4c4cd17bdb63a104dc280fc0fc59b094_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4c4cd17bdb63a104dc280fc0fc59b094_JaffaCakes118
Size

379KB
MD5

4c4cd17bdb63a104dc280fc0fc59b094
SHA1

2de3371b4b698293ede15330bcff324df21b9a3d
SHA256

1848f280694dc28426a65fa65e66bea49ac6e4fc83f299acc3ae42d07bdae3d4
SHA512

80fb4dde68d652d581b76d0aa06d0d4f68c0b6cc8439386ce2e3ed1da47f3c2b437020d3fcd59ce2a4bd95e0cfa00a150040500dfddf5bc1b3142d1911d2d848
SSDEEP

6144:0l1OoQkb/M+91vSGf1FSdXzjrQv3BR7VSUMcA+9N5j83LyG7A7jLePas82/+tx:0pM+91H1FO8p1VStAB83YL8/+tx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c4cd17bdb63a104dc280fc0fc59b094_JaffaCakes118

Files

4c4cd17bdb63a104dc280fc0fc59b094_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c96d82960a0dc75632ea82f29fdfb743

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

MsiGetSourcePathW
MsiSetExternalUIW
MsiRecordSetInteger
MsiSetPropertyW
MsiQueryFeatureStateW
MsiDatabaseGetPrimaryKeysW
MsiGetFeatureUsageA
MsiProcessAdvertiseScriptA
MsiNotifySidChangeW
MsiGetFeatureValidStatesA
MsiGetFileSignatureInformationW
MsiAdvertiseScriptA
MsiGetFeatureValidStatesW
MsiSetComponentStateW
DllGetClassObject
MsiConfigureProductExA
MsiDatabaseGetPrimaryKeysA
MsiRecordSetStringW
MsiGetProductCodeW
MsiProvideQualifiedComponentExW
MsiAdvertiseProductExA
MsiSummaryInfoGetPropertyA
MsiInstallMissingComponentA
MsiDatabaseExportW
MsiGetProductPropertyA
MsiUseFeatureExW

dhcpsapi

DhcpSetClientInfoV4
DhcpAddServer
DhcpSetOptionInfoV5
DhcpCreateClientInfoV4
DhcpServerRedoAuthorization
DhcpEnumMScopes
DhcpDeleteMScope
DhcpDsClearHostServerEntries
DhcpEnumOptionValues
DhcpServerQueryAttribute
DhcpAddSubnetElementV4
DhcpServerQueryAttributes
DhcpEnumOptionValuesV5
DhcpServerGetConfig
DhcpEnumSubnetClientsV4
DhcpSetOptionValues
DhcpDeleteClass
DhcpServerBackupDatabase
DhcpSetOptionInfo
DhcpSetThreadOptions
DhcpEnumSubnetClientsV5
DhcpGetAllOptionValues
DhcpEnumSubnetClients
DhcpRemoveSubnetElement
DhcpSetSubnetInfo
DhcpGetOptionValue
DhcpAuditLogSetParams
DhcpEnumOptions
DhcpServerQueryDnsRegCredentials
DhcpGetAllOptions
DhcpDeleteMClientInfo
DhcpDsInit
DhcpGetClientOptions
DhcpGetMibInfo
DhcpCreateClientInfo

dnsapi

DnsQueryConfig
DnsValidateName_W
DnsAsyncRegisterHostAddrs
DnsGlobals
NetInfo_IsForUpdate
Dns_SkipPacketName
DnsIsAMailboxType
DnsQueryExUTF8
DnsMapRcodeToStatus
DnsAsyncRegisterInit
DnsGetDnsServerList
DnsNameCompareEx_A
Dns_ReadRecordStructureFromPacket
Dns_PingAdapterServers
DnsDhcpSrvRegisterHostName
DnsValidateUtf8Byte
Dns_CreateMulticastSocket
DnsGetCacheDataTable
Dns_AllocateMsgBuf
DnsReplaceRecordSetW
Dns_ParseMessage
DnsQueryConfigDword
QueryDirectEx
Dns_ParsePacketRecord
DnsIsStatusRcode
Query_Main
DnsQueryExA
Dns_GetRandomXid

