480417d8ffbd446101ff7b51ad353d0e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

480417d8ffbd446101ff7b51ad353d0e_JaffaCakes118
Size

862KB
MD5

480417d8ffbd446101ff7b51ad353d0e
SHA1

547c1393cdb920241819dc9442dd175d58e7a9d7
SHA256

40c42225602bfd3e7dec4d1b0f8b8aa200a589b537074131f66f0106f4add981
SHA512

2a047641639200c9c51cc65dfb47bd7357f805200fddc22054853d9babec6f15b27b0807f735e64e396e9c2aca9e0dcb965c318fb53fdf144c80a12d9cfa5ecb
SSDEEP

24576:ZXuflzfpnYrTqzQrok/+uzlk1d1EodQYu:xip+3roG+ykjyrY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
480417d8ffbd446101ff7b51ad353d0e_JaffaCakes118

Files

480417d8ffbd446101ff7b51ad353d0e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3f2108a7c49b6a999d90d8ab90df7a5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lz32

GetExpandedNameA
LZInit
CopyLZFile
LZOpenFileW
LZCloseFile
LZClose
LZOpenFileA
LZDone
LZStart
LZCopy
LZRead
LZCreateFileW
LZSeek

ntdll

_CIlog
NtQueryEaFile
RtlAddVectoredExceptionHandler
NtQueryInformationToken
RtlRandomEx
NtMapUserPhysicalPages
NtQueryPerformanceCounter
RtlExpandEnvironmentStrings_U
_ltow
NtReplyWaitReceivePortEx
ZwOpenSection
ZwDuplicateToken
NtCreateToken
RtlConvertUiListToApiList
NtUnmapViewOfSection
ZwAssignProcessToJobObject
RtlPopFrame
ZwCallbackReturn
RtlGetElementGenericTableAvl
ZwSuspendThread
NtCallbackReturn
RtlSetSecurityDescriptorRMControl
ZwOpenProcessToken
_strlwr
ZwSetContextThread
ZwAccessCheckByTypeResultListAndAuditAlarm
RtlReleasePebLock
RtlInitializeSListHead
swprintf
RtlCheckRegistryKey
ZwSetInformationKey

mprapi

MprAdminInterfaceDisconnect
MprAdminInterfaceTransportAdd
MprConfigGetGuidName
MprConfigServerInstall
MprAdminGetErrorString
MprInfoBlockAdd
MprAdminInterfaceTransportSetInfo
MprAdminUserWriteProfFlags
MprConfigTransportCreate
MprConfigTransportDelete
MprAdminInterfaceDeviceGetInfo
MprAdminServerDisconnect
MprConfigServerDisconnect
MprAdminInterfaceEnum
MprInfoCreate
MprConfigInterfaceEnum
MprAdminUserGetInfo
MprConfigInterfaceTransportGetInfo
MprInfoBlockQuerySize
MprAdminServerConnect
MprAdminInterfaceTransportRemove
MprConfigServerBackup
MprAdminRegisterConnectionNotification
MprAdminMIBEntryGetFirst
MprConfigGetFriendlyName
MprAdminConnectionGetInfo
MprConfigTransportEnum
MprGetUsrParams
MprConfigServerRefresh
MprAdminMIBBufferFree
CompressPhoneNumber
MprConfigInterfaceTransportRemove
MprAdminIsServiceRunning
MprConfigServerConnect
MprAdminBufferFree
MprAdminUserServerConnect
MprInfoRemoveAll
MprConfigBufferFree
MprAdminInterfaceCreate
MprAdminDeviceEnum

gdi32

EnumFontsW
GetDeviceGammaRamp
GdiGetLocalDC
GetGlyphOutlineWow
DdEntry17
GetBitmapBits
GetRelAbs
XLATEOBJ_cGetPalette
GetEnhMetaFileDescriptionW
Polygon
SetBrushOrgEx
FixBrushOrgEx
bInitSystemAndFontsDirectoriesW
GdiEntry16
SetICMMode
EngStretchBlt
SetROP2
DdEntry25
GetDCBrushColor
GdiEntry10
SetPolyFillMode
GdiAlphaBlend
GetEnhMetaFilePixelFormat
GetBrushOrgEx
SetColorSpace
GetICMProfileW
DeleteEnhMetaFile
ClearBitmapAttributes
ExcludeClipRect
GetBkColor
CopyEnhMetaFileA
FONTOBJ_pfdg
GetMetaFileA
ResetDCA
SetICMProfileA
AddFontResourceW
STROBJ_dwGetCodePage
CopyMetaFileA
GdiGetBatchLimit
SetMetaRgn

unimdmat

UmAbortCurrentModemCommand
UmDeinitializeModemDriver
UmMonitorModem
UmLogDiagnostics
UmWaveAction
UmGenerateDigit
UmSetPassthroughMode
UmDialModem
UmHangupModem
UmDuplicateDeviceHandle
UmGetDiagnostics
UmIssueCommand
UmLogStringA
UmInitializeModemDriver
UmOpenModem
UmSetSpeakerPhoneState
UmAnswerModem
UmCloseModem
UmInitModem

sqlunirl

_RegOpenKeyEx_@20
_RegisterServiceCtrlHandler_@8
_IsCharAlpha_@4
_GetTabbedTextExtent_@20
_SendMessageCallback_@24
_SetEnvironmentVariable_@8
_InsertMenuItem_@16
_RegCreateKeyEx_@36
_GetTextMetrics@8
_OpenMutex_@12
_PrivilegedServiceAuditAlarm_@20
_SendDlgItemMessage@20
_SHBrowseForFolder_@4
_GetWindowLong@8
_GetDlgItemText@16
_SetICMProfile_@8
newMultiByteFromWideChar
_LoadKeyboardLayout_@8
_GetProfileSection_@12
_SystemParametersInfo_@16
_GetWindowTextLength@4
_IsCharUpper_@4
__lcreat_@8
_GetClassLong_@8
_SetVolumeLabel_@8
_GetServiceKeyName_@16
_OpenWaitableTimer_@12
_wvsprintf_@12
_RegSaveKey_@12

kernel32

InvalidateConsoleDIBits
EnumSystemCodePagesA
GetSystemDefaultLCID
IsDebuggerPresent
LZClose
FindAtomA
SetConsoleTitleW
GetProcessPriorityBoost
FindFirstFileExW
VirtualAlloc
Heap32Next
SetFileAttributesW
EraseTape
SetConsoleActiveScreenBuffer
ReadFile
GetDiskFreeSpaceA
_lread
GetTapePosition
GetNumaHighestNodeNumber
IsBadStringPtrA
ConnectNamedPipe
LoadLibraryA
FoldStringA
GetGeoInfoA
EnterCriticalSection
ReadDirectoryChangesW
GetUserDefaultLCID
SetConsoleNlsMode
IsValidCodePage
FindNextVolumeA
VirtualFreeEx
GetSystemDefaultLangID
VerifyConsoleIoHandle
FreeResource
LeaveCriticalSection
SuspendThread
TzSpecificLocalTimeToSystemTime
IsValidLocale

Sections

.text
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 420KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f2108a7c49b6a999d90d8ab90df7a5a

Headers

DLL Characteristics

File Characteristics

Imports

lz32

ntdll

mprapi

gdi32

unimdmat

sqlunirl

kernel32

Sections

.text Size: 199KB - Virtual size: 199KB

.rdata Size: 239KB - Virtual size: 239KB

.data Size: 420KB - Virtual size: 1.8MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 199KB - Virtual size: 199KB

.rdata
Size: 239KB - Virtual size: 239KB

.data
Size: 420KB - Virtual size: 1.8MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB