4784a1e73390a0400a7e2b6f4941d684_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4784a1e73390a0400a7e2b6f4941d684_JaffaCakes118
Size

867KB
MD5

4784a1e73390a0400a7e2b6f4941d684
SHA1

67ed3294a74ea074633023c6a645fee470bca63f
SHA256

53a34ec6d4afa6db2e52706f84365ddbd8ff3d5eca8e6ba42a4cb1b2d916f9fb
SHA512

52ce980628c04d7fe5afa45d5efc5b3ad72013efb78a17fb1857accbfe08676dc6a88d668bb87f49ccf6600b6b06ccc09c00a2ed005355b1ee7fb564bed9bea8
SSDEEP

24576:8p2p5Gh5Sw9/dWelkgbZDqmSyqZH86/9J0S0Z:5GtJjqmNxO2S0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4784a1e73390a0400a7e2b6f4941d684_JaffaCakes118

Files

4784a1e73390a0400a7e2b6f4941d684_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7ccf8689b0f1329996574aee3e638777

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

EngCreateSemaphore
PATHOBJ_bEnum
EngDeletePalette
DdEntry31
SetBoundsRect
DdEntry40
GetKerningPairsW
SetPixel
PathToRegion
EngCreateDeviceBitmap
CreateDCA
GetDIBits
GetBkMode
SetLayoutWidth
GetAspectRatioFilterEx
OffsetClipRgn
DdEntry13
ClearBitmapAttributes
AddFontResourceExA
DdEntry25
PtInRegion
CloseMetaFile
DrawEscape
CreateEnhMetaFileW
GetGlyphIndicesW
GdiEntry14
GdiEntry13
BRUSHOBJ_pvAllocRbrush
SelectBrushLocal
GetColorSpace
OffsetViewportOrgEx
GdiGetPageCount
DdEntry39
GetEUDCTimeStampExW
Chord
GdiRealizationInfo
GetTextFaceAliasW
ScaleViewportExtEx
DdEntry2

kernel32

SetFileValidData
IsBadReadPtr
OutputDebugStringA
ConvertFiberToThread
_lwrite
SetConsoleCtrlHandler
LZOpenFileW
Toolhelp32ReadProcessMemory
FindFirstFileExW
DebugBreak
FindAtomA
FatalAppExitW
LZCloseFile
GetProfileStringW
HeapQueryInformation
ExpungeConsoleCommandHistoryA
DosDateTimeToFileTime
CloseProfileUserMapping
CreateFileA
DnsHostnameToComputerNameA
LoadLibraryExA
CmdBatNotification
GetExitCodeThread
GetTimeFormatW
FindFirstChangeNotificationW
GetEnvironmentStringsW
VirtualFree
ReplaceFileW
LocalFree
GetBinaryTypeW
CreateToolhelp32Snapshot
ReadConsoleOutputAttribute
IsBadHugeReadPtr
MultiByteToWideChar
SleepEx
OpenWaitableTimerA
SetWaitableTimer
GetACP
SetFilePointer
FindActCtxSectionGuid
LoadLibraryA
GetProcAddress
GetCompressedFileSizeA
SetHandleContext
GetSystemTimeAdjustment
GlobalFree
FatalAppExitA
GetCPInfo
DuplicateConsoleHandle
GetTempFileNameA
IsProcessorFeaturePresent
GetConsoleFontSize
GetCommandLineW
GlobalReAlloc
WideCharToMultiByte
AddLocalAlternateComputerNameA
OpenThread
GetConsoleAliasesW
GetShortPathNameW
GetDevicePowerState
GetOEMCP
GetProcessTimes
CreateProcessInternalW
GetDriveTypeA
GetConsoleTitleA
SetLocaleInfoA
FindFirstFileW
InterlockedPushEntrySList
SetLocaleInfoW
LocalHandle
QueryInformationJobObject
DeleteCriticalSection
SetConsoleInputExeNameW
GetWindowsDirectoryW
LocalFlags
AddLocalAlternateComputerNameW
DeactivateActCtx
SignalObjectAndWait
WriteTapemark
_llseek
WaitCommEvent
VirtualAlloc
GetMailslotInfo
LZStart
DebugActiveProcess
GetProcessHeap
BaseCheckAppcompatCache
_lread
FindNextVolumeA
GetModuleHandleExW
GetPriorityClass
WriteFile
OpenEventW
QueryDosDeviceA
SetProcessWorkingSetSize
OpenEventA
CreateRemoteThread
EnumDateFormatsExW
SetConsoleLocalEUDC
GetStartupInfoA
GetModuleHandleExA

