5b855b28b64e6db7b329d9f3f80a5ebd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5b855b28b64e6db7b329d9f3f80a5ebd_JaffaCakes118
Size

936KB
MD5

5b855b28b64e6db7b329d9f3f80a5ebd
SHA1

7b8e80e98fd2b0b399ed2877af3a40e3d297245e
SHA256

5e333f62f2e4ec52f364e4eba42e7a9cdd5dd0d6bc3e1a9b6add49ec6ccf2ce4
SHA512

b41dcfd8d7bf7be1e0a22a1310dd4e16b70599075a553344be49f7ac0168f87a70be52a3b22ef78a83b137b44f708c2bdfe3fd8411199f629f2fb639d3e97e40
SSDEEP

12288:nuijcyRSTOQZzKjpBj/fy2+LQhHwau/BY7MJC8IuDF/4RFzdmjT4Ddj68pGaSi/F:Q0BjHlVQIvLrj6ZGAM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b855b28b64e6db7b329d9f3f80a5ebd_JaffaCakes118

Files

5b855b28b64e6db7b329d9f3f80a5ebd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

da56da6b41c850368bb57213bd6d302d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetProcessDefaultLayout
PtInRect
ChangeMenuA
wsprintfW
GetQueueStatus
UpdateWindow
GetClassInfoA
LockWorkStation
UserClientDllInitialize
InflateRect
DrawCaption
DrawFrame
CalcMenuBar
CharToOemBuffA
FlashWindowEx
EnumDesktopWindows
LoadCursorFromFileW
DdeImpersonateClient
WINNLSGetEnableStatus
LoadCursorA
GetIconInfo
GetAppCompatFlags
ToAsciiEx
DlgDirListComboBoxA
DdeNameService
GetProgmanWindow
SendMessageA
SetCursorContents
mouse_event
CloseClipboard
ScrollDC
GetKeyboardLayoutList
WINNLSEnableIME
GetAncestor
ActivateKeyboardLayout
SendNotifyMessageA
CloseDesktop
ReplyMessage
RegisterHotKey
PostMessageA
RegisterSystemThread
InsertMenuW
GetClassLongA
InsertMenuA
ModifyMenuW
GetClipCursor
SetCursor
DdeQueryNextServer
SetWindowTextW
MonitorFromWindow
VkKeyScanExA
LookupIconIdFromDirectoryEx
wvsprintfA
MsgWaitForMultipleObjectsEx
DeleteMenu
RegisterClassA
GetForegroundWindow
IsCharLowerW
SetDlgItemTextW
DefFrameProcA
GetUserObjectInformationA
DdeKeepStringHandle
DrawFrameControl
IsWinEventHookInstalled
ModifyMenuA
CreateMDIWindowA
SetWindowRgn
FindWindowA
WinHelpA
UnhookWindowsHook
CreateAcceleratorTableA
GetTitleBarInfo

opengl32

glGenLists
glIndexPointer
glFogf
glInitNames
wglSwapMultipleBuffers
glColor4dv
glRasterPos2s
glEvalCoord1d
glClearIndex
glPixelStoref
glNormal3s
glEvalMesh1
glRasterPos4f
glTexCoord2f
glGetIntegerv
glEnableClientState
glClearAccum
glLightModeliv
glIsTexture
glTexCoordPointer
glLoadMatrixd
glNormal3sv
glEvalCoord2dv
glTexCoord1f
glColor3fv
glDrawArrays
glGetTexImage
glRasterPos3d
glVertex2iv
glColor4usv
glRectdv
glGetMapfv
glDeleteTextures
wglGetProcAddress
wglDescribeLayerPlane
glRasterPos2fv
glColor4sv
glTexCoord3d
glGetString
glDrawPixels
glPushName
glStencilFunc
glRasterPos3f
glGetDoublev
glTexCoord4dv
glColor3i
glVertex4i
glIndexd
glTexGenfv
glBitmap
glBindTexture
glTexParameteri
glRasterPos3i
glVertex4iv
glFrontFace
glGetTexLevelParameteriv
glGetClipPlane
glTexCoord1d
glIndexMask
glEdgeFlagPointer
glTexEnvf

crtdll

_mbsdup
_winmajor_dll
_setjmp
_gcvt
_sopen
_nextafter
_ismbcl2
_CIlog10
strlen
_winminor_dll
_ismbbkana
fputc
_ungetch
iswprint
toupper
iscntrl
_j0
strspn
wcspbrk
iswspace
vprintf
_sys_errlist
__pxcptinfoptrs
memset
_ismbbgraph
_ismbcdigit
calloc
_mbscmp
_mbsncat

