60725e5af5171c278c85e0543ee8ffcf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

60725e5af5171c278c85e0543ee8ffcf_JaffaCakes118
Size

871KB
MD5

60725e5af5171c278c85e0543ee8ffcf
SHA1

2fc80b983fcd120df7cdbe43ca258aa9d8ba6b35
SHA256

ef82cb505ebea0b41bbd500c5bd360dc24ae79c82d5a4d2f0ca0de18a38857b2
SHA512

c9043c527a630e0e5ea9d6123fc9ac73a702eb480b6c71810b986e417e8fa8370ca016a4634b198417a8a34f28493f3485daeea7762af9ea74922a8c97a7cd72
SSDEEP

24576:u1QeUYRJW9/brnpgncAzCvhiHeUXLXF0ob:wKYOXnp0cAzaiN0o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60725e5af5171c278c85e0543ee8ffcf_JaffaCakes118

Files

60725e5af5171c278c85e0543ee8ffcf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c808707f5560a1bfb679937ebd8f7ec3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
ReadConsoleInputA
PeekConsoleInputA
GetComputerNameExW
GetCommandLineW
SetConsoleCursorMode
CloseHandle
FindActCtxSectionStringW
LZRead
GetSystemWow64DirectoryA
FindNextVolumeW
RegisterConsoleVDM
LocalFlags
GetCurrentProcess
CloseProfileUserMapping
RtlZeroMemory
ZombifyActCtx
CompareStringA
TermsrvAppInstallMode
GetCurrentProcessId
GetProfileSectionA
GetNumaAvailableMemoryNode
SetFileApisToOEM
RtlUnwind
WriteProfileSectionW
VirtualAlloc
FindFirstChangeNotificationW
DebugBreakProcess
WriteConsoleInputVDMW
LoadLibraryA
SetCalendarInfoW
GetModuleHandleA
ChangeTimerQueueTimer
GetShortPathNameW
GetWindowsDirectoryA
GetThreadSelectorEntry
GetConsoleCP
IsDBCSLeadByte
CreateConsoleScreenBuffer
GetAtomNameW
GetComputerNameExA
GetProcessId
WriteFile
TlsSetValue
DeleteFileA
ConnectNamedPipe
GetSystemDefaultUILanguage

comdlg32

ReplaceTextW
PrintDlgA
ReplaceTextA
PageSetupDlgA
CommDlgExtendedError
WantArrows
ChooseColorW
FindTextA
GetOpenFileNameW
GetSaveFileNameW
PrintDlgExW
GetOpenFileNameA
FindTextW
LoadAlterBitmap
PrintDlgW
dwOKSubclass
GetFileTitleW
ChooseFontW
PrintDlgExA
ChooseColorA
GetFileTitleA
ChooseFontA
dwLBSubclass
Ssync_ANSI_UNICODE_Struct_For_WOW
GetSaveFileNameA

ntdll

NtQueryVirtualMemory
_atoi64
ZwDuplicateObject
RtlUnhandledExceptionFilter2
NtDebugActiveProcess
RtlUpcaseUnicodeStringToAnsiString
NtDisplayString
wcsncmp
DbgUiGetThreadDebugObject
RtlGetFullPathName_U
ZwQueryInformationToken
RtlGetLastNtStatus
ZwCallbackReturn
isgraph
NtCreateProcess
ZwTerminateThread
RtlMultiAppendUnicodeStringBuffer
NtQueryDirectoryFile
RtlEqualLuid
RtlReleasePebLock
CsrIdentifyAlertableThread
RtlDosPathNameToNtPathName_U
ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
NtAllocateUuids
ZwRequestWaitReplyPort
NtSetBootOptions
RtlSetProcessIsCritical
RtlDumpResource
_wtoi
ZwMakeTemporaryObject
RtlSetOwnerSecurityDescriptor
ZwAdjustPrivilegesToken
RtlCopySecurityDescriptor
RtlSetIoCompletionCallback
ZwRequestPort
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlTraceDatabaseEnumerate
RtlInterlockedPopEntrySList
RtlDosApplyFileIsolationRedirection_Ustr
NtCreateSymbolicLinkObject

crypt32

CryptMsgOpenToEncode
CryptDecodeMessage
CryptSignMessageWithKey
CertAddEncodedCertificateToSystemStoreA
CertFindCertificateInCRL
CryptSignCertificate
CryptMsgCountersign
CertDuplicateCertificateContext
CryptBinaryToStringA
CertGetIssuerCertificateFromStore
CertAddEnhancedKeyUsageIdentifier
I_CryptUninstallOssGlobal
CryptFindCertificateKeyProvInfo
CertGetCRLFromStore
CertOpenSystemStoreW
CertEnumCertificateContextProperties
CryptRegisterDefaultOIDFunction
CertIsRDNAttrsInCertificateName
CertGetNameStringA
CertFreeCTLContext
CryptEncodeObject
CertGetCertificateChain
CertDuplicateCertificateChain
CertCompareCertificateName
CertAddEncodedCertificateToStore
CertEnumCRLContextProperties
CertFreeCertificateContext
RegCreateKeyExU
I_CryptGetAsn1Encoder
CryptSIPGetSignedDataMsg
CertCreateCTLEntryFromCertificateContextProperties
I_CertSyncStore
CryptMsgOpenToDecode
CryptRegisterOIDInfo
CertCloseStore
CertSetCRLContextProperty
CryptCreateKeyIdentifierFromCSP
I_CryptInstallAsn1Module
I_CryptEnableLruOfEntries

user32

UpdateLayeredWindow
CallMsgFilter
CopyRect
IsCharAlphaW
OemToCharA
DialogBoxParamW
DdeQueryStringA
TabbedTextOutW
DdeConnect
CheckRadioButton
RemoveMenu
EndPaint
CreateWindowStationA
RegisterTasklist
ChildWindowFromPoint
GetAltTabInfoW
RegisterShellHookWindow
AllowSetForegroundWindow
EnumDisplayMonitors
EndDeferWindowPos
CallNextHookEx
RegisterHotKey
GetRawInputBuffer
CharNextA
GetForegroundWindow
PackDDElParam
SendMessageTimeoutW
PrintWindow
PostMessageW
LoadRemoteFonts
DefMDIChildProcW
DrawCaptionTempA
SetUserObjectInformationW
SetWindowLongA
LoadIconA
DdeAccessData
CharPrevExA
AdjustWindowRect
PrivateExtractIconsA
LoadMenuIndirectA
ShowCursor

shimeng

SE_IsShimDll
SE_DllLoaded
SE_DllUnloaded
SE_InstallBeforeInit
SE_DynamicShim
SE_InstallAfterInit
SE_ProcessDying

icmp

IcmpCloseHandle
IcmpParseReplies
IcmpSendEcho
register_icmp
do_echo_rep
IcmpCreateFile
do_echo_req
IcmpSendEcho2

Sections

.text
Size: 540KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 322KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c808707f5560a1bfb679937ebd8f7ec3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comdlg32

ntdll

crypt32

user32

shimeng

icmp

Sections

.text Size: 540KB - Virtual size: 540KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 322KB - Virtual size: 1.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 540KB - Virtual size: 540KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 322KB - Virtual size: 1.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B