480aa91f05b5f7dc146483a8d551ac4a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

480aa91f05b5f7dc146483a8d551ac4a_JaffaCakes118
Size

872KB
MD5

480aa91f05b5f7dc146483a8d551ac4a
SHA1

5a935b441ef12a627334b6d18817e55ff2520dfc
SHA256

9adc4c0bcfc642d144df0d75637513e3704029cb52dd3917bba9e97881cad27a
SHA512

87dd5cc9569c82b33e9bff543451ea94e122b3c158d1bc9eac8e9bf78ce2f4802cb561734527c6191900b0850c874f5ae09b7f31ef076d6d34f6446aa77af22a
SSDEEP

24576:D8IKFEI0YZH4JJ9l4izNhaj1NCJQUG39Op:DFYEdYZH4JJ9e2/8NCJ+39+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
480aa91f05b5f7dc146483a8d551ac4a_JaffaCakes118

Files

480aa91f05b5f7dc146483a8d551ac4a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

38d441f386b480e32f97bf03ea520bbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

glGetMaterialiv
glRectd
glRasterPos3s
glIsTexture
glEvalCoord2dv
glTexCoord2fv
glRasterPos3d
glClearStencil
glEvalPoint2
glColorMaterial
glColor3fv
glColor4i
wglCopyContext
glTexCoord1d
glTexCoord4iv
glCallList
glIsEnabled
glPixelStorei
wglSwapMultipleBuffers
glColor3us
glRects
glCopyTexImage2D
glColor4iv
glRasterPos2d
glLoadName
glColor3i
glColor3b
glPolygonOffset
glTexCoord2s
wglSwapLayerBuffers
glPixelStoref
glScissor
glVertex3f
glTexCoord2iv
glDisableClientState
glEvalCoord1f
glMateriali
glGetMapiv
glTexCoord4f
glPolygonMode
glTexCoord1i
glPushClientAttrib

resutils

ResUtilGetResourceName
ResUtilSetPropertyTable
ResUtilSetBinaryValue
ClusWorkerCheckTerminate
ResUtilStartResourceService
ResUtilGetAllProperties
ResUtilIsPathValid
ResUtilEnumPrivateProperties
ResUtilTerminateServiceProcessFromResDll
ResUtilSetResourceServiceEnvironment
ResUtilStopResourceService
ResUtilGetPropertyFormats
ResUtilPropertyListFromParameterBlock
ResUtilGetPrivateProperties
ResUtilVerifyPropertyTable
ResUtilFindMultiSzProperty
ResUtilFreeParameterBlock
ResUtilGetResourceDependentIPAddressProps
ClusWorkerCreate
ResUtilIsResourceClassEqual
ResUtilGetBinaryProperty
ResUtilResourcesEqual
ResUtilDupParameterBlock
ResUtilFindExpandedSzProperty
ResUtilStopService
ResUtilGetSzValue
ResUtilResourceTypesEqual
ResUtilGetCoreClusterResources
ResUtilSetPropertyParameterBlockEx
ResUtilSetSzValue
ResUtilCreateDirectoryTree
ClusWorkerStart
ResUtilGetResourceDependencyByClass
ResUtilExpandEnvironmentStrings
ResUtilSetUnknownProperties
ResUtilGetResourceDependencyByName
ResUtilGetSzProperty
ResUtilSetMultiSzValue

msvcrt

??_Ebad_cast@@UAEPAXI@Z
_isnan
iswctype
_fputwchar
swprintf
_adj_fprem1
_ismbbkalnum
wcscoll
_stat64
_heapadd
isupper
fabs
_findfirsti64
_mbscspn
__fpecode
_flsbuf
wcstod
_locking
_open
__getmainargs
_rotl
??_U@YAPAXI@Z
_c_exit
_ismbchira
?unexpected@@YAXXZ
__p__winmajor
_wcmdln
strxfrm
strerror
_ismbcupper
_execvp
_wsearchenv
_wexecv
_adj_fdiv_m64
wcscspn
fgetc

cfgmgr32

CM_Get_Global_State
CM_Get_Device_ID_List_SizeW
CM_Query_And_Remove_SubTree_ExA
CM_Get_Res_Des_Data_Size_Ex
CM_Unregister_Device_InterfaceW
CM_Uninstall_DevNode
CM_Detect_Resource_Conflict_Ex
CM_Run_Detection
CM_Enable_DevNode_Ex
CM_Delete_Class_Key
CM_Set_Class_Registry_PropertyW
CM_Create_DevNode_ExA
CM_Delete_Range
CM_Query_Remove_SubTree
CM_Get_Device_Interface_AliasA
CM_Find_Range
CM_Set_HW_Prof
CM_Free_Log_Conf
CM_Test_Range_Available
CM_Get_Device_IDW
CM_Run_Detection_Ex
CM_Request_Eject_PC
CM_Get_Device_ID_List_Size_ExW
CM_Locate_DevNode_ExW
CM_Dup_Range_List
CM_Get_Sibling
CM_Get_Child_Ex
CM_Get_Next_Res_Des
CM_Register_Device_Driver
CM_Get_HW_Prof_FlagsW
CM_Get_Hardware_Profile_Info_ExA
CM_Request_Eject_PC_Ex

