItem@@QAEXAAUICiCAdviseStatus@@@Z
?QueryInterface@CQueryUnknown@@UAGJABU_GUID@@PAPAX@Z
??0CPropertyValueParser@@QAE@AAVCQueryScanner@@GK@Z
?IsNullPointerVariant@@YGHPAUtagPROPVARIANT@@@Z
?SetFILETIME@CStorageVariant@@QAEXU_FILETIME@@I@Z
?Release@CWorkQueue@@QAEXPAVCWorkThread@@@Z
??1CRangeRestriction@@QAE@XZ
?UnMarshall@CDbContentVector@@QAEHAAVPDeSerStream@@@Z
?GetColumn@CCatState@@QBEPBGI@Z
??1CNatLanguageRestriction@@QAE@XZ
?AddRef@CFwPropertyMapper@@UAGKXZ
??0CCiAdminParams@@QAE@PAVCLangList@@@Z
?Write@CRcovStrmTrans@@IAEXPBXK@Z
??1CPropertyList@@UAE@XZ
?Init@CSdidLookupTable@@QAEHPAVCiStorage@@@Z
??1CDbProp@@QAE@XZ
??0CRegNotify@@QAE@PBG@Z
??0CSort@@QAE@I@Z
?CoTaskAllocator@@3VCCoTaskAllocator@@A
?SetI2@CStorageVariant@@QAEXFI@Z
??0CTransaction@@QAE@XZ

shell32

FindExecutableA
OpenAs_RunDLLA
DragFinish
ShellHookProc
PrintersGetCommand_RunDLL
SHEmptyRecycleBinA
SHGetFolderPathAndSubDirA
DragAcceptFiles
DragQueryFileAorW
SHGetDiskFreeSpaceExW
DllUnregisterServer
SHBrowseForFolder
SHPathPrepareForWriteW
SHUpdateRecycleBinIcon
InternalExtractIconListW
DllInstall
RealShellExecuteA
StrRChrW
SHGetSpecialFolderPathA
SHSetUnreadMailCountW
StrChrIW
StrCmpNW
ExtractIconExW
DllGetClassObject
CheckEscapesW
DragQueryFile
RegenerateUserEnvironment
SHGetNewLinkInfoW
RealShellExecuteExW
SHEnumerateUnreadMailAccountsW
SHGetFolderPathA
SHParseDisplayName

hhsetup

?AddTitle@CCollection@@QAEPAVCTitle@@PBD0000GIPAVCLocation@@PAKH0@Z
?SetId@CTitle@@QAEXPBD@Z
?DeleteLocation@CCollection@@AAEKPAVCLocation@@@Z
?Open@CCollection@@QAEKPBD@Z
?GetTitleW@CLocation@@QAEPBGXZ
??0CPointerList@@QAE@XZ
?RemoveAll@CPointerList@@QAEXXZ
??0CFolder@@QAE@XZ
?GetParent@CFolder@@QAEPAV1@XZ
?GetVolume@CLocation@@QAEPADXZ
?RemoveAll@CFIFOString@@QAEXXZ
?GetIdW@CTitle@@QAEPBGXZ
?FindLocation@CCollection@@QAEPAVCLocation@@PBDPAI@Z
?GetLangId@CCollection@@QAEGPBD@Z
?SetSampleLocation@CCollection@@QAEXPBD@Z
?HandleTitle@CCollection@@AAEKPAVCParseXML@@PAD@Z
?AllocCopyValue@CCollection@@AAEKPAVCParseXML@@PADPAPAD@Z
?SetNextTitle@CTitle@@QAEXPAV1@@Z
?MergeKeywords@CCollection@@QAEHPAD@Z
?GetIdW@CLocation@@QAEPBGXZ
?SetNextLocation@CLocation@@QAEXPAV1@@Z
?SetParent@CFolder@@QAEXPAV1@@Z
??4CPointerList@@QAEAAV0@ABV0@@Z
?GetId@CLocation@@QBEPADXZ
?GetId@CTitle@@QAEPADXZ
?AddCollection@CCollection@@QAEPAVCColList@@XZ
?SetExTitlePtr@CFolder@@QAEXPAVCExTitle@@@Z
?SetId@CTitle@@QAEXPBG@Z
?GetFindMergedCHMS@CCollection@@QAEHXZ
?GetTitle@CLocation@@QAEPADXZ
?GetMasterCHM@CCollection@@QAEHPAPADPAG@Z
?GetSampleLocation@CCollection@@QAEPADXZ

opengl32

glIndexMask
wglCreateLayerContext
glScalef
glTexCoord3iv
glEdgeFlagv
glVertex2f
glPointSize
glGetMapdv
glColor3dv
glRasterPos2iv
glTexCoord4fv
glDrawArrays
glPolygonOffset
glRasterPos4i
glPixelMapusv
glPopName
glSelectBuffer
glRasterPos3d
glCopyTexImage2D
glGetPolygonStipple
glTexCoord1iv
glPixelMapfv
glRasterPos3dv
glEndList
glColor4sv
glColor3sv
wglGetProcAddress
glCopyTexSubImage2D
glNewList
glGetMapfv
glBindTexture
glTexCoord4s
glRotatef
glTexCoord1f
glLoadIdentity
glVertex3iv
glColor4fv
glVertex4s
glRasterPos2sv
glFogfv
glGetTexGendv

setupapi

SetupDiGetDeviceInstallParamsW
CM_Get_Device_ID_List_Size_ExA
SetupDiGetDriverInfoDetailA
SetupQueryInfVersionInformationW
SetupInstallFileExW
SetupDestroyDiskSpaceList
SetupGetFileCompressionInfoExW
CM_Register_Device_InterfaceA
pSetupStringTableAddString
CM_Set_DevNode_Registry_PropertyW
CM_Query_And_Remove_SubTree_ExA
pSetupVerifyQueuedCatalogs
CM_Move_DevNode
pSetupShouldDeviceBeExcluded
SetupDiGetDeviceRegistryPropertyW
SetupRemoveInstallSectionFromDiskSpaceListA
SetupGetStringFieldA
SetupDiSetDeviceInterfaceDefault
CM_Detect_Resource_Conflict_Ex
CM_Get_Global_State
pSetupStringTableSetExtraData
SetupQuerySpaceRequiredOnDriveW
CM_Get_Sibling_Ex
pSetupRegistryDelnode
MyFree
SetupFindFirstLineW
SetupPromptForDiskA
SetupRemoveFileLogEntryW
SetupInstallFromInfSectionW
pSetupGetGlobalFlags
SetupDiInstallDevice
SetupQueueDeleteW

tapi3

DllUnregisterServer
DllGetClassObject
DllCanUnloadNow
DllRegisterServer

user32

PostMessageA

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ba3981eff5e23025555dffa623d657f2

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

oleaut32

msvcrt20

dmdskmgr

kernel32

query

shell32

hhsetup

opengl32

setupapi

tapi3

user32

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 2KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 2KB