ulib

?Stricmp@MBSTR@@SGHPAD0@Z
?Initialize@BITVECTOR@@QAEEKW4BIT@@PAK@Z
?ExitProgram@PROGRAM@@SGXK@Z
?SetXon@COMM_DEVICE@@QAEEE@Z
?SetDtrControl@COMM_DEVICE@@QAEEW4DTR_CONTROL@@@Z
??0ARGUMENT_LEXEMIZER@@QAE@XZ
?Strspn@WSTRING@@QBEKPBV1@K@Z
?ConvertToLocal@TIMEINFO@@QAEEXZ
?SetAnsiConversions@WSTRING@@SGXXZ
?ValidateVersion@PROGRAM@@UBEXKK@Z
?SetAttributes@FSN_FILTER@@QAEEKKK@Z
??_7BDSTRING@@6B@
?SetDotsOnly@MESSAGE@@UAEEE@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
?Strlwr@WSTRING@@QAEPAV1@KK@Z
?Initialize@MEM_ALLOCATOR@@QAEE_KK@Z
?IsLoggingEnabled@MESSAGE@@QAEEXZ
??0DSTRING@@QAE@ABV0@@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QAEXPBVWSTRING@@@Z
?Strstr@WSTRING@@QBEKPBV1@@Z
??1LIST@@UAE@XZ
?ResetBit@BITVECTOR@@QAEXKK@Z
?QuerySTR@BSTRING@@QBEPADKKPADKE@Z
?Stricmp@WSTRING@@QBEJPBV1@K@Z
?Initialize@STREAM_MESSAGE@@QAEEPAVSTREAM@@00@Z
?Initialize@SCREEN@@QAEEXZ
??1ARRAY@@UAE@XZ
??0DSTRING@@QAE@XZ
?QueryFullPath@PATH@@QBEPAV1@XZ
?ReadAt@FILE_STREAM@@QAEEPAEK_JW4SEEKORIGIN@@PAK@Z
?NextChar@BSTRING@@QAEKK@Z

samsrv

SamIGetUserLogonInformation
SamrRidToSid
SamIFree_SAMPR_ULONG_ARRAY
SamIIsExtendedSidMode
SamIRetrievePrimaryCredentials
SampInvalidateRidRange
SamIOpenUserByAlternateId
SampSetSerialNumberDomain2
SamIMixedDomain
SamIGetUserLogonInformationEx
SamIFloatingSingleMasterOpEx
SamIPromote
SamIGetAliasMembership
SamINetLogonPing
SamIGetResourceGroupMembershipsTransitive
SamrOpenUser
SampFlagsToAccountControl
SamrQueryInformationUser
SamrSetInformationUser
SamINotifyRoleChange
SamISameSite
SamrGetGroupsForUser
SamrDeleteAlias
SampAcquireSamLockExclusive
SamIPromoteUndo
SamIInitialize
SampNotifyReplicatedInChange
SamIChangePasswordForeignUser
SamIDoFSMORoleChange
SampProcessSingleLoopbackTask
SamILoadDownlevelDatabase
SamrQueryInformationDomain
SamrLookupNamesInDomain
SamrGetAliasMembership
SamIIsSetupInProgress
SamIFree_SAMPR_USER_INFO_BUFFER
SamIFreeVoid
SamIFree_SAMPR_RETURNED_USTRING_ARRAY
SampNetLogonNotificationRequired
SampGetSerialNumberDomain2
SamIMixedDomain2
SamIAccountRestrictions
SamIFree_SAMPR_ENUMERATION_BUFFER

setupapi

SetupQuerySpaceRequiredOnDriveW
SetupOpenMasterInf
pSetupInstallCatalog
SetupGetTargetPathW
CM_Get_DevNode_Custom_PropertyA
pSetupSetQueueFlags
CM_Request_Eject_PC_Ex
CM_Get_Next_Log_Conf_Ex
CM_Get_DevNode_Custom_Property_ExW
SetupDiGetClassDescriptionW
pSetupUnicodeToMultiByte
SetupGetInfFileListW
SetupDiCreateDeviceInterfaceRegKeyW
SetupDiSetSelectedDriverA
SetupOpenLog
CM_Get_DevNode_Registry_PropertyA
pSetupStringTableAddString
CM_Locate_DevNode_ExW
SetupQuerySourceListW
pSetupStringTableLookUpStringEx
CM_Add_Res_Des_Ex
SetupDiRemoveDeviceInterface
pSetupGetGlobalFlags
pSetupStringTableSetExtraData

kernel32

WaitNamedPipeW
EscapeCommFunction
CreateWaitableTimerW
SetConsoleCP
GlobalAlloc
GetFileInformationByHandle
CreateDirectoryW
CancelTimerQueueTimer
DeleteVolumeMountPointW
Sleep
FindAtomW
Beep
EnumResourceNamesA
LocalCompact
BaseInitAppcompatCacheSupport
EnumSystemLocalesA
GetCurrencyFormatA
UnmapViewOfFile
ScrollConsoleScreenBufferA
CallNamedPipeW
GenerateConsoleCtrlEvent
SetConsoleMenuClose
DebugActiveProcess
EndUpdateResourceW
EnumDateFormatsExW
GetVersion
HeapDestroy
GetTapeParameters
BackupWrite
IsProcessorFeaturePresent
LCMapStringA
GetHandleContext
RequestWakeupLatency
GetSystemWow64DirectoryA
SetLocalTime
LoadLibraryExA
FlushFileBuffers
GetProfileStringA
InitAtomTable
GetFileTime
QueryDosDeviceW
ReleaseActCtx
HeapValidate
CancelDeviceWakeupRequest
GetModuleHandleExW
ExitVDM
GetProcessAffinityMask
DosPathToSessionPathA
HeapWalk
InterlockedPopEntrySList
GetUserDefaultLangID
OpenFile
FindCloseChangeNotification
GetVolumePathNameA
DeleteTimerQueueEx
DeleteFileA
SetCalendarInfoW
FindAtomA
SetCommConfig
MoveFileExW
VirtualAlloc
DefineDosDeviceW
GetConsoleCommandHistoryLengthW
FreeEnvironmentStringsA
CopyLZFile
CreateConsoleScreenBuffer
FindNextVolumeMountPointA
EnumSystemLanguageGroupsW
FindActCtxSectionStringW
SetCommBreak
LZDone
ExpandEnvironmentStringsA
GetCalendarInfoA
SetCalendarInfoA
OpenProcess

vdmdbg

VDMTerminateTaskWOW
VDMSetThreadContext
VDMGetSymbol
VDMGetPointer
VDMGlobalFirst
VDMGetDbgFlags
VDMProcessException
VDMGetSelectorModule
VDMGetContext
VDMEnumTaskWOW
VDMSetContext
VDMGetSegmentInfo
VDMModuleNext
VDMGetSegtablePointer
VDMBreakThread
VDMGetThreadSelectorEntry
VDMSetDbgFlags
VDMKillWOW
VDMGlobalNext
VDMEnumProcessWOW
VDMStartTaskInWOW
VDMModuleFirst
VDMIsModuleLoaded
VDMGetThreadContext
VDMDetectWOW
VDMEnumTaskWOWEx
VDMGetModuleSelector
VDMGetAddrExpression

netshell

HrCreateDesktopIcon
HrGetIconFromMediaType
DllGetClassObject
NcFreeNetconProperties
DllCanUnloadNow
HrLaunchConnectionEx
StartNCW
NcIsValidConnectionName
DllUnregisterServer
DllRegisterServer
HrRenameConnection
HrLaunchConnection

ole32

DcomChannelSetHResult
CoGetInterceptor
CoFileTimeNow
UtConvertDvtd16toDvtd32
GetHGlobalFromILockBytes
CLIPFORMAT_UserSize
StgCreateDocfile
CoInitialize
CoGetCallContext
CoGetTreatAsClass
CoLockObjectExternal
StgCreatePropStg
DoDragDrop
CoGetObjectContext
CLSIDFromOle1Class
CreateClassMoniker
OleTranslateAccelerator
FmtIdToPropStgName
ComPs_NdrDllUnregisterProxy
HICON_UserUnmarshal
CLIPFORMAT_UserFree
DllGetClassObjectWOW
CoLoadLibrary
CoInvalidateRemoteMachineBindings

icmp

do_echo_req
register_icmp
IcmpSendEcho
IcmpParseReplies
IcmpCreateFile
do_echo_rep
IcmpSendEcho2
IcmpCloseHandle

Sections

.text
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

da56da6b41c850368bb57213bd6d302d

Headers

DLL Characteristics

File Characteristics

Imports

user32

opengl32

crtdll

ulib

samsrv

setupapi

kernel32

vdmdbg

netshell

ole32

icmp

Sections

.text Size: 523KB - Virtual size: 523KB

.rdata Size: 265KB - Virtual size: 265KB

.data Size: 146KB - Virtual size: 149KB

.text
Size: 523KB - Virtual size: 523KB

.rdata
Size: 265KB - Virtual size: 265KB

.data
Size: 146KB - Virtual size: 149KB