4bbd643dbee8ddc28a5a7597c2343b2f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4bbd643dbee8ddc28a5a7597c2343b2f_JaffaCakes118
Size

141KB
MD5

4bbd643dbee8ddc28a5a7597c2343b2f
SHA1

dd670796cc625d11ae1dc4b77d8a942155ed2855
SHA256

0f1cf7cc53319d6afc8fe49ba0222ad5d26a6f265890617ef98e9968dc71eeb8
SHA512

f3aad25181295143cc4feb4680610fbaf721c3f3a87221c3878aa882038f4e8b7fc2e1151c020dfa0802ceec3ad3a3dc3c9be06f1d6a7ed12868a293cdbee1cd
SSDEEP

3072:FYX7SssnE+wEiII8YVghMl+wHry5kIhBTDHhRccW+NbtO0aM1gT7RL:FC7yWXI3YVg8LhIfhRq+AMgfRL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bbd643dbee8ddc28a5a7597c2343b2f_JaffaCakes118

Files

4bbd643dbee8ddc28a5a7597c2343b2f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

508073ba37c659b0240bafd72d23a00a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasman

RasConnectionEnum
RasPortGetStatistics
RasReferenceRasman
RasPortReceive
RasPortFree
RasGetDialParams
RasGetConnectionParams
RasRpcUnloadDll
RasCompressionGetInfo
RasPortGetInfo
RasRpcConnect
RasPortStoreUserData
RasGetInfo
RasRegisterPnPEvent
RasRpcGetErrorString
RasInitializeNoWait
RasPortBundle
RasEnumLanNets
RasRpcRemoteGetUserPreferences
RasDeviceEnum
RasRpcRemoteRasDeleteEntry
RasActivateRouteEx
RasGetDeviceName
RasSendCreds
RasSetConnectionParams
RasBundleGetStatisticsEx
RasProtocolEnum
RasSetCalledIdInfo
RasFreeBuffer
RasSetEapUserInfo
RasRPCBind
RasSetConnectionUserData
RasIsTrustedCustomDll
RasPortDisconnect
RasPortGetFramingEx

kernel32

MapViewOfFileEx
GetFirmwareEnvironmentVariableW
RegisterConsoleOS2
LZSeek
GetConsoleKeyboardLayoutNameW
RtlZeroMemory
lstrcpynW
Module32FirstW
GetTimeFormatW
SetEndOfFile
GetHandleContext
EndUpdateResourceA
VirtualAlloc
PrepareTape
EnumCalendarInfoExA
SearchPathW
GetShortPathNameW
ReadConsoleInputA
SetDefaultCommConfigA
InterlockedPopEntrySList
GlobalFindAtomA
GetDiskFreeSpaceW
UTUnRegister
TransmitCommChar
WriteConsoleOutputCharacterA
RegisterWaitForSingleObject
LoadLibraryExW
PrivMoveFileIdentityW
EnumUILanguagesW
GlobalUnWire
WriteConsoleInputVDMW
InitializeCriticalSection
ReadConsoleInputW
HeapWalk
lstrcmp
SetHandleContext
Heap32ListNext
IsValidLocale
EnumDateFormatsW
FindActCtxSectionGuid
AllocConsole
RegisterWaitForSingleObjectEx
EnumResourceLanguagesA
GetModuleHandleA
GetOverlappedResult
HeapUnlock
GetConsoleInputWaitHandle
ReleaseActCtx
LoadLibraryA
SwitchToThread
GetEnvironmentVariableW
ClearCommError
ReadFile
GetCurrentConsoleFont
RestoreLastError
FindFirstFileExW
lstrcpyn
HeapSize
FormatMessageW
WriteProfileStringW
SetFirmwareEnvironmentVariableW
_lopen
LockFile
WriteConsoleOutputA
GlobalAlloc
SetConsoleLocalEUDC
DeleteTimerQueue
AttachConsole
GetProcessPriorityBoost
DeleteVolumeMountPointW
ConvertThreadToFiber

traffic

TcAddFilter
TcCloseInterface
TcGetFlowNameW
TcSetFlowA
TcDeregisterClient
TcModifyFlow
TcQueryFlowA
TcSetFlowW
TcOpenInterfaceW
TcOpenInterfaceA
TcGetFlowNameA
TcQueryInterface
TcAddFlow
TcQueryFlowW
TcEnumerateInterfaces
TcRegisterClient
TcDeleteFlow
TcSetInterface
TcDeleteFilter
TcEnumerateFlows

opengl32

glIndexMask
glGetBooleanv
glPopAttrib
glColorPointer
glTexCoord3sv
glTexCoord4d
glTexParameteriv
glPushAttrib
glFrustum
wglMakeCurrent
glRectiv
glColor4ui
glGetTexGeniv
glGetIntegerv
glGetTexGenfv
glPopName
glColor3ubv
glVertex3fv
glTexEnvfv
glDepthRange
glPixelStorei
glMaterialf
glBlendFunc
glLightModelfv
glEdgeFlagv
glListBase
glReadPixels
glPrioritizeTextures
GlmfPlayGlsRecord
glTexGenfv
glCopyPixels
glGenTextures
GlmfInitPlayback
glPixelMapuiv
glTexCoord2s
glScaled
glAccum
glGetMaterialfv
glClearAccum
glDrawArrays
glNormal3dv
glColor4usv

user32

PostMessageA
IsDlgButtonChecked
EnumPropsExA
TranslateMessage
MessageBoxExA
ReleaseCapture
SetSysColorsTemp
SetWindowLongW
GetMenuItemCount
InsertMenuA
DisplayExitWindowsWarnings
SetMenuDefaultItem
GetKeyNameTextA
SetCapture
PtInRect
DdeQueryStringW
IsCharAlphaNumericA
ChangeDisplaySettingsExA
DestroyAcceleratorTable
MessageBoxA
GetClientRect
SwitchDesktop
GetRawInputData
CallMsgFilterA
MoveWindow
DeviceEventWorker
LoadKeyboardLayoutA
OpenClipboard

ssdpapi

DeregisterService
DHSetICSOff
CleanupCache
DHSetICSInterfaces
FreeSsdpMessage
GetNextService
GetFirstService
FindServicesCallback
SsdpCleanup
FindServicesClose
RegisterService
RegisterNotification
FindServicesCancel
DeregisterNotification
FindServices
SsdpStartup

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

508073ba37c659b0240bafd72d23a00a

Headers

DLL Characteristics

File Characteristics

Imports

rasman

kernel32

traffic

opengl32

user32

ssdpapi

Sections

.text Size: 71KB - Virtual size: 71KB

.rdata Size: 49KB - Virtual size: 49KB

.data Size: 28KB - Virtual size: 124KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 28KB - Virtual size: 124KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 1024B