3e17da1b47e874aa3c91d7b4d7176cbd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3e17da1b47e874aa3c91d7b4d7176cbd_JaffaCakes118
Size

871KB
MD5

3e17da1b47e874aa3c91d7b4d7176cbd
SHA1

726ab3f5f1f6a65b9b3d2048fcc68cec58f571e9
SHA256

18e7be276f16519131c1dc0a8324da3d7d8f7c5453d8d482ae76c9f10760258d
SHA512

0ff34796b4f465165f9e9f22ff49f94089a8d95fed0ee6d20fdc00f79b93d6482c79d0e7ad0af11325c4a5fd11ca8ddc65859a9dcb592d5685a63b665c983b76
SSDEEP

24576:i6zZlYCO3yY7eOUM/D9+kTnSEatM7ZB8Pq2dXLHOg+zYLTh8:i6zBTY7IM5nS+mXLHo8Xh8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e17da1b47e874aa3c91d7b4d7176cbd_JaffaCakes118

Files

3e17da1b47e874aa3c91d7b4d7176cbd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

27a53c379d12c1930bda12879edfd0d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyA
RegOpenKeyA
GetSecurityDescriptorGroup
SystemFunction032
CryptVerifySignatureA
RegisterServiceCtrlHandlerA
RegGetKeySecurity
GetMultipleTrusteeOperationW
TreeResetNamedSecurityInfoW
RegEnumValueW
DeregisterEventSource
SystemFunction020
RegSaveKeyExW
TraceMessage
CreateProcessAsUserW
GetSecurityDescriptorDacl
GetSecurityDescriptorRMControl
IsTextUnicode
BuildSecurityDescriptorW
InitiateSystemShutdownExA
SetAclInformation
SystemFunction023
AccessCheckAndAuditAlarmW
CryptDecrypt
SaferRecordEventLogEntry
ConvertSecurityDescriptorToAccessA
CreateServiceW
DestroyPrivateObjectSecurity
UnlockServiceDatabase
InitializeSecurityDescriptor
ChangeServiceConfig2A
CredGetSessionTypes
CryptAcquireContextA

gdi32

GetNearestPaletteIndex
SetMapMode
DeleteColorSpace
Pie
GetNearestColor
GetEnhMetaFileW
EnumFontsA
StretchBlt
AngleArc
GetObjectA
DdEntry22
ResizePalette
DdEntry20
CreateFontIndirectExA
DdEntry3
SetBoundsRect
GdiGetLocalDC
CloseEnhMetaFile
SetWorldTransform
XLATEOBJ_piVector
FillPath
WidenPath
LPtoDP
ClearBrushAttributes
ScaleWindowExtEx
GdiConvertFont
STROBJ_vEnumStart

unimdmat

UmHangupModem
UmGetDiagnostics
UmMonitorModem
UmOpenModem
UmWaveAction
UmCloseModem
UmGenerateDigit
UmInitializeModemDriver
UmAnswerModem
UmDeinitializeModemDriver
UmLogStringA
UmDuplicateDeviceHandle
UmSetPassthroughMode
UmInitModem
UmIssueCommand
UmLogDiagnostics
UmAbortCurrentModemCommand
UmDialModem
UmSetSpeakerPhoneState

