4d5b45e387e774d2ef54909b8978ed05_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4d5b45e387e774d2ef54909b8978ed05_JaffaCakes118
Size

873KB
MD5

4d5b45e387e774d2ef54909b8978ed05
SHA1

a00719412ff7defd650176b8fef8b20cb71ce062
SHA256

49b9e074e09c0ee547bc686588f50685adbec07244a43f8d65f3ff915dd16455
SHA512

f98e1d91c68f2550a7e8711bb30bac688c6be4e68e8fc822f6f4986535676b8eccef7f38c646f55defc6eb7a1e3a26f14c850a85e67ae114f5ddfb6e5a9f8a87
SSDEEP

24576:y9Epdqcehyc5JlNPU28SP4lwH0bvoYU/8:y9EpdqcetZUfSPjH0rlU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d5b45e387e774d2ef54909b8978ed05_JaffaCakes118

Files

4d5b45e387e774d2ef54909b8978ed05_JaffaCakes118
.exe windows:5 windows x86 arch:x86

62b9e7bd0fcb55a603936fe28eaaa367

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasEnumDevicesW
RasGetConnectStatusW
RasGetProjectionInfoA
RasGetEapUserDataW
RasQuerySharedConnection
RasGetCountryInfoA
RasEnumAutodialAddressesA
RasGetEntryPropertiesW
RasGetSubEntryPropertiesA
RasSetEntryDialParamsA
RasSetAutodialParamW
RasAutodialEntryToNetwork
RasGetCustomAuthDataA
RasSetEapUserDataW
RasGetEapUserDataA
RasEditPhonebookEntryW
RasSetEntryPropertiesW
RasGetEapUserIdentityA
RasGetHport
RasGetErrorStringA
RasGetCustomAuthDataW
RasSetOldPassword
RasGetEntryHrasconnW
RasEditPhonebookEntryA
DwCloneEntry
RasGetAutodialAddressA
RasIsSharedConnection
RasCreatePhonebookEntryW
RasSetCredentialsA
RasSetCredentialsW
RasFreeEapUserIdentityW
RasValidateEntryNameW
RasSetSubEntryPropertiesA
RasRenameEntryA
UnInitializeRAS
RasInvokeEapUI
RasSetAutodialParamA
RasSetEntryPropertiesA
RasGetSubEntryHandleW
DwEnumEntryDetails
DwRasUninitialize
RasGetLinkStatistics

ieakeng

SaveADMItem
ProcessFavSelChange
GetAdmWindowHandle
IsFavoriteItem
CheckForDupKeys
CreateADMWindow
ShowADMWindow
MoveUpFavorite
DoReboot
ModifyZones
SelectADMItem
ModifyAuthCode
GetFavoritesMaxNumber
MoveDownFavorite
ShowInetcpl
CheckField
ModifyRatings
ErrorMessageBox
DisplayADMItem
CanDeleteADM
MoveADMWindow
BToolbar_Remove
NewFolder
BuildPalette
DestroyADMWindow
GetFavoritesNumber

kernel32

TryEnterCriticalSection
GetGeoInfoA
GetNativeSystemInfo
FindFirstFileExW
GetSystemTimeAsFileTime
SetLastError
GetStartupInfoW
SetConsoleMaximumWindowSize
SetConsoleCP
IsDebuggerPresent
PrivMoveFileIdentityW
DuplicateHandle
GetUserDefaultLCID
LeaveCriticalSection
FreeEnvironmentStringsA
LoadLibraryA
DeviceIoControl
GetTimeFormatA
ResetEvent
EnterCriticalSection
ReadConsoleA
ScrollConsoleScreenBufferW
ReadFileScatter
VirtualAlloc
GetCurrentActCtx
DefineDosDeviceA
IsValidCodePage
SetThreadLocale
SetInformationJobObject
GetSystemDefaultLCID
IsValidLocale
CreateProcessInternalW
FormatMessageW
EnumDateFormatsExW
GetConsoleNlsMode

apphelp

SdbReadBYTETagRef
SdbReadDWORDTag
ApphelpCheckMsiPackage
SdbGetDatabaseMatch
ApphelpShowDialog
SdbReadQWORDTag
SdbGetTagDataSize
GetPermLayers
SdbReadStringTag
SdbFindFirstTag
SdbGetDatabaseVersion
SdbGetFirstChild
SdbDeletePermLayerKeys
ApphelpCheckRunApp
SdbFindFirstNamedTag
SdbQueryData
SdbEnumMsiTransforms
SdbGetPermLayerKeys
SdbFindNextMsiPackage
SdbReadBYTETag
SdbGetStandardDatabaseGUID
ApphelpCheckInstallShieldPackage
SdbGrabMatchingInfoEx
ShimFlushCache
SdbReadBinaryTag
SdbReadWORDTag
SdbReadEntryInformation
SdbFindFirstMsiPackage_Str
SdbGrabMatchingInfo
SdbQueryApphelpInformation
SdbFindNextTagRef
SdbSetPermLayerKeys
SdbFindNextTag
SdbReadQWORDTagRef
SdbOpenApphelpInformation
SdbReadWORDTagRef

lz32

LZCopy
LZRead
CopyLZFile
LZDone
LZCloseFile
LZStart
GetExpandedNameA
LZInit
LZOpenFileW
LZSeek
LZOpenFileA
LZClose

d3dim

SurfaceFlipNotify
D3DFree
Direct3D_HALCleanUp
Direct3DGetSWRastZPixFmts
Direct3DCreateTexture
PaletteUpdateNotify
Direct3DCreate
FlushD3DDevices2
PaletteAssociateNotify
FlushD3DDevices
D3DRealloc
D3DMalloc
Direct3DCreateDevice

Sections

.text
Size: 443KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62b9e7bd0fcb55a603936fe28eaaa367

Headers

DLL Characteristics

File Characteristics

Imports

rasapi32

ieakeng

kernel32

apphelp

lz32

d3dim

Sections

.text Size: 443KB - Virtual size: 443KB

.rdata Size: 326KB - Virtual size: 326KB

.data Size: 99KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 443KB - Virtual size: 443KB

.rdata
Size: 326KB - Virtual size: 326KB

.data
Size: 99KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB