428493b51f54474b34651fedb540a984_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

428493b51f54474b34651fedb540a984_JaffaCakes118
Size

34KB
MD5

428493b51f54474b34651fedb540a984
SHA1

02ecbea67c7cd7c88529b33e6941109f5721641d
SHA256

1dd0b844e38716cd11f16489f837b12269aea4ea6ca97f3ffbeed300f5ec6d9a
SHA512

109d011f4c60576324d11a8759b95e26e514afaee5e7799699c0fd31cf5438ad00eb643277417f1f88a0a759335061d7e17968f146f538ab29eb9c22a627ecb9
SSDEEP

768:P7S/qnnofNfrC5GGaLDWDNpQwukJxqy8p4qRGr3q/OSzG:P7S/qnofNfrCg6Nefk7qy8KqRGraPzG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
428493b51f54474b34651fedb540a984_JaffaCakes118

Files

428493b51f54474b34651fedb540a984_JaffaCakes118
.dll windows:4 windows x86 arch:x86

16b92abd30d08b3129fbc64a113c451b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dll\ums.pdb

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
CloseHandle
GetTickCount
InitializeCriticalSection
GetProcAddress
GetModuleHandleA
GetVersionExA
SetEvent
WaitForSingleObject
SwitchToThread
Sleep
EnterCriticalSection
LeaveCriticalSection
SetEndOfFile
GetLastError
SetFilePointer
GetOverlappedResult
ReadFile
WriteFile
GetCurrentThread
SetThreadAffinityMask
SetThreadPriority
CreateEventA
LoadLibraryA
WaitForSingleObjectEx
GetThreadContext
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
ExitProcess
GetSystemTimeAsFileTime

msvcr71

wcscpy
printf
exit
_except_handler3
free
malloc
_beginthread
_errno
_endthread
?terminate@@YAXXZ
__security_error_handler
_initterm
_adjust_fdiv
__CppXcptFilter
__dllonexit
_onexit
??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z
__CxxFrameHandler

user32

MessageBoxA

Exports

Exports

??0UmsEvent@@QAE@XZ
??0UmsFiberScheduler@@QAE@KIMHH@Z
??0UmsIoQueue@@QAE@XZ
??0UmsScheduler@@QAE@KIMHH@Z
??0UmsSystemUserContext@@QAE@PAVUmsScheduler@@PAUUMS_SYSPARAMS@@@Z
??0UmsThreadScheduler@@QAE@KIMHH@Z
??0UmsUserContext@@QAE@PAVUmsScheduler@@H@Z
??1UmsEvent@@QAE@XZ
??1UmsFiberScheduler@@QAE@XZ
??1UmsNotification@@UAE@XZ
??1UmsScheduler@@QAE@XZ
??1UmsSystemUserContext@@UAE@XZ
??1UmsThreadScheduler@@QAE@XZ
??1UmsUserContext@@UAE@XZ
?Active@UmsScheduler@@QAEHXZ
?ActiveUsers@UmsSchedulerQueue@@QAEHXZ
?ActiveWorkers@UmsScheduler@@QAEHXZ
?ActiveWorkers@UmsSchedulerQueue@@QAEHXZ
?Add@UmsIoQueue@@QAEXPAUUmsIoRequest@@@Z
?CInfiniteWaiters@UmsScheduler@@QAEKXZ
?CWorkersAvailable@UmsSchedulerQueue@@QAEHXZ
?ChangeFileSize@UmsScheduler@@QAEKPAX_K@Z
?CheckForIoCompletion@UmsScheduler@@QAEHH@Z
?ClearDeadlockSearch@UmsUserContext@@QAEXXZ
?ClearWorkerWait@UmsUserContext@@QAEXXZ
?Context@UmsFiberScheduler@@UAE_NPAU_CONTEXT@@PAVUmsUserContext@@@Z
?Context@UmsThreadScheduler@@UAE_NPAU_CONTEXT@@PAVUmsUserContext@@@Z
?ConvertThread@UmsFiberScheduler@@UAEHXZ
?ConvertThread@UmsThreadScheduler@@UAEHXZ
?Create@UmsEvent@@QAEXW4EventType@@W4EventState@@PBG@Z
?CreateUser@UmsScheduler@@QAEHP6GKPAX@Z0HHP6AXPAVUmsUserContext@@0@Z0@Z
?DecNumUsers@UmsScheduler@@QAEXXZ
?DecrIdleWorkers@UmsSchedulerQueue@@QAEXXZ
?DecrInfiniteUsers@UmsScheduler@@QAEXXZ
?DecrTotalWorkers@UmsSchedulerQueue@@QAEXXZ
?Delete@UmsSchedulerQueue@@QAEXPAVUmsScheduler@@@Z
?EnqueueWork@UmsSchedulerQueue@@QAEHPAVUmsUserContext@@P6AXPAX@Z1W4UmsQueueFlags@@@Z
?ExitUser@UmsFiberScheduler@@UAEX_N@Z
?ExitUser@UmsThreadScheduler@@UAEX_N@Z
?FDeadlockSearch@UmsUserContext@@QAEHXZ
?FHidden@UmsScheduler@@QAEHXZ
?FInfiniteUser@UmsUserContext@@QAEHXZ
?FTimerTask@UmsSystemUserContext@@QBEHXZ
?FWorkerWait@UmsUserContext@@QAEHXZ
?FiberEnabled@UmsScheduler@@QAEHXZ
?FindNextAvailable@UmsSchedulerQueue@@QAEPAVUmsScheduler@@W4UmsSchedulerAlgorithms@@K@Z
?Free@UmsEvent@@QAEXXZ
?GatherWriteAsync@UmsScheduler@@QAEXAAUUmsIoRequest@@@Z
?Get@UmsIoQueue@@QAEPAUUmsIoRequest@@XZ
?GetContext@UmsUserContext@@QAE_NPAU_CONTEXT@@@Z
?GetId@UmsScheduler@@QBEIXZ
?GetScheduler@UmsUserContext@@QBEPAVUmsScheduler@@XZ
?GetThreadResourceOwner@UmsScheduler@@QAEXPAPAX@Z
?GetUserLocalData@UmsUserContext@@QBEPAXH@Z
?IdleSchedulers@UmsSchedulerQueue@@QAEHXZ
?IncNumUsers@UmsScheduler@@QAEXXZ
?IncrIdleWorkers@UmsSchedulerQueue@@QAEXXZ
?IncrInfiniteUsers@UmsScheduler@@QAEXXZ
?IncrTotalWorkers@UmsSchedulerQueue@@QAEXXZ
?Insert@UmsSchedulerQueue@@QAEXPAVUmsScheduler@@@Z
?IsIdle@UmsScheduler@@QBEHXZ
?LAvgWorkers@UmsSchedulerQueue@@QAEJXZ
?LSchedSwitches@UmsSchedulerQueue@@QAEJXZ
?LStatus@UmsSchedulerQueue@@QAEJXZ
?Notify@UmsScheduler@@QAEXPAVUmsNotification@@@Z
?NumUsers@UmsScheduler@@QBEKXZ
?PremptSched@@3PAVUmsThreadScheduler@@A
?PrintAll@UmsSchedulerQueue@@QAEXP6AXPAGZZ@Z
?PwszTaskName@UmsSystemUserContext@@QBEPBGXZ
?RBalanceFactor@UmsSchedulerQueue@@QAEMXZ
?ReadAsync@UmsScheduler@@QAEXAAUUmsIoRequest@@@Z
?Reset@UmsEvent@@QAEXXZ
?Resume@UmsScheduler@@QAEXPAVUmsUserContext@@W4UmsQueueMethod@@@Z
?RunTask@UmsSystemUserContext@@QAEHXZ
?ScatterReadAsync@UmsScheduler@@QAEXAAUUmsIoRequest@@@Z
?SchedulerList@@3VUmsSchedulerQueue@@A
?SetBalanceFactor@UmsSchedulerQueue@@QAEXM@Z
?SetDeadlockSearch@UmsUserContext@@QAEXXZ
?SetInfiniteUser@UmsUserContext@@QAEXXZ
?SetStatus@UmsSchedulerQueue@@QAEXJH@Z
?SetThreadResourceOwner@UmsScheduler@@QAEXPAX@Z
?SetUserLocalData@UmsUserContext@@QAEXHPAX@Z
?SetWorkerWait@UmsUserContext@@QAEXXZ
?Signal@UmsEvent@@QAEXXZ
?SignalCnt@UmsEvent@@QAEXH@Z
?SpinToAcquire@UmsSpinlock@@QAEXW4UMSSPINLOCK_TYPE@@@Z
?Suspend@UmsScheduler@@QAEKKH@Z
?SwitchNonPremptive@UmsFiberScheduler@@UAEXXZ
?SwitchNonPremptive@UmsThreadScheduler@@UAEXXZ
?SwitchPremptive@UmsFiberScheduler@@UAEXXZ
?SwitchPremptive@UmsThreadScheduler@@UAEXXZ
?SwitchSchedulers@UmsSchedulerQueue@@QAEXPAVUmsUserContext@@@Z
?UmsAllocScheduler@@YAPAVUmsScheduler@@KIMHH@Z
?UmsDeleteScheduler@@YAXPAVUmsScheduler@@@Z
?UmsGetStatistics@@YAPAUUmsStatistic@@XZ
?UmsGetUserId@@YAPAVUmsUserContext@@XZ
?UmsInit@@YAXPAUUmsExternalFns@@@Z
?UmsSpinStats@@3VUmsSpinlockStat@@A
?UmsSpinTitles@@3PAPADA
?UnNotify@UmsScheduler@@QAEXPAVUmsNotification@@@Z
?UserWeighting@UmsScheduler@@QBEMXZ
?Wait@UmsEvent@@QAEKKHH@Z
?Wait@UmsIoQueue@@QAEPAUUmsIoRequest@@XZ
?WaitMultiple@UmsEvent@@QAEKKHK@Z
?WriteAsync@UmsScheduler@@QAEXAAUUmsIoRequest@@@Z

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_TEXT
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

16b92abd30d08b3129fbc64a113c451b

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcr71

user32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 904B

.tls Size: 512B - Virtual size: 9B

_TEXT Size: 512B - Virtual size: 82B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text Size: 62KB - Virtual size: 64KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 904B

.tls
Size: 512B - Virtual size: 9B

_TEXT
Size: 512B - Virtual size: 82B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 62KB - Virtual size: 64KB