3eae0daa6c1144c9cdd071d6bfeb93bd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3eae0daa6c1144c9cdd071d6bfeb93bd_JaffaCakes118
Size

26KB
MD5

3eae0daa6c1144c9cdd071d6bfeb93bd
SHA1

b1946c04a30cd30d25aa0073ad7d8f042649b83e
SHA256

08fef5533f9b26d78d259a31e8789ca6b57ce9836f5086583d2af1581dd7ce5e
SHA512

ac54a8e146a2ba0db36e814cf56c6fa69918815c1883a130fe8893ee0a54992b4d47bea47ee635f92202f31d9af38b9319ad6ac03324c7cb87827e0a6daa8a54
SSDEEP

384:s2w0eAPtO95Hu1yO3XVJST5gic9DwBJbpuZG13goenbwAn6NA3e/Q2JE:kFsoLHWTi5ewBJbRQBT6DdE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3eae0daa6c1144c9cdd071d6bfeb93bd_JaffaCakes118

Files

3eae0daa6c1144c9cdd071d6bfeb93bd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ba1f981250b00f4e88d6fcf04ff0da4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hid

HidP_UsageListDifference
HidP_UnsetUsages
HidP_MaxUsageListLength
HidD_GetPhysicalDescriptor
HidD_Hello
HidP_SetData
HidD_SetOutputReport
HidD_GetHidGuid
HidD_GetFeature
HidD_GetAttributes
HidP_SetUsageValueArray
HidP_GetUsageValueArray
HidD_SetConfiguration
HidD_GetNumInputBuffers
HidP_GetUsageValue
HidD_GetIndexedString
HidP_GetButtonCaps
HidP_GetUsagesEx
HidD_SetFeature
HidD_GetSerialNumberString
HidD_GetInputReport
HidP_SetUsages
HidP_GetScaledUsageValue
HidP_SetUsageValue
HidP_GetCaps
HidD_GetPreparsedData
HidP_SetScaledUsageValue
HidD_FlushQueue

sqlunirl

_DefDlgProc_@16
_GetProp@8
_ShellExecuteEx_@4
_DefFrameProc_@20
_PostMessage@16
_GetMenuItemInfo_@16
_OemToCharBuff_@12
_GetPrivateProfileStruct_@20
_RegQueryMultipleValues_@20
_CreateDirectoryEx_@12
_CreateProcessAsUser_@44
_FindResourceEx_@16
_GetClassName_@12
_DrawText@20
_CreateStatusWindow_@16
_CallNamedPipe_@28
_GetBinaryType_@8
_CommDlg_OpenSave_GetSpec@12
_GetProfileInt_@12
_GetTimeFormat_@24
ConvertMultiSZNameToW
_GetCharABCWidths_@16
newMultiByteFromWideCharSize
_GetProfileSection_@12
_DrawTextEx_@24
_GetVersionEx@4
_GetMessage_@16
_RegSaveKey_@12
_FindResource@12
_OpenMutex_@12
_CreateDialogParam_@20
_RegCreateKeyEx_@36
_IsCharAlphaNumeric_@4
_RemoveFontResource_@4
_WriteProfileString_@12
_EnumWindowStations_@8
_SetCurrentDirectory_@4
_ExtractAssociatedIcon_@12

opengl32

glIndexiv
glTexCoord3i
glClearColor
glRasterPos4d
glTexCoord3s
glGetPixelMapusv
glIndexubv
glIndexPointer
glTexCoord1iv
glColor4ubv
glScaled
glTexCoord2dv
wglCreateContext
glPassThrough
glBegin
glGetError
glDrawElements
glColor3ubv
glOrtho
wglGetDefaultProcAddress
glGetTexGeniv
wglDescribePixelFormat
glColor3iv
glPixelMapuiv
glDepthFunc
glFinish
glFeedbackBuffer
glGetPointerv
glGetBooleanv
glStencilOp
glCopyTexSubImage1D
glVertex3s
glMap1d
GlmfBeginGlsBlock
wglDeleteContext
glRectfv
glTexCoord3dv

gdi32

RectVisible

crypt32

CryptMsgControl
CertGetSubjectCertificateFromStore
CertRDNValueToStrW
CertSerializeCTLStoreElement
I_CryptCreateLruCache
CertControlStore
CryptSIPPutSignedDataMsg
CryptInstallDefaultContext
CryptFindLocalizedName
CryptCloseAsyncHandle
CryptUnprotectData
CryptMemAlloc
CertSetStoreProperty
CryptVerifySignatureU
CertSerializeCRLStoreElement
CertSetEnhancedKeyUsage
CertGetCRLContextProperty
CryptAcquireContextU
CryptMsgGetParam
CryptMsgVerifyCountersignatureEncoded
CertSetCRLContextProperty
CertFindAttribute
CryptSetProviderU
CertAddStoreToCollection
CertComparePublicKeyInfo

dmdskmgr

?IsNEC_98Server@CTaskData@@QAEHXZ
?IsEECoveredGPTDisk@CDMNodeObj@@QAEHXZ
?ConvertMBToBytes@@YG_J_J@Z
?GetDiskSpec@CDMNodeObj@@QAEHAAUdiskspec@@@Z
LoadPropertyPageData
?ContainsLogicalDrvBootPartition@CDMNodeObj@@QAEHXZ
?GetIconId@CDMNodeObj@@QAEIH@Z
?GetFileSystemLabel@CDMNodeObj@@QAEXAAVCString@@@Z
?ContainsSystemInformation@CDMNodeObj@@QAEHXZ
?GetServerName@CDataCache@@QAE?AVCString@@XZ
?GetSizeString@CDMNodeObj@@QAEXAAVCString@@@Z
DllRegisterServer
?GetDriveLetters@CTaskData@@QAEXAAFPAPAGG@Z
?GetBootPort@CTaskData@@QAEHXZ
?GetOcxFrameCWndPtr@CTaskData@@QAEPAVCWnd@@XZ
?ContainsRealSystemPartition@CDMNodeObj@@QAEHXZ
?ShowContextMenu@CContextMenu@@QAEJPAVCWnd@@JJJ@Z
?FindFileSystem@CTaskData@@QAEH_JAAUfilesysteminfo@@@Z
?GetFileSystemType@CDMNodeObj@@QAEHXZ
?ContainsBootIniPartitionForWolfpack@CDMNodeObj@@QAEHXZ
?GetDiskCookiesToEncap@CTaskData@@QAEXAAKPAPAJ@Z
?CanHaveGPT@CDMNodeObj@@QAEHXZ
?EnumVolumeMembers@CDMNodeObj@@QAEXPAPAJAAJ@Z
?GetLdmObjectId@CDMNodeObj@@QAE_JXZ
?GetResultStringArray@CDMNodeObj@@QAEHAAVCStringArray@@@Z
?EnumVolumes@CTaskData@@QAEXAAKPAPAJ@Z
?IsDiskEmpty@CDMNodeObj@@QAEHXZ
?GetDiskStatus@CDMNodeObj@@QAEHAAVCString@@@Z
?IsOemPartition@CDMNodeObj@@QAEHXZ
?GetExtendedRegionColor@CDMNodeObj@@QAEKXZ
?IsWolfpack@CTaskData@@QAEHXZ
?GetDeviceState@CDMNodeObj@@QAEKXZ
?EnumFirstVolumeMember@CDMNodeObj@@QAEXAAJ0@Z
?IsESPPartition@CDMNodeObj@@QAEHXZ
?GetIVolumeClientVersion@CTaskData@@QAEFXZ

kernel32

FindActCtxSectionGuid
Thread32First
OpenEventA
GlobalDeleteAtom
FatalAppExitA
GetSystemDefaultLangID
OpenSemaphoreA
GetModuleHandleExW
WideCharToMultiByte
ReplaceFileA
GetCommandLineA
MapUserPhysicalPages
GetExpandedNameW
VerSetConditionMask
WaitForDebugEvent
GetConsoleCursorInfo
OpenFileMappingA
ConvertFiberToThread
LoadLibraryW
CreateDirectoryExA
QueryActCtxW
LockFile
DeleteVolumeMountPointA
GetBinaryType
GetAtomNameW
DebugSetProcessKillOnExit
GetNumaProcessorNode
ReadConsoleInputExA
QueueUserAPC
VirtualAlloc
GetWindowsDirectoryA
TransmitCommChar
AddAtomA

glmf32

glsBeginGLS
glsGetHeaderf
glsNumusv
glsCaptureFlags
glsGetOpcodes
glsEndGLS
glsLongHigh
glsUTF8toUCS1z
glsError
glsGetOpcodeCount
glsGetGLRCi
__glsString_assign
glsUnsupportedCommand
glsCaptureFunc
glsGetStreamAttrib
glsUCS4toUTF8
glsGetConstubz
glsHeaderfv
glsGetStreamCRC32
glsNumulv
glsGetCaptureExecTable
glsContext
glsNums
glsNumlv
glsChannel

msvcrt20

?freeze@strstreambuf@@QAEXH@Z
_strlwr
strxfrm
??_Dostream@@QAEXXZ
_wgetdcwd
??0ifstream@@QAE@HPADH@Z
?tie@ios@@QAEPAVostream@@PAV2@@Z
__mb_cur_max
__p__amblksiz
iswdigit
freopen
?base@streambuf@@IBEPADXZ
?pbackfail@stdiobuf@@UAEHH@Z
_spawnv
_getch
??5istream@@QAEAAV0@AAK@Z
exit
_heapset
_execv
??_Gstdiobuf@@UAEPAXI@Z
?clrlock@ios@@QAAXXZ
_expand
??6ostream@@QAEAAV0@PBC@Z
ftell
_swab
__p__environ

perfproc

CollectSysProcessObjectData
OpenSysProcessObject
CloseSysProcessObject

user32

SetScrollPos
MoveWindow
IsIconic

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 542B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba1f981250b00f4e88d6fcf04ff0da4a

Headers

DLL Characteristics

File Characteristics

Imports

hid

sqlunirl

opengl32

gdi32

crypt32

dmdskmgr

kernel32

glmf32

msvcrt20

perfproc

user32

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 542B

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 542B