69f56cbdeb1729f195fc1f20945475c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

69f56cbdeb1729f195fc1f20945475c9_JaffaCakes118
Size

136KB
MD5

69f56cbdeb1729f195fc1f20945475c9
SHA1

a39d4a6f063c1fb8221ace67d55606057f1e7a59
SHA256

732d8ab68353acdb3865621a4b4b9694ba3bec4354d25a0d9e30e14512ed62ab
SHA512

ed59416ece066b2ff374e2665427592f0dccb4df14dd9f4dfad8eeb35a85a518d1dd122e869ddeaa01ebaac99873a387e94b24356912491b78bc5c59e0a22d66
SSDEEP

3072:W3HMsKm6M2KxOGTi5SYEIj6pqLBGbJRrlk+CAwHDSVqrjgyuvZZ:WdK9kOhShIj6psUtRrlVCTuVsW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69f56cbdeb1729f195fc1f20945475c9_JaffaCakes118

Files

69f56cbdeb1729f195fc1f20945475c9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6976eae4773575d8933acf782f3e7799

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNumaNodeProcessorMask
ClearCommBreak
DosDateTimeToFileTime
WaitForSingleObjectEx
UnhandledExceptionFilter
VirtualAlloc
_lwrite
UnregisterWait
WriteProcessMemory
GetCommState
GetConsoleAliasA
SetVolumeMountPointA
SetLocaleInfoW
FindAtomA
ResetWriteWatch
EscapeCommFunction
GetStartupInfoW
LoadLibraryExA
DeleteVolumeMountPointW
GetAtomNameW
ConnectNamedPipe
FindFirstFileW
FindResourceExW
GetBinaryTypeA
EnumSystemLocalesW
GetNumberOfConsoleInputEvents
EnumSystemLocalesA
GetExpandedNameA
CreateTapePartition
CreateJobObjectW
SetEnvironmentVariableW
GetSystemWow64DirectoryW
GetStringTypeA
GetSystemInfo
SetFirmwareEnvironmentVariableA
SetupComm
GetTickCount
LocalAlloc
GetCurrentDirectoryW
GetLocaleInfoW
LZCreateFileW
HeapCreate
BaseInitAppcompatCacheSupport
GetConsoleCP
SuspendThread
FileTimeToSystemTime
ConvertThreadToFiber
LoadLibraryA
GetProcessTimes

advapi32

GetSecurityDescriptorDacl
RegQueryValueExA
GetSecurityDescriptorOwner
SetEntriesInAuditListW
RegQueryMultipleValuesW
CredReadW
SaferiRecordEventLogEntry
ReportEventW
LookupAccountNameW
BuildImpersonateExplicitAccessWithNameW
LsaOpenPolicySce
SystemFunction032
RegReplaceKeyW
ControlTraceA
EnumServicesStatusExW
SetEntriesInAclA
LsaSetTrustedDomainInfoByName
LsaSetForestTrustInformation
ElfOpenEventLogW
TraceEventInstance
IsTokenUntrusted
GetServiceDisplayNameA
RegRestoreKeyA
LsaRemovePrivilegesFromAccount
LsaGetRemoteUserName
TreeResetNamedSecurityInfoA
SystemFunction027
LsaCreateTrustedDomain
ConvertSecurityDescriptorToAccessA
LsaGetQuotasForAccount
I_ScSendTSMessage
CredWriteW
CredpEncodeCredential
DecryptFileA
RegQueryValueExW
CredEnumerateW
RegSaveKeyExW

netapi32

NetRemoteComputerSupports
NetpIsUncComputerNameValid
NetpGetConfigValue
NetUseDel
NetAuditRead
NetFileClose
NetWkstaUserSetInfo
NetShareAdd
NetMessageNameAdd
NetReplExportDirSetInfo
NetApiBufferReallocate
RxRemoteApi
NetUnjoinDomain
I_BrowserDebugTrace
NetGetJoinInformation
NetScheduleJobEnum
I_NetLogonSamLogon
NetConfigGet
NetpwPathCompare
NetDfsAddStdRoot
NetGetAnyDCName
NetLogonGetTimeServiceParentDomain
NetFileGetInfo
DsGetDcCloseW
DsRoleGetDatabaseFacts
NetReplExportDirGetInfo
I_NetServerTrustPasswordsGet
NetErrorLogWrite
I_NetDfsGetVersion
NetpCleanFtinfoContext
NetDfsGetInfo
NetpMergeFtinfo
NetServiceEnum
NetSetPrimaryComputerName
RxNetAccessEnum