authz

AuthziInitializeAuditQueue
AuthziModifyAuditEventType
AuthziLogAuditEvent
AuthzAccessCheck
AuthziInitializeAuditParamsWithRM
AuthzInitializeResourceManager
AuthziModifyAuditEvent
AuthziInitializeAuditEvent
AuthzInitializeContextFromSid
AuthzInitializeObjectAccessAuditEvent
AuthzFreeAuditEvent
AuthziInitializeAuditParamsFromArray
AuthziModifyAuditQueue
AuthziInitializeAuditParams
AuthzInitializeContextFromToken
AuthziFreeAuditParams
AuthzFreeResourceManager
AuthzInitializeContextFromAuthzContext
AuthziAllocateAuditParams
AuthziFreeAuditQueue
AuthzFreeContext
AuthzGetInformationFromContext
AuthzOpenObjectAudit
AuthzCachedAccessCheck
AuthziFreeAuditEventType
AuthziInitializeAuditEventType
AuthzAddSidsToContext
AuthzFreeHandle

kernel32

GetFullPathNameA
GetSystemWindowsDirectoryA
Beep
VirtualAlloc
OpenFileMappingW
BaseUpdateAppcompatCache
GetFileAttributesA
GetExpandedNameA
GetCompressedFileSizeA
CreateConsoleScreenBuffer
SetErrorMode
VirtualQuery
SetEnvironmentVariableA
GetShortPathNameA
SizeofResource
_lopen
SetConsolePalette
DeviceIoControl
AddVectoredExceptionHandler
GetCurrentThread
SetPriorityClass
ZombifyActCtx
WriteProfileSectionW
HeapCreate
GetCurrentConsoleFont
SetConsoleScreenBufferSize
GetVolumePathNamesForVolumeNameW
GlobalAddAtomA
WriteConsoleInputA
EnumSystemCodePagesW
LoadLibraryA
GetEnvironmentStringsW
EnumLanguageGroupLocalesA
WritePrivateProfileStringW
CreateNamedPipeW

crypt32

PFXIsPFXBlob
CryptStringToBinaryA
CryptSIPAddProvider
I_CryptRemoveLruEntry
CertCreateCertificateChainEngine
CryptVerifyCertificateSignatureEx
CertAddEnhancedKeyUsageIdentifier
CertSetCTLContextProperty
CryptFreeOIDFunctionAddress
CertDeleteCRLFromStore
CryptHashMessage
I_CryptCreateLruCache
CertCreateCertificateContext
CryptExportPublicKeyInfoEx
CertFindExtension
CryptVerifyMessageSignatureWithKey
CryptUnregisterOIDInfo
CertNameToStrW
CertGetCTLContextProperty
CryptImportPublicKeyInfo
I_CryptDisableLruOfEntries
RegCreateKeyExU
CertAddCertificateContextToStore
CertRemoveStoreFromCollection
CryptCreateAsyncHandle
I_CryptGetAsn1Decoder
RegOpenKeyExU
CertCreateCTLContext
I_CertSrvProtectFunction
CertCompareCertificateName
CertGetCRLContextProperty
CertControlStore
CertAddEncodedCRLToStore
CryptSIPCreateIndirectData
CryptAcquireContextU
CertStrToNameA
CryptDecryptAndVerifyMessageSignature

cryptdll

CDRegisterCSystem
MD5Update
CDBuildVect
MD5Final
CDRegisterCheckSum
CDLocateRng
CDBuildIntegrityVect
CDFindCommonCSystemWithKey
CDLocateCheckSum
CDRegisterRng
MD5Init
CDLocateCSystem
CDFindCommonCSystem
CDGenerateRandomBits

Sections

.text
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 203KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c96d82960a0dc75632ea82f29fdfb743

Headers

DLL Characteristics

File Characteristics

Imports

msi

dhcpsapi

dnsapi

authz

kernel32

crypt32

cryptdll

Sections

.text Size: 102KB - Virtual size: 104KB

.rdata Size: 71KB - Virtual size: 72KB

.data Size: 512B - Virtual size: 612KB

.rsrc Size: 203KB - Virtual size: 204KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 102KB - Virtual size: 104KB

.rdata
Size: 71KB - Virtual size: 72KB

.data
Size: 512B - Virtual size: 612KB

.rsrc
Size: 203KB - Virtual size: 204KB

.reloc
Size: 1024B - Virtual size: 4KB