5dadda4c084856a260997189e12de836_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5dadda4c084856a260997189e12de836_JaffaCakes118
Size

869KB
MD5

5dadda4c084856a260997189e12de836
SHA1

97349b4bba213e7789c29e83f26a064a4d3b4054
SHA256

92a105edc513682803401044c5bf1d9d94e157313d2ea82d7c65ee70047a762c
SHA512

7aa901cbcbbf865a4b58159d639d4fe15c57d0fe833c11d405ee8b736216948191424f5bf1b063863bd4d2f5c6852661e458f757a801528bbf6b3da3da6d2b3b
SSDEEP

24576:iQS9eG8PHeL/ratf5Af+cFGeQ/mNAwn9SKn:ise3IfY+QGekmNAAIK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5dadda4c084856a260997189e12de836_JaffaCakes118

Files

5dadda4c084856a260997189e12de836_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4d2b6f7f9a42934bed2d1180ced77162

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

olecli32

ErrExecute
LeUpdate
DibChangeData
LeRelease
DibSaveToStream
SetNetName
BmQueryBounds
LeSetUpdateOptions
ObjQuerySize
BmClone
MfEqual
LeGetData
OleQueryReleaseError
OleCreateLinkFromFile
OleCopyFromLink
LeCreateInvisible
BmEqual
GenDraw
OleIsDcMeta
OleRename
LeClone
DibRelease
SetNextNetDrive
ErrSetUpdateOptions
DibDraw
MfQueryBounds
PbLoadFromStream
MfEnumFormat
WEP
LeCopy
OleUpdate
DefCreateFromTemplate
ErrActivate
OleSavedClientDoc
OleCreateInvisible
GenSetData
DefCreateFromClip
ErrUpdate
BmChangeData
MfDraw
LeQueryProtocol

rasapi32

RasSetEapUserDataW
RasDeleteSubEntryW
RasHangUpW
RasEnumDevicesA
RasSetAutodialParamA
RasScriptReceive
RasConnectionNotificationW
DDMGetPhonebookInfo
RasQuerySharedAutoDial
RasSetSharedAutoDial
RasSetAutodialParamW
DwEnumEntryDetails
RasScriptGetIpAddress
RasFreeEapUserIdentityW
RasSetCredentialsA
RasGetEntryPropertiesW
RasIsSharedConnection
RasGetEntryDialParamsA
RasValidateEntryNameW
RasSetOldPassword
RasGetCredentialsA
RasGetCustomAuthDataW
RasDialA
RasEditPhonebookEntryW
RasGetConnectStatusW

ntdll

RtlInitString
NtReadFile
_ui64tow
sin
RtlNtStatusToDosError
RtlIpv4StringToAddressW
ZwTestAlert
RtlProtectHeap
NtOpenEventPair
ZwQueryAttributesFile
RtlInitializeCriticalSection
RtlSetProcessIsCritical
ZwUnloadKey
NtCompressKey
RtlMakeSelfRelativeSD
RtlIpv4StringToAddressA
RtlGetOwnerSecurityDescriptor
RtlRegisterSecureMemoryCacheCallback
RtlCreateUserThread
_itoa
ZwSetInformationDebugObject
RtlIsActivationContextActive
NtWriteFile
RtlFillMemory
PfxFindPrefix
RtlIpv6StringToAddressA
NtCreateJobObject
NtReplyWaitReplyPort
NtQueryBootEntryOrder
NtQueryFullAttributesFile
RtlCreateBootStatusDataFile
ZwQueryFullAttributesFile

duser

SetGadgetRotation
BuildAnimation
AttachWndProcA
GetGadgetCenterPoint
GetStdColorPenF
SetGadgetProperty
GetStdColorBrushI
SetGadgetStyle
BuildInterpolation
SetGadgetBufferInfo
SetGadgetScale
DllMain
InitGadgetComponent
DUserCastClass
SetGadgetCenterPoint
InitGadgets
UtilDrawOutlineRect
DrawGadgetTree
GetStdPalette
DUserBuildGadget
RegisterGadgetMessageString
GetActionTimeslice
SetGadgetRootInfo
RemoveGadgetProperty
IsInsideContext
UnregisterGadgetMessage
DUserCastHandle
GetStdColorF
AddGadgetMessageHandler
GetStdColorName
DUserCastDirect
DUserPostEvent
ForwardGadgetMessage
RemoveGadgetMessageHandler
SetGadgetOrder
SetGadgetMessageFilter
UnregisterGadgetProperty
GetMessageExA

