37a1a36fefb9d5d45972868f2b7005f3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37a1a36fefb9d5d45972868f2b7005f3_JaffaCakes118
Size

190KB
MD5

37a1a36fefb9d5d45972868f2b7005f3
SHA1

04f898130651f8af202549ea9e6d95f2235f3925
SHA256

5968754462a9a3f142b28755d2b0e7a34dad1d3779115b458ba1a75f502e513f
SHA512

16b18bb2d4f5bf41c29169bf6e39ca6ca895d20e3640dfa22fce9fa0a896e2ded0a2b440007e7b0ca29a4009c7e89f36371ad004ccfb204028f677531cec28d8
SSDEEP

3072:6kSu2ACYkUiFnZkeh7IuTte64Yhc6iQymxvAB01x1QI7Q6G6:6kS5WEph7tv4H2FvDkv6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37a1a36fefb9d5d45972868f2b7005f3_JaffaCakes118

Files

37a1a36fefb9d5d45972868f2b7005f3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ba9b826b610ea2e2dc4e47261a6c5e6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

uWDF.pdb

Imports

kernel32

InitializeCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
CreateEventW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetEvent
SetUnhandledExceptionFilter
LocalFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
CreateThread
SetLastError
TerminateThread
SetConsoleCtrlHandler
QueueUserAPC
OpenThread
SleepEx
lstrcmpiW
InterlockedIncrement
GetCurrentThreadId
IsDebuggerPresent
CloseHandle
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
ReleaseMutex
WaitForSingleObject
GetLastError
UnhandledExceptionFilter

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
wcslen
_purecall
free
wcscmp
malloc
__wgetmainargs
wcsncmp
_c_exit
_exit
_XcptFilter
_cexit
__winitenv
exit
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
_except_handler3
_controlfp

advapi32

RegisterTraceGuidsW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
LookupAccountSidW
CreateWellKnownSid
TraceMessage

setupapi

SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

ntdll

DbgBreakPoint

rpcrt4

RpcServerUnregisterIf
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcStringFreeW
RpcServerListen
RpcAsyncCompleteCall
RpcServerInqCallAttributesW
NdrServerCall2
NdrAsyncServerCall
RpcServerRegisterIfEx
RpcServerUseProtseqEpW

secur32

GetUserNameExW

user32

LoadIconW
LoadCursorW
RegisterClassW
CreateWindowExW
SetWindowLongW
DestroyWindow
GetMessageW
TranslateMessage
DispatchMessageW
GetWindowLongW
DefWindowProcW
PostQuitMessage
PostMessageW
UnregisterDeviceNotification
RegisterDeviceNotificationW

Exports

Exports

WdfDeviceCreate
WdfDeviceGetDeviceName
WdfDeviceGetIoTarget
WdfDeviceInitSetFileEventCallbacks
WdfDeviceRegisterIoCallbacks
WdfDriverCreate
WdfFdoInitSetEventCallbacks
WdfFdoInitSetFilter
WdfIoQueueGetDevice
WdfIoTargetFormatIoctlRequest
WdfMemoryBufferCreate
WdfObjectDereferenceActual
WdfObjectReferenceActual
WdfRequestComplete
WdfRequestCompleteWithInformation
WdfRequestCreate
WdfRequestGetParameters
WdfRequestRetrieveBuffer
WdfRequestSend
WdfRequestSetCompletionRoutine

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PACK
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ba9b826b610ea2e2dc4e47261a6c5e6d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

advapi32

setupapi

ntdll

rpcrt4

secur32

user32

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 42KB

.data Size: 512B - Virtual size: 572B

.rsrc Size: 1KB - Virtual size: 1KB

PACK Size: 144KB - Virtual size: 380KB

.text
Size: 43KB - Virtual size: 42KB

.data
Size: 512B - Virtual size: 572B

.rsrc
Size: 1KB - Virtual size: 1KB

PACK
Size: 144KB - Virtual size: 380KB