catsrvut

??4CComPlusInterface@@QAEAAV0@ABV0@@Z
RegDBBackup
ManagedRequestW
WinlogonHandlePendingInfOperations
??0CComPlusComponent@@QAE@ABV0@@Z
RunMTSToCom
?GetITypeLib@CComPlusTypelib@@QAEPAUITypeLib@@XZ
??_7CComPlusMethod@@6B@
??_7CComPlusInterface@@6B@
??_7CComPlusObject@@6B@
??4CComPlusComponent@@QAEAAV0@ABV0@@Z
StartMTSTOCOM
??4CComPlusTypelib@@QAEAAV0@ABV0@@Z
??0CComPlusInterface@@QAE@ABV0@@Z
??1CComPlusInterface@@UAE@XZ
RegDBRestore
??0CComPlusObject@@QAE@ABV0@@Z
??0CComPlusMethod@@QAE@ABV0@@Z
??4CComPlusObject@@QAEAAV0@ABV0@@Z
SysprepComplus
??4CComPlusMethod@@QAEAAV0@ABV0@@Z
FindAssemblyModulesW
QueryUserDllW
??1CComPlusComponent@@UAE@XZ
CGMIsAdministrator
??_7CComPlusComponent@@6B@
DllGetClassObject
COMPlusUninstallActionW
SysprepComplus2

kernel32

SetTimeZoneInformation
GlobalGetAtomNameW
GlobalGetAtomNameA
GetACP
OutputDebugStringA
GetStartupInfoW
SetConsoleMaximumWindowSize
GetGeoInfoW
QueryPerformanceCounter
GetConsoleTitleA
GetModuleFileNameW
GetVolumePathNameA
SetConsoleCursorInfo
VirtualFree
AddLocalAlternateComputerNameA
lstrcpyA
HeapCreate
VirtualAlloc
GetSystemTimeAsFileTime
LZInit
LZDone
InitializeCriticalSection
WaitForSingleObjectEx
IsProcessInJob
UnregisterConsoleIME
HeapFree
_hread
GetTapeStatus
GetConsoleInputExeNameW
GetTimeZoneInformation
SetConsoleActiveScreenBuffer
Process32Next
OpenConsoleW
LocalCompact
LoadLibraryA
WriteFileGather
SetConsoleOutputCP
SetLastConsoleEventActive
IsDBCSLeadByteEx
GetThreadTimes
CreateSemaphoreA
DeleteFileA
FindResourceExW
GetConsoleCP
LockFileEx
SetFileAttributesA
CloseHandle
IsValidCodePage

imm32

ImmEnumRegisterWordA
ImmIsUIMessageW
ImmAssociateContext
ImmSendIMEMessageExW
ImmDestroyIMCC
ImmGetStatusWindowPos
ImmIMPSetIMEA
ImmIsUIMessageA
ImmUnregisterWordA
ImmSetActiveContext
ImmConfigureIMEW
ImmProcessKey
ImmCreateSoftKeyboard
ImmReleaseContext
ImmIMPGetIMEW
ImmUnlockIMCC
ImmGetOpenStatus
ImmGetRegisterWordStyleA
ImmReSizeIMCC
ImmGetGuideLineA
ImmWINNLSGetEnableStatus
ImmGetDefaultIMEWnd
ImmGetCandidateListCountA
ImmGetConversionListA
ImmGetDescriptionW
ImmCreateContext
ImmEnumRegisterWordW
ImmInstallIMEW
ImmGetIMEFileNameA
ImmRequestMessageA
ImmSetHotKey
ImmGetHotKey
ImmWINNLSEnableIME
ImmGetRegisterWordStyleW
ImmGetCompositionStringW
ImmUnlockIMC
ImmSetCompositionFontW
ImmActivateLayout
ImmConfigureIMEA
ImmGetImeMenuItemsA

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 420KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38d441f386b480e32f97bf03ea520bbd

Headers

DLL Characteristics

File Characteristics

Imports

opengl32

resutils

msvcrt

cfgmgr32

catsrvut

kernel32

imm32

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 288KB - Virtual size: 288KB

.data Size: 420KB - Virtual size: 1.8MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 288KB - Virtual size: 288KB

.data
Size: 420KB - Virtual size: 1.8MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B