wldap32

ldap_addW
ldap_get_next_page_s
ldap_modify_sA
ldap_parse_referenceW
ldap_set_dbg_flags
ldap_modrdn2W
ldap_create_sort_control
ber_bvdup
ldap_compare_sW
ldap_startup
ldap_escape_filter_elementA
ber_next_element
ldap_memfree
ldap_add_sA
ldap_sslinitA
ldap_value_freeA
ldap_modify_extA
ber_init
ldap_search_extW
ldap_search_init_pageW
ldap_simple_bindW
ldap_check_filterA
ldap_create_page_control
ber_skip_tag
ldap_parse_result
ldap_bind
ldap_result
ldap_open

msvcrt

_execve
wcsncmp
scanf
__CxxLongjmpUnwind
raise
putc
wctomb
longjmp
_cputs
_adj_fdivr_m32
_wcsset
?raw_name@type_info@@QBEPBDXZ
_CItanh
__winitenv
_putenv
_strerror
fputws
__unDNameEx
_acmdln
iswgraph
__threadhandle
??0exception@@QAE@ABV0@@Z
_itow
_ismbclegal
_sleep
_memicmp
_cwprintf
__getmainargs
?set_terminate@@YAP6AXXZP6AXXZ@Z
free
?what@exception@@UBEPBDXZ
_mbsnbicmp
_heapadd
__p___argc
_heapset
__unguarded_readlc_active
acos
??0exception@@QAE@ABQBD@Z

ifsutil

?QueryPageSize@IFS_SYSTEM@@SGKXZ
?DumpHashTable@SPARSE_SET@@QAEXXZ
?QueryNumber@NUMBER_SET@@QBE?AVBIG_INT@@V2@@Z
?GetData@TLINK@@QAEAAVBIG_INT@@PAX@Z
?QueryMemberCount@TLINK@@QBEGXZ
??0CANNED_SECURITY@@QAE@XZ
?GetDrive@SECRUN@@QAEPAVIO_DP_DRIVE@@XZ
?SetVolumeLabelAndPrintFormatReport@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?QueryCanonicalNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?Initialize@READ_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
?Sort@TLINK@@QAEXXZ
?GetData@TLINK@@QAEAAVBIG_INT@@G@Z
?DismountVolume@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?ShellSort@TLINK@@QAEXXZ
?Initialize@SUPERAREA@@IAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KPAVMESSAGE@@@Z
?QueryParentsWithChildren@DIGRAPH@@QBEEPAVNUMBER_SET@@K@Z
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@@Z
?SetSystemId@LOG_IO_DP_DRIVE@@QAEEE@Z
?Look@INTSTACK@@QBE?AVBIG_INT@@K@Z
??1NUMBER_SET@@UAE@XZ
??0DIGRAPH@@QAE@XZ
?CheckAndAdd@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?ComputeVolId@SUPERAREA@@SGKK@Z
?AddEdge@DIGRAPH@@QAEEKK@Z
?IsFileSystemEnabled@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z

cmpbk32

PhoneBookEnumNumbers
PhoneBookGetPhoneCanonicalA
PhoneBookFreeFilter
PhoneBookCopyFilter
PhoneBookParseInfoA
PhoneBookGetPhoneNonCanonicalA
PhoneBookGetCountryNameA
PhoneBookGetCountryNameW
PhoneBookUnload
PhoneBookGetPhoneDUNA
PhoneBookGetPhoneDispA
PhoneBookGetPhoneDescA
PhoneBookEnumNumbersWithRegionsZero
PhoneBookEnumRegions
PhoneBookHasPhoneType
PhoneBookGetPhoneType
PhoneBookGetCountryId
PhoneBookLoad
PhoneBookGetCurrentCountryId
PhoneBookMatchFilter
PhoneBookGetRegionNameA
PhoneBookEnumCountries
PhoneBookMergeChanges

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6976eae4773575d8933acf782f3e7799

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

netapi32

wldap32

msvcrt

ifsutil

cmpbk32

Sections

.text Size: 58KB - Virtual size: 58KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 49KB - Virtual size: 197KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 272B

.text
Size: 58KB - Virtual size: 58KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 49KB - Virtual size: 197KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 272B