cfgmgr32

CM_Get_Version
CM_Create_DevNodeW
CM_Get_Device_IDA
CM_Locate_DevNode_ExW
CM_Enumerate_Classes_Ex
CM_Get_Device_Interface_ListA
CM_Open_Class_KeyW
CM_Get_Device_ID_List_ExW
CM_Get_Depth
CM_Test_Range_Available
CM_Get_Resource_Conflict_DetailsW
CM_Delete_DevNode_Key_Ex
CM_Add_ID_ExW
CM_Get_Device_ID_ExA
CM_Set_DevNode_Problem_Ex
CM_Move_DevNode_Ex
CM_Get_Class_Key_Name_ExA
CM_Get_Device_ID_ListA
CM_Get_Device_Interface_List_ExW
CM_Open_Class_Key_ExA
CM_Get_Child_Ex
CM_Get_Device_IDW
CM_Add_Res_Des
CM_Intersect_Range_List
CM_Get_Parent_Ex
CM_Query_Remove_SubTree_Ex

ntdll

RtlUniform
RtlEqualLuid
RtlIpv4StringToAddressA
ZwQuerySecurityObject
_aulldvrm
RtlUnicodeToMultiByteN
_snprintf
RtlZeroMemory
ZwCreatePort
RtlActivateActivationContextUnsafeFast
RtlGetElementGenericTableAvl
RtlDnsHostNameToComputerName
RtlNewInstanceSecurityObject
NtSetDefaultHardErrorPort
ZwVdmControl
RtlSetLastWin32Error
LdrLoadDll
LdrFindResourceEx_U
_CIsin
ZwAlertResumeThread
RtlInitializeCriticalSection
RtlPrefixUnicodeString
LdrInitShimEngineDynamic
ZwFlushVirtualMemory
_aullshr
LdrDisableThreadCalloutsForDll
NtQuerySemaphore
RtlGUIDFromString
RtlQueryInformationActiveActivationContext
RtlQueryTimeZoneInformation
LdrEnumResources
vsprintf
LdrQueryProcessModuleInformation
LdrVerifyImageMatchesChecksum
ZwUnmapViewOfSection
NtQueryInformationFile
ZwOpenThread
RtlAreBitsSet

cmutil

?Clear@CIniA@@QAEXXZ
??0CIniA@@QAE@PAUHINSTANCE__@@PBD111@Z
??_FCIniW@@QAEXXZ
?CIni_SetFile@CIniA@@KGXPAPADPBD@Z
GetOSVersion
CmEndOfStrW
?Generate@CRandom@@QAEHXZ
?GetSection@CIniA@@QBEPBDXZ
?Banner@CmLogFile@@QAEXXZ
?SetFile@CIniA@@QAEXPBD@Z
??1CIniA@@QAE@XZ
?SetSection@CIniA@@QAEXPBD@Z
CmStrCpyAllocA
CmLoadSmallIconW
??_FCIniA@@QAEXXZ
?GetRegPath@CIniA@@QBEPBDXZ
?GetPrimaryRegPath@CIniW@@QBEPBGXZ
?SetPrimaryRegPath@CIniW@@QAEXPBG@Z
?GetHInst@CIniW@@QBEPAUHINSTANCE__@@XZ
?FormatWrite@CmLogFile@@AAEXW4_CMLOG_ITEM@@PAG@Z
SzToWzWithAlloc
?CIniW_WriteEntryToReg@CIniW@@IBEHPAUHKEY__@@PBG1PBEKK@Z
CmLoadImageW
?Clear@CIniW@@QAEXXZ
?GetFile@CIniW@@QBEPBGXZ
??4CRandom@@QAEAAV0@ABV0@@Z
?SetWriteICSData@CIniW@@QAEXH@Z
CmParsePathW

msvcrt

_sys_nerr
_strlwr
_ismbbpunct
__uncaught_exception
?terminate@@YAXXZ
_wsearchenv
_swab
iswalpha
signal
_sys_errlist
exit
_adj_fdivr_m32i
??2@YAPAXI@Z
?_query_new_handler@@YAP6AHI@ZXZ
iswpunct
_wexeclp
_iob
_fdopen
vprintf
_snscanf
abort
_unlock
__p__commode
_unloaddll
_ismbbalnum
_fpreset
_access
_atodbl
__set_app_type
_Gettnames
__getmainargs

