3b4409ba0a25b8cd49aa095f2d56c49d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3b4409ba0a25b8cd49aa095f2d56c49d_JaffaCakes118
Size

52KB
MD5

3b4409ba0a25b8cd49aa095f2d56c49d
SHA1

eabfa8fa3a4b931ac95d5017bb776a0ea2aa8946
SHA256

d468bef69a69c71e3206d4cc8bc5c8dafba13b85939c593ac669fd6f0c473f68
SHA512

36df2e43c8ab058d8c8c04cfb43e62ac570fc112948ba64f4dbdb6c97eea01b48fb9ab773dac058be7fd08c663fe3355e5bf92962842e5259afd71c1aac88745
SSDEEP

1536:9QTx/CGPrGMCwgx2gMifT3BRBOouFX/bh1:2TYGSMCwgx2gt3B+ou1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b4409ba0a25b8cd49aa095f2d56c49d_JaffaCakes118

Files

3b4409ba0a25b8cd49aa095f2d56c49d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f7d1cc0455d3dc97b6ea68f19ac43ef4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cfgmgr32

CM_Get_HW_Prof_FlagsA
CM_Is_Dock_Station_Present_Ex
CM_Add_IDA
CM_Get_Device_ID_List_Size_ExW
CM_Create_DevNode_ExW
CM_Enable_DevNode_Ex
CM_Add_Range
CM_Get_Class_Name_ExA
CM_Get_Global_State_Ex
CM_Get_Res_Des_Data
CM_Free_Log_Conf_Ex
CM_Add_ID_ExW
CMP_UnregisterNotification
CM_Get_Device_ID_Size
CM_Get_HW_Prof_Flags_ExA
CM_Get_Class_NameW
CM_Get_Class_NameA
CM_Enable_DevNode
CM_Get_Device_Interface_ListW
CM_Uninstall_DevNode
CM_Get_Device_ID_ExW
CM_Query_And_Remove_SubTreeA
CM_Move_DevNode
CM_Create_Range_List
CM_Set_DevNode_Registry_Property_ExA
CM_Get_Class_Registry_PropertyA
CM_Open_DevNode_Key_Ex
CM_Get_Hardware_Profile_Info_ExW
CM_Unregister_Device_InterfaceA
CM_Get_DevNode_Registry_Property_ExW
CM_Enumerate_EnumeratorsW
CM_Get_Device_Interface_Alias_ExW
CM_Get_Device_Interface_AliasA
CM_Get_Hardware_Profile_Info_ExA
CM_Run_Detection_Ex
CM_Get_DevNode_Registry_PropertyW
CM_Enumerate_Classes_Ex
CM_Get_Parent
CM_Get_Class_Key_Name_ExA
CMP_WaitServicesAvailable
CM_Get_Device_Interface_List_ExA
CM_Get_Resource_Conflict_DetailsA
CM_Get_Device_Interface_List_Size_ExA
CM_Get_DevNode_Registry_PropertyA
CMP_Init_Detection
CM_Query_Arbitrator_Free_Data
CM_Open_DevNode_Key
CM_Delete_Range
CM_Unregister_Device_Interface_ExA
CM_Disconnect_Machine
CM_Get_Res_Des_Data_Ex
CM_Get_Depth_Ex
CM_Unregister_Device_InterfaceW
CM_Get_Child
CM_Query_Arbitrator_Free_Size_Ex
CM_Get_Next_Res_Des_Ex
CM_Get_Hardware_Profile_InfoA
CM_Get_Res_Des_Data_Size
CM_Query_And_Remove_SubTree_ExA
CM_Locate_DevNodeW
CM_Delete_DevNode_Key_Ex
CM_Get_HW_Prof_Flags_ExW
CM_Set_HW_Prof_Flags_ExW
CM_Disable_DevNode_Ex
CM_Query_And_Remove_SubTreeW
CM_Get_Next_Log_Conf
CM_Get_DevNode_Status_Ex
CM_Get_Parent_Ex
CM_Set_HW_Prof_Ex
CM_Get_Device_ID_List_SizeA
CM_Get_Device_ID_List_ExW

rtutils

TraceDeregisterA
RouterLogEventDataW
RouterLogEventStringW
TraceDeregisterW
RouterLogEventExA
TraceRegisterExA
TraceVprintfExW
TraceDumpExA
RouterLogEventW
TraceDeregisterExA
RouterLogEventDataA
TraceDeregisterExW
TraceRegisterExW
RouterLogEventStringA
TracePutsExW
TraceDumpExW
TracePutsExA
RouterGetErrorStringA
LogEventA
RouterLogEventValistExA
RouterLogEventValistExW
RouterLogEventExW
MprSetupProtocolFree
LogErrorW
RouterLogEventA
LogErrorA
RouterLogDeregisterW
RouterGetErrorStringW

kernel32

CancelWaitableTimer
OpenProcess
GetCPInfoExA
FlushInstructionCache
FindNextVolumeMountPointA
EnumLanguageGroupLocalesA
GetNamedPipeInfo
SetConsoleScreenBufferSize
GetEnvironmentStrings
GetConsoleInputWaitHandle
FindNextVolumeMountPointW
GetLocaleInfoA
FindNextFileW
HeapCreate
VirtualAlloc
DosPathToSessionPathA
GetEnvironmentStringsA
GetCurrentProcessId
GetConsoleAliasesLengthA
SystemTimeToTzSpecificLocalTime
GetFirmwareEnvironmentVariableA
SetLastError
GetCurrentThreadId
LoadLibraryA
_lread
GetCurrentThread
GetCommandLineA
GetCalendarInfoW
SetHandleContext
FindFirstVolumeMountPointW
GetVolumeInformationW
SetLocalTime
GlobalAlloc
DeleteTimerQueueEx
RegisterWaitForSingleObjectEx
GetThreadContext
VirtualLock
Heap32First
GetTimeFormatA
InitializeSListHead
lstrcmpi

adsldpc

LdapCreatePageControl
GetDisplayName
BuildLDAPPathFromADsPath2
LdapIsClassNameValidOnServer
AdsTypeToLdapTypeCopyDNWithBinary
LdapGetValuesLen
Component
ConvertU2TrusteeToSid
??1CLexer@@QAE@XZ
ADsGetNextColumnName
ADsAbandonSearch
ADsCreateDSObject
ChangeSeparator
LdapTypeCopyConstruct
LdapFirstAttribute
ADSIOpenDSObject
ADsCreateClassDefinition
LdapGetValues
LdapTypeFreeLdapObjects
LdapGetSchemaObjectCount
LdapValueFreeLen
LdapAddExtS
AdsTypeToLdapTypeCopyTime
SchemaAddRef
LdapOpenObject2
ADsDeleteClassDefinition
SchemaGetClassInfo
BuildADsParentPathFromObjectInfo2
LdapRenameExtS
LdapAttributeFree
ADSIGetNextColumnName
ConvertSidToU2Trustee
LdapNextAttribute
ADSIExecuteSearch
ADSIGetPreviousRow
SchemaClose

mfcsubs

?Lock@CCriticalSection@@UAEHK@Z
??0CCriticalSection@@QAE@XZ
??YCString@@QAEABV0@PBG@Z
?AfxLoadString@@YGHIPAGI@Z
?Append@CStringArray@@QAEHABV1@@Z
?FormatV@CString@@IAEXPBGPAD@Z
?RemoveAll@CStringArray@@QAEXXZ
??_7CObject@@6B@
?CopyBeforeWrite@CString@@IAEXXZ
??0CObject@@IAE@XZ
?ElementAt@CStringArray@@QAEAAVCString@@H@Z
?FreeExtra@CString@@QAEXXZ
??H@YG?AVCString@@ABV0@D@Z
?Unlock@CCriticalSection@@UAEHXZ
??0CMapStringToPtr@@QAE@H@Z
?LockBuffer@CString@@QAEPAGXZ
??4CString@@QAEABV0@D@Z
?TrimLeft@CString@@QAEXXZ
?SetSize@CStringArray@@QAEXHH@Z
??N@YG_NPBGABVCString@@@Z
??P@YG_NABVCString@@0@Z
?Right@CString@@QBE?AV1@H@Z
??0CString@@QAE@GH@Z
??0CStringArray@@QAE@XZ
??0CString@@QAE@PBD@Z
??O@YG_NABVCString@@PBG@Z
??ACString@@QBEGH@Z
?InsertAt@CStringArray@@QAEXHPAV1@@Z
?AfxGetEmptyString@@YGABVCString@@XZ
??0CString@@QAE@ABV0@@Z
?SafeStrlen@CString@@KGHPBG@Z
?Lock@CCriticalSection@@QAEHXZ

secur32

InitializeSecurityContextW
CompleteAuthToken
DeleteSecurityContext
InitSecurityInterfaceW
GetSecurityUserInfo
AcquireCredentialsHandleA
LsaRegisterLogonProcess
FreeCredentialsHandle
QueryCredentialsAttributesW
DeleteSecurityPackageA
LsaUnregisterPolicyChangeNotification
MakeSignature
InitSecurityInterfaceA
SecpTranslateName
QuerySecurityPackageInfoA
SaslIdentifyPackageW
SaslGetProfilePackageA
GetUserNameExA
LsaRegisterPolicyChangeNotification
EncryptMessage
LsaLogonUser
LsaGetLogonSessionData
TranslateNameW
ImpersonateSecurityContext
UnsealMessage

Sections

.text
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7d1cc0455d3dc97b6ea68f19ac43ef4

Headers

DLL Characteristics

File Characteristics

Imports

cfgmgr32

rtutils

kernel32

adsldpc

mfcsubs

secur32

Sections

.text Size: 37KB - Virtual size: 40KB

.rdata Size: 10KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 56KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 4KB

.text
Size: 37KB - Virtual size: 40KB

.rdata
Size: 10KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 56KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 4KB