5a3eddd6036ba673d27ac4e8d0ea201c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5a3eddd6036ba673d27ac4e8d0ea201c_JaffaCakes118
Size

870KB
MD5

5a3eddd6036ba673d27ac4e8d0ea201c
SHA1

4ac4a14141abf5765e0e2e26b9dbb957fdd5fa02
SHA256

e2d74a5476298f23a533e700b10ace6b0ad176d0700e211e1e9188d277ba1197
SHA512

5d4ec7bb2a7848adbd8504aad5db1e479af85b0e42f4ffd3aa5a1405134be0f1ad028b99cbb97af9819ba72caa417880fe8ad1683a65ccf0714db82251660b4f
SSDEEP

24576:Arng3WCqJuQljT05KYAWdtxEfefO+fCRIeJ:Arg3WCquQ65SWrxEAqWk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a3eddd6036ba673d27ac4e8d0ea201c_JaffaCakes118

Files

5a3eddd6036ba673d27ac4e8d0ea201c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6acbc2902d9ec26811d42372aa080760

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

clusapi

CanResourceBeDependent
GetClusterNetInterfaceState
CloseClusterGroup
CreateClusterGroup
GetClusterResourceNetworkName
GetClusterResourceTypeKey
ClusterResourceTypeControl
DeleteClusterGroup
CloseClusterNode
AddClusterResourceDependency
ClusterResourceOpenEnum
GetClusterNetInterface
BackupClusterDatabase
ResumeClusterNode
ClusterResourceEnum
DeleteClusterResourceType
ClusterResourceTypeCloseEnum
ClusterNodeEnum
CloseClusterNotifyPort
GetClusterNetworkState
SetClusterGroupName
ClusterNetworkOpenEnum
CloseClusterResource
ClusterOpenEnum
GetClusterResourceState
CreateClusterResource
SetClusterNetworkPriorityOrder
PauseClusterNode
OpenClusterGroup
GetClusterResourceKey
ClusterNodeCloseEnum
ClusterRegGetKeySecurity
RemoveClusterResourceNode
GetNodeClusterState

ifsutil

??1SECRUN@@UAE@XZ
?EnableVolumeUpgrade@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?Initialize@DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EEG@Z
?SetAutochkTimeOut@VOL_LIODPDRV@@SGEK@Z
?QuerySectors@DP_DRIVE@@UBE?AVBIG_INT@@XZ
?Write@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
??1DIGRAPH@@UAE@XZ
?DiskCopyMainLoop@@YGHPBVWSTRING@@000EPAVMESSAGE@@1@Z
?QueryContainingRange@NUMBER_SET@@QBEEVBIG_INT@@PAV2@1@Z
?InvalidateVolume@IO_DP_DRIVE@@QAEEXZ
?AddStart@NUMBER_SET@@QAEEVBIG_INT@@@Z
?Initialize@SECRUN@@QAEEPAVMEM@@PAVIO_DP_DRIVE@@VBIG_INT@@K@Z
?QueryVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?GetFirst@TLINK@@QAEPAXXZ
??0SPARSE_SET@@QAE@XZ
??0READ_CACHE@@QAE@XZ
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@@Z
?GetNext@TLINK@@QAEPAXPAX@Z
?Write@SECRUN@@UAEEXZ
?DoesIntersectSet@NUMBER_SET@@QBEEVBIG_INT@@0@Z
?EnableVolumeCompression@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?QueryParents@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?Initialize@VOL_LIODPDRV@@IAEEPBVWSTRING@@0PAVSUPERAREA@@PAVMESSAGE@@E@Z
??0SECRUN@@QAE@XZ
?ComputeVolId@SUPERAREA@@SGKK@Z
?AddVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?FileSetAttributes@IFS_SYSTEM@@SGEPBVWSTRING@@KPAK@Z
?ForceAutochk@VOL_LIODPDRV@@QAEEEKKGPBVWSTRING@@@Z
?GetCannedSecurity@IFS_SYSTEM@@SGPAVCANNED_SECURITY@@XZ
?AddEdge@DIGRAPH@@QAEEKK@Z
??0NUMBER_SET@@QAE@XZ
?ReverseCopy@INTSTACK@@QAEEPAV1@@Z

rasman

RasFindPrerequisiteEntry
RasDeviceConnect
IsRasmanProcess
RasGetDialParams
RasPortReserve
RasGetDevConfigEx
RasRpcDisconnectServer
RasGetHConnFromEntry
RasPortReceiveEx
RasDeviceSetInfo
RasAllocateRoute
RasConnectionGetStatistics
RasSecurityDialogReceive
RasRegisterPnPHandler
RasRpcDeleteEntry
RasPortGetBundledPort
RasPortFree
RasRpcRemoteSetUserPreferences
RasPortRetrieveUserData
RasSetDevConfig
RasRpcPortEnum
RasRpcRemoteGetSystemDirectory
RasRpcPortGetInfo
RasReferenceRasman
RasRequestNotification
RasRpcDeviceEnum
RasGetFramingCapabilities
RasPortDisconnect
RasPortSetFraming
RasGetBuffer
RasRpcGetErrorString
RasPortOpenEx
RasLinkGetStatistics

userenv

GetGPOListW
DeleteProfileA
GetAppliedGPOListA
DeleteProfileW
GetUserProfileDirectoryA
RefreshPolicyEx
EnterCriticalPolicySection
GetAllUsersProfileDirectoryA
GetGPOListA
GetProfilesDirectoryA
RsopLoggingEnabled
DllGetClassObject
GetUserProfileDirectoryW
RefreshPolicy
GetProfilesDirectoryW
WaitForMachinePolicyForegroundProcessing
GetPreviousFgPolicyRefreshInfo
RsopSetPolicySettingStatus
RsopAccessCheckByType
FreeGPOListA
GetAppliedGPOListW
ExpandEnvironmentStringsForUserW
ProcessGroupPolicyCompletedEx
GetDefaultUserProfileDirectoryA
WaitForUserPolicyForegroundProcessing
RegisterGPNotification
FreeGPOListW

gdi32

SetWindowExtEx
GdiEntry3
GdiEntry11
GetTextAlign
GetCurrentPositionEx
UpdateICMRegKeyA
DdEntry13
GetLogColorSpaceA
OffsetWindowOrgEx
BRUSHOBJ_ulGetBrushColor
EngAcquireSemaphore
GetTextExtentPoint32A
GdiPlayScript
GdiEndPageEMF
SetBkColor
GdiPrinterThunk
GetDIBits
SetBitmapAttributes
FONTOBJ_cGetAllGlyphHandles
ExtTextOutA
ColorMatchToTarget
EngCopyBits
UpdateICMRegKeyW
GetArcDirection
GdiFlush
GetCharWidth32A
GdiPlayDCScript
GdiEntry9
AnyLinkedFonts
GetTextExtentExPointA
CreateFontW
EngComputeGlyphSet
AbortPath
MirrorRgn
GetGlyphOutlineA
GetEnhMetaFileDescriptionA
FONTOBJ_pvTrueTypeFontFile
GdiConvertToDevmodeW
GetMiterLimit
gdiPlaySpoolStream
GdiSetServerAttr
AddFontResourceExA
AnimatePalette
DdEntry39
EnumFontFamiliesW
SetRelAbs
FONTOBJ_pxoGetXform
XLATEOBJ_piVector
GdiQueryTable
SetPixel
ExtTextOutW
StartDocA
DdEntry19
SaveDC
GdiGradientFill
EngStretchBltROP
DdEntry8
SetTextJustification
SetStretchBltMode
GdiEntry6
DPtoLP
GetRgnBox
EngFillPath
GetMetaFileA
GetTextMetricsW
ResetDCW
CreateFontIndirectA
GetBitmapBits
GetDeviceGammaRamp
CreateScalableFontResourceW
GdiEntry5
SetColorAdjustment
CopyMetaFileW
DdEntry42
ChoosePixelFormat
SetBoundsRect
CreateDIBPatternBrushPt
CloseMetaFile
DeleteObject
PolyTextOutW
GetDCBrushColor
DdEntry29
DdEntry15
GetObjectW
HT_Get8BPPFormatPalette

kernel32

IsValidCodePage
VirtualAlloc
IsValidLanguageGroup
AttachConsole
SetProcessPriorityBoost
GetEnvironmentStringsA
LockResource
SetConsoleHardwareState
CreateIoCompletionPort
FindVolumeMountPointClose
GetEnvironmentStrings
WaitForDebugEvent
GetSystemInfo
BuildCommDCBAndTimeoutsW
SetLastError
LoadLibraryA
EnumTimeFormatsA
InterlockedExchangeAdd
OpenFileMappingW
SearchPathA
ConnectNamedPipe
PeekConsoleInputA
RtlCaptureStackBackTrace
GetCurrentThread
GlobalAlloc
SetThreadPriorityBoost
WriteConsoleOutputA
PrivMoveFileIdentityW
lstrcatA

Sections

.text
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 395KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 265KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6acbc2902d9ec26811d42372aa080760

Headers

DLL Characteristics

File Characteristics

Imports

clusapi

ifsutil

rasman

userenv

gdi32

kernel32

Sections

.text Size: 208KB - Virtual size: 208KB

.rdata Size: 395KB - Virtual size: 396KB

.data Size: 512B - Virtual size: 1.7MB

.rsrc Size: 265KB - Virtual size: 268KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 208KB - Virtual size: 208KB

.rdata
Size: 395KB - Virtual size: 396KB

.data
Size: 512B - Virtual size: 1.7MB

.rsrc
Size: 265KB - Virtual size: 268KB

.reloc
Size: 1024B - Virtual size: 4KB