query

??0CRcovStrmMDTrans@@QAE@AAVPRcovStorageObj@@W4MDOp@0@K@Z
?GetPropTypeName@CEmptyPropertyList@@SGPBGI@Z
?GetTotalSizeInKB@CPropStoreManager@@QAEKXZ
??0CPersDeComp@@QAE@AAVPDirectory@@KAAVCPhysIndex@@KHH@Z
??0CPropertyRestriction@@QAE@XZ
LocateCatalogs
??1CPropertyList@@UAE@XZ
?GetVPathAuthorization@CMetaDataMgr@@QAEKPBG@Z
?DoFailTest@@YGXJ@Z
?FillMax@CKeyArray@@QAEHH@Z
?Close@CPipeClient@@IAEXXZ
?IsCIEnabled@CMachineAdmin@@QAEHXZ
??0CNatLanguageRestriction@@QAE@PBGABVCFullPropSpec@@K@Z
??0CMachineAdmin@@QAE@PBGH@Z
?SetDWORDParam@CMachineAdmin@@QAEXPBGK@Z
?GetColumn@CCatState@@QBEPBGI@Z
?DetermineDriveType@CiStorage@@SGIPBG@Z
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KAAUtagPROPVARIANT@@@Z
?ShrinkFromFront@CPhysStorage@@QAEKKK@Z
??1?$XPtr@VCDbProjectListAnchor@@@@QAE@XZ
??0CCatState@@QAE@XZ
?SetCD@CCatState@@QAEXPBG@Z
?Accept@CQueryScanner@@QAEXXZ
?GetBrowserCodepage@@YGKAAVCWebServer@@K@Z
CIBuildQueryNode
?PutMaxValue@CValueNormalizer@@QAEXKAAKW4VARENUM@@@Z
?GetPropInfoFromId@CEmptyPropertyList@@UAGJPBUtagDBID@@PAPAGPAGPAI@Z
?SaCreateAndCopy@@YGHAAVPMemoryAllocator@@PAUtagSAFEARRAY@@PAPAU2@@Z

advapi32

ElfReadEventLogW
CryptEnumProvidersW
CryptVerifySignatureA
CryptAcquireContextA
LookupPrivilegeDisplayNameW
WmiCloseBlock
MSChapSrvChangePassword2
SystemFunction033
GetTrusteeNameW
SystemFunction041
RegQueryValueW
QueryServiceConfigW
TraceEvent
LsaOpenSecret
LsaOpenPolicy
RegEnumKeyExW
SystemFunction021
EnumServicesStatusA
LookupSecurityDescriptorPartsW
NotifyBootConfigStatus
BuildSecurityDescriptorW
GetTraceLoggerHandle
LsaSetSecurityObject
EqualSid
UnregisterIdleTask
SetNamedSecurityInfoExA
CryptDestroyHash
CryptEnumProviderTypesA
GetExplicitEntriesFromAclW
OpenServiceA
OpenProcessToken
ObjectOpenAuditAlarmW
LookupSecurityDescriptorPartsA
CryptSetProvParam
SetEntriesInAccessListA
RegQueryMultipleValuesA
EncryptedFileKeyInfo
ControlTraceW

userenv

ExpandEnvironmentStringsForUserA
GetProfileType
RsopFileAccessCheck
RegisterGPNotification
GetNextFgPolicyRefreshInfo
GetDefaultUserProfileDirectoryA
RsopLoggingEnabled
CreateEnvironmentBlock
RsopAccessCheckByType
GetAppliedGPOListW
LeaveCriticalPolicySection
RsopResetPolicySettingStatus
WaitForUserPolicyForegroundProcessing
RefreshPolicyEx
FreeGPOListW
DllGetClassObject
EnterCriticalPolicySection
DeleteProfileW
GetAllUsersProfileDirectoryW
ExpandEnvironmentStringsForUserW
GetUserProfileDirectoryA
WaitForMachinePolicyForegroundProcessing
GetAppliedGPOListA
GetDefaultUserProfileDirectoryW
DeleteProfileA
RsopSetPolicySettingStatus
GetGPOListW
ProcessGroupPolicyCompletedEx
GetProfilesDirectoryW
ForceSyncFgPolicy
LoadUserProfileA
GetProfilesDirectoryA
GetGPOListA
RefreshPolicy
GetUserProfileDirectoryW
GetAllUsersProfileDirectoryA
UnregisterGPNotification
DestroyEnvironmentBlock
FreeGPOListA
ProcessGroupPolicyCompleted
UnloadUserProfile

sqlunirl

_RegConnectRegistry_@12
_GetFileSecurity_@20
AbortSystemShutdown_
_ReplaceText_@4
_FatalAppExit_@8
_GetLogColorSpace_@12
_NDdeShareEnum_@24
_NDdeShareSetInfo_@24
_BuildCommDCBAndTimeouts_@12
_RegisterServiceCtrlHandler_@8
_GetTempFileName_@16
_GetDlgItemText@16
_GetCurrentHwProfile_@4
_FreeEnvironmentStrings@4
_OpenEventLog_@8
_WritePrivateProfileStruct_@20
_NDdeShareGetInfo_@28
_DialogBoxIndirectParam_@20
_GetKeyNameText_@12
_NDdeShareAdd_@20
_InitiateSystemShutdown_@20
_RegOpenKey_@12
_RegDeleteValue_@8
_CreateDirectory_@8
_SetWindowLong@12
_ChangeMenu_@20

Sections

.text
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 329KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ccf8689b0f1329996574aee3e638777

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

cfgmgr32

ntdll

cmutil

msvcrt

query

advapi32

userenv

sqlunirl

Sections

.text Size: 357KB - Virtual size: 357KB

.rdata Size: 176KB - Virtual size: 176KB

.data Size: 329KB - Virtual size: 1.7MB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 357KB - Virtual size: 357KB

.rdata
Size: 176KB - Virtual size: 176KB

.data
Size: 329KB - Virtual size: 1.7MB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B