query

??1CPropertyStoreWids@@QAE@XZ
?Marshall@CDbByGuid@@QBEXAAVPSerStream@@@Z
?_FindGroupListAnchor@CDbNestingNode@@AAEPAVCDbProjectListAnchor@@XZ
?OpenRecord@CPropStoreManager@@QAEPAVCCompositePropRecord@@KPAE@Z
??1CSort@@QAE@XZ
CIMakeICommand
?Add@CKeyArray@@QAEHHABVCKeyBuf@@@Z
?SetEndKey@CRangeRestriction@@QAEXABVCKeyBuf@@@Z
??1CPhraseRestriction@@QAE@XZ
?FetchProperty@COLEPropManager@@QAEXABU_GUID@@ABUtagPROPSPEC@@PAUtagPROPVARIANT@@PAI@Z
?RemoveCatalog@CMachineAdmin@@QAEXPBGH@Z
?AcqLine@CQueryScanner@@QAEPAGH@Z
??1CRestriction@@QAE@XZ
?Get@CRegAccess@@QAEKPBG@Z
?GetStringFromLCID@@YGXKPAG@Z
?FPSToPROPID@CPidConverter@@UAEJABVCFullPropSpec@@AAK@Z
?SetProperty@CDbPropBaseRestriction@@QAEHABUtagDBID@@@Z
?AllocHeapAndGetWString@@YGPAGAAVPDeSerStream@@@Z
??1CDbPropBaseRestriction@@QAE@XZ
?CiNtOpenNoThrow@@YGJAAPAXPBGKKK@Z
??0CUnfilteredRestriction@@QAE@XZ
?IsIISAdminUp@CMetaDataMgr@@SGHAAH@Z
?ReadProperty@CPropertyStore@@QAEHAAVCPropRecordNoLock@@KPAUtagPROPVARIANT@@PAI@Z
?Load@CLocalGlobalPropertyList@@QAEXQBG@Z
?ChangeDirty@CPropStoreInfo@@AAEXH@Z
??1CPropertyList@@UAE@XZ
?SetLogonInfo@CScopeAdmin@@QAEXPBG0AAVCCatalogAdmin@@@Z
?IsLeaf@CRestriction@@QBEHXZ
?Cleanup@CDbProp@@QAEXXZ
??0CPropertyRestriction@@QAE@KABVCFullPropSpec@@ABVCStorageVariant@@@Z
?GetDWORDParam@CCatalogAdmin@@QAEHPBGAAK@Z
LocateCatalogsA
?NameToReal@CPidRemapper@@QAEKPBVCFullPropSpec@@@Z
?GetGUID@CMemDeSerStream@@UAEXAAU_GUID@@@Z
?Find@CEmptyPropertyList@@QAEPBVCPropEntry@@ABVCDbColId@@@Z
?IsValid@CAllocStorageVariant@@QBEHXZ
?GetR4@CAllocStorageVariant@@QBEMI@Z
?GetGlobalStaticPropertyList@@YGPAVCStaticPropertyList@@XZ

kernel32

GetHandleInformation
GetDevicePowerState
RegisterWaitForSingleObject
SetLocalPrimaryComputerNameW
LoadLibraryA
GetThreadTimes
SetFileValidData
QueryPerformanceCounter
OpenEventW
GetModuleHandleW
GetConsoleDisplayMode
DeleteTimerQueueEx
GetStartupInfoA
GetStartupInfoW
SetCalendarInfoW
_lclose
GetConsoleAliasExesA
GetFileSize
VirtualAlloc
PostQueuedCompletionStatus
GetCommProperties
OutputDebugStringA
GlobalFindAtomW
GetProfileSectionW
GetVolumeNameForVolumeMountPointW
GetConsoleAliasExesLengthW
_llseek
OpenFileMappingA
LoadLibraryExA
SetConsoleKeyShortcuts
EnumUILanguagesA
BeginUpdateResourceA
ReadFileEx
MoveFileExA
GetNextVDMCommand

advapi32

LsaDelete
AllocateLocallyUniqueId
NotifyBootConfigStatus
WmiQueryAllDataMultipleW
LsaNtStatusToWinError
OpenBackupEventLogA
CryptDestroyKey
StopTraceW
DeleteService
CryptAcquireContextA
LogonUserExA
AdjustTokenPrivileges
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
RegDeleteKeyA
RegLoadKeyW
RegisterIdleTask
BuildTrusteeWithObjectsAndNameA
RegDisablePredefinedCache
SystemFunction006
SetSecurityDescriptorControl
RegDeleteKeyW
SetServiceBits
WmiOpenBlock
SetNamedSecurityInfoA

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 330KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 338KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d2b6f7f9a42934bed2d1180ced77162

Headers

DLL Characteristics

File Characteristics

Imports

olecli32

rasapi32

ntdll

duser

query

kernel32

advapi32

Sections

.text Size: 197KB - Virtual size: 197KB

.rdata Size: 330KB - Virtual size: 330KB

.data Size: 338KB - Virtual size: 1.7MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 197KB - Virtual size: 197KB

.rdata
Size: 330KB - Virtual size: 330KB

.data
Size: 338KB - Virtual size: 1.7MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB