6865fb8ea986f74b196d35a6865cbe73_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6865fb8ea986f74b196d35a6865cbe73_JaffaCakes118
Size

362KB
MD5

6865fb8ea986f74b196d35a6865cbe73
SHA1

5d69c14826cbcb382d84b1077e75f2ba2132c81e
SHA256

ce9fb725af38d4389836e3342b161ecc44339ec121634ee5f7b0556bddc12ca6
SHA512

45cff7f2d7adb76c4798af11df38aedbf51ff887c4c8246792028ba1008fbd9cb00c3df18b37fa7d81385994c5c4e607b2bb3814dd0a0db4686defd030886f39
SSDEEP

6144:00GnNx8RLdSLtqTZVTqrgfyIIB6XlVhWwxkyuI3W2/8egAklW2MxEPhsExYYAsx+:RGnNx8bItnIySX4yuWWQTrkmxNvpP4W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6865fb8ea986f74b196d35a6865cbe73_JaffaCakes118

Files

6865fb8ea986f74b196d35a6865cbe73_JaffaCakes118
.exe windows:5 windows x86 arch:x86

41788433620945ac1ea20982d70533d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

ntdll

RtlApplyRXactNoFlush
_splitpath
ZwVdmControl
_wcsupr
_atoi64
ZwQueryPerformanceCounter
NtRaiseHardError
NtGetContextThread
NlsAnsiCodePage
ZwImpersonateAnonymousToken
NtConnectPort
ZwWriteRequestData
NtModifyBootEntry
NtMakeTemporaryObject
islower
NtLoadDriver
RtlTimeToSecondsSince1970
tan
ZwQueryInformationAtom
RtlAnsiStringToUnicodeString
ZwQueryVolumeInformationFile
ZwConnectPort
LdrQueryImageFileExecutionOptions
NtRaiseException
ZwCreateProfile
RtlAddAccessDeniedAce
atoi
RtlAddAccessDeniedObjectAce
RtlMultiByteToUnicodeN
RtlAddAtomToAtomTable
NtSetInformationKey
ZwOpenObjectAuditAlarm
NtQueryIntervalProfile
NtTerminateThread
NtLockProductActivationKeys
RtlQueryHeapInformation

opengl32

glColor4us
glPixelTransferf
glVertex4dv
glColor4f
glColor3dv
glMultMatrixf
glTexCoord3iv
glEvalCoord2d
glHint
glScissor
glColor4uiv
glDisable
glRasterPos4dv
glTexImage2D
glCallList
glGenLists
glColor3ubv
glClearStencil
glLoadMatrixd
glAccum
glNormal3s
glFogf
glRasterPos3sv
glTexEnvfv
glDeleteTextures
glTexGenf
glNewList
glVertex2f
glClear
glColor3ub
glIndexf
glPassThrough
glVertexPointer
wglUseFontBitmapsW
glGetIntegerv
glVertex2s
glLightModelfv
glTexGendv
glEvalPoint2
glTexCoord2f

kernel32

OpenConsoleW
lstrcpynA
PeekConsoleInputA
GetCompressedFileSizeW
ReadConsoleOutputAttribute
DeleteCriticalSection
GetCommProperties
OpenProcess
ReadConsoleA
GetEnvironmentStringsW
SetEnvironmentVariableA
GetCommandLineW
HeapReAlloc
lstrcpyn
WriteConsoleOutputW
LCMapStringA
MoveFileExA
CloseProfileUserMapping
VirtualAlloc
GetCurrentThread
GetEnvironmentVariableA
GetNumaProcessorNode
IsValidLanguageGroup
CreateDirectoryA
GlobalWire
GetComputerNameExA
GlobalFlags
EraseTape
LoadLibraryA
RaiseException
QueryPerformanceCounter
SetMailslotInfo
SetNamedPipeHandleState
FindResourceA
UnregisterConsoleIME
LocalAlloc
_lopen
lstrcpyW
CommConfigDialogW
CloseHandle
WriteFile
SetComputerNameExA
SetThreadPriorityBoost
LocalLock
GetDefaultCommConfigW

crtdll

swscanf
_CIfmod
isalnum
atan
printf
puts
_getdiskfree
_spawnle
fgetc
_baseminor_dll
_filbuf
_mbsncmp
_ismbcalpha
scanf
_ismbchira
log10
wcscoll
_mbsupr
_pipe
ungetwc
getc
_strnextc
swprintf
memset
_setsystime
_basemajor_dll
_onexit
_strdup
localtime
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_spawnlpe
_mbsnbcnt
_toupper
wcstoul
__toascii
_mbsncpy
vprintf
_execve
_mbctolower
_heapset
wcscspn
_setmode

imm32

ImmGetCompositionFontA
ImmIsUIMessageW
ImmEnumRegisterWordA
ImmRequestMessageW
ImmRequestMessageA
ImmSetHotKey
ImmEscapeA
ImmGetContext
ImmSetCompositionFontA
ImmActivateLayout
ImmReSizeIMCC
ImmGetIMCCSize
ImmUnlockImeDpi
ImmEnumRegisterWordW
ImmIMPGetIMEW
ImmGetImeMenuItemsA
ImmDestroySoftKeyboard
ImmWINNLSGetIMEHotkey
ImmGetIMEFileNameA
ImmIMPQueryIMEW
ImmGetCandidateListCountW
ImmGetCandidateListCountA
ImmGetProperty
ImmEnumInputContext
ImmGetRegisterWordStyleW
ImmConfigureIMEA
ImmGetHotKey
ImmGetConversionStatus
ImmLockIMC
ImmSetCompositionFontW
ImmDisableIME
ImmRegisterClient

cmutil

CmConvertRelativePathW
?Clear@CmLogFile@@QAEXH@Z
?Init@CRandom@@QAEXK@Z
?GetHInst@CIniA@@QBEPAUHINSTANCE__@@XZ
?GPPI@CIniW@@QBEKPBG0K@Z
?Clear@CIniA@@QAEXXZ
GetOSVersion
?SetHInst@CIniW@@QAEXPAUHINSTANCE__@@@Z
?SetEntryFromIdx@CIniA@@QAEXK@Z
??1CIniA@@QAE@XZ
??0CRandom@@QAE@I@Z
?SetRegPath@CIniA@@QAEXPBD@Z
?CIni_SetFile@CIniW@@KGXPAPAGPBG@Z
?GPPS@CIniA@@QBEPADPBD00@Z
?SetWriteICSData@CIniA@@QAEXH@Z
??0CIniW@@QAE@PAUHINSTANCE__@@PBG111@Z
?SetWriteICSData@CIniW@@QAEXH@Z
?Banner@CmLogFile@@QAEXXZ
CmFmtMsgW
CmBuildFullPathFromRelativeW
?GetPrimaryRegPath@CIniA@@QBEPBDXZ
?GetPrimaryRegPath@CIniW@@QBEPBGXZ
??1CmLogFile@@QAE@XZ
?GetHInst@CIniW@@QBEPAUHINSTANCE__@@XZ
SzToWz
CmLoadIconA
?GetSection@CIniW@@QBEPBGXZ
?SetPrimaryRegPath@CIniA@@QAEXPBD@Z
CmEndOfStrW
?GPPB@CIniA@@QBEHPBD0H@Z
CmStrtokW
?Write@CmLogFile@@AAEJPAG@Z
GetOSMajorVersion
ReleaseBold
CmBuildFullPathFromRelativeA
MakeBold
CmStripPathAndExtW
?DeInit@CmLogFile@@QAEJXZ
CmStrchrA
?GetFile@CIniW@@QBEPBGXZ
CmStrchrW
?WPPS@CIniA@@QAEXPBD00@Z
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBD@Z
?SetParams@CmLogFile@@QAEJHKPBD@Z
?Start@CmLogFile@@QAEJH@Z

w32topl

ToplScheduleExportReadonly
ToplGetSpanningTreeEdgesForVtx
ToplEdgeGetFromVertex
ToplIterGetObject
ToplEdgeSetToVertex
ToplListAddElem
ToplVertexNumberOfInEdges
ToplListSetIter
ToplListCreate
ToplScheduleCacheCreate
ToplVertexSetParent
ToplSetAllocator
ToplGraphNumberOfVertices
ToplSTHeapAdd
ToplVertexCreate
ToplEdgeCreate
ToplVertexGetParent
ToplIterFree
ToplHeapIsElementOf
ToplEdgeGetToVertex
ToplGraphSetVertexIter
ToplVertexGetOutEdge
ToplIsToplException
ToplGraphDestroy
ToplListNumberOfElements
ToplHeapIsEmpty
ToplScheduleCreate
ToplVertexSetId

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41788433620945ac1ea20982d70533d4

Headers

File Characteristics

Imports

ntdll

opengl32

kernel32

crtdll

imm32

cmutil

w32topl

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 512B - Virtual size: 532KB

.rsrc Size: 185KB - Virtual size: 185KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 512B - Virtual size: 532KB

.rsrc
Size: 185KB - Virtual size: 185KB

.reloc
Size: 1024B - Virtual size: 1024B