msdart

?IsWriteUnlocked@CReaderWriterLock@@QBE_NXZ
?IsReadLocked@CReaderWriterLock2@@QBE_NXZ
??0CLockedSingleList@@QAE@XZ
?IsWriteUnlocked@CReaderWriterLock2@@QBE_NXZ
?_InsertThisIntoGlobalList@CLKRLinearHashTable@@AAEXXZ
?IsReadUnlocked@CCritSec@@QBE_NXZ
?_CmpExch@CReaderWriterLock3@@AAE_NJJ@Z
?TryWriteLock@CReaderWriterLock3@@QAE_NXZ
??1CLKRLinearHashTable@@QAE@XZ
?_CalcKeyHash@CLKRHashTable@@ABEKK@Z
MpGetHeapHandle
?WriteUnlock@CReaderWriterLock2@@QAEXXZ
?IsWriteUnlocked@CCritSec@@QBE_NXZ
?GetSpinCount@CFakeLock@@QBEGXZ
??0CCritSec@@QAE@XZ
?_WriteLockSpin@CReaderWriterLock2@@AAEXXZ
?_PredTrue@CLKRLinearHashTable@@CG?AW4LK_PREDICATE@@PBXPAX@Z
?FindKey@CLKRHashTable@@QBE?AW4LK_RETCODE@@KPAPBX@Z
?BucketIndex@CLKRHashTableStats@@SGJJ@Z
?Clear@CLKRHashTable@@QAEXXZ
??1CSpinLock@@QAE@XZ
?GetDefaultSpinCount@CSpinLock@@SGGXZ
?ReadOrWriteUnlock@CReaderWriterLock3@@QAEX_N@Z
?SetDefaultSpinAdjustmentFactor@CFakeLock@@SGXN@Z
?TryReadLock@CReaderWriterLock3@@QAE_NXZ
MPDeleteCriticalSection
?GetSpinCount@CSmallSpinLock@@QBEGXZ
??4CLockedSingleList@@QAEAAV0@ABV0@@Z
?WriteLock@CLKRLinearHashTable@@QAEXXZ
?ConvertSharedToExclusive@CLKRLinearHashTable@@QBEXXZ
?IsWinNt4orLater@CMdVersionInfo@@SAHXZ
?MaxSize@CLKRLinearHashTable@@QBEKXZ
?sm_llGlobalList@CLKRLinearHashTable@@0VCLockedDoubleList@@A
?ConvertSharedToExclusive@CCritSec@@QAEXXZ
?IsReadUnlocked@CReaderWriterLock@@QBE_NXZ
?GetSpinCount@CReaderWriterLock3@@QBEGXZ
MpHeapAlloc

kernel32

GetOverlappedResult
SetTimerQueueTimer
LCMapStringW
OpenThread
GetConsoleInputWaitHandle
Thread32First
LZCloseFile
CreateNamedPipeA
HeapCreate
GetCurrentThreadId
GetFullPathNameA
WritePrivateProfileSectionA
FlushViewOfFile
GetDiskFreeSpaceW
GetEnvironmentStringsA
SystemTimeToTzSpecificLocalTime
SetLastError
GetConsoleAliasesA
SetThreadExecutionState
ExpungeConsoleCommandHistoryW
CreateProcessInternalA
RegisterWaitForInputIdle
DeleteVolumeMountPointW
GlobalMemoryStatus
GetConsoleFontInfo
LoadLibraryA
GetPrivateProfileStructA
SetCalendarInfoA
GetLargestConsoleWindowSize
GetComPlusPackageInstallStatus
VerLanguageNameA
EnumTimeFormatsW
GetProfileIntW
ReleaseSemaphore
FindResourceExW
GetCurrentThread
SetTapeParameters
SetConsoleTextAttribute
SetProcessShutdownParameters
GetDefaultCommConfigW
_lclose
DeleteVolumeMountPointA
GlobalAlloc
RemoveVectoredExceptionHandler
FatalExit
LocalAlloc
VirtualAlloc
GetCompressedFileSizeA
GetTimeFormatA
GetVolumeInformationA

msvcrt40

??4fstream@@QAEAAV0@AAV0@@Z
isgraph
_wspawnlpe
_outpd
sinh
__p___mb_cur_max
_memicmp
_spawnve
_wspawnve
_write
__iscsymf
_spawnvpe
_strnicmp
_wstrdate
_heapchk
strcat
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
??_Dstdiostream@@QAEXXZ
acos
??1__non_rtti_object@@UAE@XZ
wcsspn
_wexecvp
__unDName
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
_mbspbrk
_CIexp

perfctrs

CollectDhcpPerformanceData
OpenSPXPerformanceData
OpenNbfPerformanceData
OpenTcpIpPerformanceData
CloseNWNBPerformanceData
CloseDhcpPerformanceData
CollectTcpIpPerformanceData
OpenDhcpPerformanceData
CloseIPXPerformanceData
CollectNbfPerformanceData
OpenNWNBPerformanceData
CollectSPXPerformanceData
CloseNbfPerformanceData
CollectIPXPerformanceData
OpenIPXPerformanceData
CloseSPXPerformanceData
CloseTcpIpPerformanceData
CollectNWNBPerformanceData

Sections

.text
Size: 209KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 559KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27a53c379d12c1930bda12879edfd0d5

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

unimdmat

msdart

kernel32

msvcrt40

perfctrs

Sections

.text Size: 209KB - Virtual size: 212KB

.rdata Size: 559KB - Virtual size: 560KB

.data Size: 99KB - Virtual size: 1.6MB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 209KB - Virtual size: 212KB

.rdata
Size: 559KB - Virtual size: 560KB

.data
Size: 99KB - Virtual size: 1.6MB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB