6efd885cd3a7d2c9c90403f40b0d8ba8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6efd885cd3a7d2c9c90403f40b0d8ba8_JaffaCakes118
Size

872KB
MD5

6efd885cd3a7d2c9c90403f40b0d8ba8
SHA1

a4fb5dbbc57858cb954c84de97adb09f85319b1a
SHA256

6277e0ec2eaf8428171c4d7604352fe8f8ac272d619792bed18d688dc6428a1d
SHA512

76effefff283265f7e0f78f813ab5a512c3986b7629e01c0afd0e84f7c3e4dacb98e335d17d80e2d3462e597b8f79574c3cd0089dc4cd864ba26ca5e79e164c8
SSDEEP

24576:BOLZoevmqeEVVDVnZQ8cUQrTYyjAauNuMd3dt0aOhlj/S5rxd:heeqe2VxZDQrJYNuWb0aO/j/6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6efd885cd3a7d2c9c90403f40b0d8ba8_JaffaCakes118

Files

6efd885cd3a7d2c9c90403f40b0d8ba8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e7839c88baa04c4949cf140a3c47e369

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ifsutil

?GetNext@TLINK@@QAEPAXPAX@Z
?Initialize@TLINK@@QAEEG@Z
?Set@BIG_INT@@QAEXEPBE@Z
?IsATformat@DP_DRIVE@@QBEEXZ
?ComputeVolId@SUPERAREA@@SGKK@Z
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@E@Z
?ChkDsk@VOL_LIODPDRV@@QAEEW4FIX_LEVEL@@PAVMESSAGE@@KKGPAKPBVWSTRING@@@Z
?ForceAutochk@VOL_LIODPDRV@@QAEEEKKGPBVWSTRING@@@Z
?CloseDriveHandle@DP_DRIVE@@QAEXXZ
?GetCannedSecurityDescriptor@CANNED_SECURITY@@QAEPAXW4_CANNED_SECURITY_TYPE@@PAK@Z
?RemoveAll@NUMBER_SET@@QAEEXZ
?QueryAutochkTimeOut@VOL_LIODPDRV@@SGEPAK@Z
?GetSortedNext@TLINK@@QAEPAXPAX@Z
?GetNextDataSlot@TLINK@@QAEAAVBIG_INT@@XZ
?AddEntry@AUTOREG@@SGEPBVWSTRING@@@Z
?QueryDriveName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?QueryDisjointRangeAndAssignBuffer@TLINK@@QAEPAXPAVBIG_INT@@PAG1PAXK2@Z
??1LOG_IO_DP_DRIVE@@UAE@XZ
?QueryMemberCount@TLINK@@QBEGXZ
??1MOUNT_POINT_MAP@@UAE@XZ
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0PAVNUMBER_SET@@@Z
?SetSystemId@LOG_IO_DP_DRIVE@@QAEEE@Z
?SetVolumeLabelAndPrintFormatReport@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?Add@NUMBER_SET@@QAEEPBV1@@Z
?QueryNtfsTime@IFS_SYSTEM@@SGXPAT_LARGE_INTEGER@@@Z
?QueryCompressedInteger@BIG_INT@@QBEXPAE0@Z
?GetSortedFirst@TLINK@@QAEPAXXZ
?QueryPageSize@IFS_SYSTEM@@SGKXZ
?Initialize@SUPERAREA@@IAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KPAVMESSAGE@@@Z
?GetMessageW@SUPERAREA@@QAEPAVMESSAGE@@XZ
?CheckValidSecurityDescriptor@IFS_SYSTEM@@SGEKPAU_SECURITY_DESCRIPTOR@@@Z
?QueryDisjointRange@NUMBER_SET@@QBEXKPAVBIG_INT@@0@Z
??0SECRUN@@QAE@XZ
??0DIGRAPH_EDGE@@QAE@XZ
?GetDrive@SUPERAREA@@QAEPAVIO_DP_DRIVE@@XZ
?QuerySectorSize@DP_DRIVE@@UBEKXZ
?GetBuffer@TLINK@@QAEPAXPAX@Z
?QueryParentsWithChildren@DIGRAPH@@QBEEPAVNUMBER_SET@@K@Z
?QueryNtfsVersion@IFS_SYSTEM@@SGEPAE0PAVLOG_IO_DP_DRIVE@@PAX@Z
?IsArcSystemPartition@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0@Z
?Pop@INTSTACK@@QAEXK@Z
?QuerySectors@DP_DRIVE@@UBE?AVBIG_INT@@XZ
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@@Z
?Initialize@NUMBER_SET@@QAEEXZ

certcli

CACertTypeQuery
CAFindCertTypeByName
CAGetCertTypeFlagsEx
CACloseCertType
CASetCertTypeFlags
CAAccessCheck
CACertTypeAccessCheckEx
CASetCertTypeFlagsEx
GetProxyDllInfo
CAGetCASecurity
CASetCertTypeExpiration
CAEnumNextCertType
CAGetCAExpiration
CAOIDSetProperty
CAGetCertTypeExpiration
CAFreeCAProperty
CASetCAProperty
CACreateAutoEnrollmentObjectEx
CAOIDDelete
CAGetCertTypeExtensionsEx
CAEnumCertTypesForCAEx
CAGetCertTypeExtensions
CAGetCertTypeKeySpec
CASetCertTypeExtension
CACertTypeGetSecurity
DllInstall
CAGetCACertificate
CAGetCertTypeProperty
CADeleteLocalAutoEnrollmentObject
CAFreeCertTypeExtensions
CACreateCertType
CAOIDCreateNew
CASetCAExpiration
DllGetClassObject
CAIsCertTypeCurrent
CAOIDGetLdapURL
CAOIDFreeLdapURL
CADeleteCA
CASetCertTypeProperty
CADeleteCertType

msvcrt40

_wspawnv
?adjustfield@ios@@2JB
_mbsdup
??6ostream@@QAEAAV0@N@Z
??_Eistream@@UAEPAXI@Z
_chdrive
_mbsicmp
_setsystime
fwprintf
??0filebuf@@QAE@ABV0@@Z
strncat
??_7bad_cast@@6B@
_mbsnbset
_tzset
_mbsinc
??_7strstreambuf@@6B@
??1strstreambuf@@UAE@XZ
??_Eios@@UAEPAXI@Z
strstr
_strnicmp
?flags@ios@@QBEJXZ
strncmp
??5istream@@QAEAAV0@AAN@Z
ftell
??1type_info@@UAE@XZ
??0fstream@@QAE@ABV0@@Z
perror
fseek
fmod
_utime
??0ostrstream@@QAE@PADHH@Z
??_7ofstream@@6B@
_inpw
?is_open@ifstream@@QBEHXZ
_mbctokata
__p__winmajor
??4iostream@@IAEAAV0@AAV0@@Z

cryptui

CryptUIGetCertificatePropertiesPagesW
CryptUIWizBuildCTL
CryptUIGetCertificatePropertiesPagesA
CryptUIDlgCertMgr
CryptUIDlgViewCRLW
CryptUIDlgViewContext
LocalEnroll
CryptUIWizQueryCertRequestNoDS
CryptUIWizCreateCertRequestNoDS
EnrollmentCOMObjectFactory_getInstance
CryptUIWizExport
CryptUIDlgViewCTLW
CryptUIGetViewSignaturesPagesA
CryptUIDlgSelectCertificateW
LocalEnrollNoDS
CryptUIDlgViewCTLA
CryptUIWizCertRequest
CryptUIDlgSelectCertificateFromStore
RetrievePKCS7FromCA
CryptUIDlgViewCertificateW
CryptUIWizFreeDigitalSignContext
CryptUIFreeCertificatePropertiesPagesA
CryptUIFreeCertificatePropertiesPagesW
ACUIProviderInvokeUI
CryptUIDlgViewCertificatePropertiesA
CryptUIDlgSelectCA
CryptUIWizDigitalSign
CryptUIFreeViewSignaturesPagesW
CryptUIDlgViewSignerInfoA
CryptUIDlgViewSignerInfoW
CryptUIWizSubmitCertRequestNoDS
CryptUIDlgViewCRLA

kernel32

TlsAlloc
GetTimeFormatA
GetConsoleAliasA
SetTimerQueueTimer
SuspendThread
VerifyConsoleIoHandle
LoadLibraryA
HeapSize
WriteConsoleInputVDMA
GetDiskFreeSpaceExW
UnmapViewOfFile
GetProfileStringA
GetUserDefaultLCID
GetAtomNameA
WaitForSingleObjectEx
AddAtomW
InitializeCriticalSection
AddConsoleAliasA
ExpungeConsoleCommandHistoryW
ConvertFiberToThread
GlobalFindAtomA
UTUnRegister
FillConsoleOutputCharacterW
GetUserDefaultUILanguage
SetThreadAffinityMask
lstrcpyW
VirtualAllocEx
RegisterWaitForSingleObjectEx
VirtualAlloc
IsValidCodePage
GetPrivateProfileSectionNamesA
CreateMailslotW
QueryPerformanceCounter
GetThreadSelectorEntry
CreateActCtxA
GetProfileSectionA
SetCommState
VirtualUnlock
GetConsoleAliasExesLengthA
EnumTimeFormatsW
EndUpdateResourceA
Module32First
ReadProcessMemory

gdi32

SetDIBitsToDevice
GetCharWidth32A
XLATEOBJ_hGetColorTransform
GdiSetAttrs
GetCharacterPlacementW
GetObjectW
GdiResetDCEMF
SetVirtualResolution
GetOutlineTextMetricsW
GetGlyphIndicesA
GdiGetDC
RemoveFontResourceExA
CreateCompatibleBitmap
EngQueryEMFInfo
DdEntry24
BitBlt
CreateBitmap
ExtEscape
GdiGetCodePage
ResetDCW
SetStretchBltMode
SetMetaFileBitsEx
GetKerningPairsA
GdiStartPageEMF
DdEntry35

ntdll

RtlEqualLuid
ZwSetTimerResolution
RtlConvertToAutoInheritSecurityObject
ZwUnmapViewOfSection
ZwSetTimer
sscanf
NtSetValueKey
LdrGetProcedureAddress
RtlSelfRelativeToAbsoluteSD2
NtQuerySystemEnvironmentValue
RtlFormatMessage
ZwModifyBootEntry
RtlFillMemoryUlong
wcstombs
ZwUnloadDriver
RtlIpv4StringToAddressA
RtlDosSearchPath_Ustr
NtAccessCheckByType
_wcsupr
NtWaitHighEventPair
NtRaiseException
ZwAllocateLocallyUniqueId
ZwQueryFullAttributesFile
NtStartProfile
RtlDestroyProcessParameters
NtPrivilegedServiceAuditAlarm
RtlGetControlSecurityDescriptor
ZwAllocateVirtualMemory
ZwCreateEvent
isxdigit

Sections

.text
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 436KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7839c88baa04c4949cf140a3c47e369

Headers

DLL Characteristics

File Characteristics

Imports

ifsutil

certcli

msvcrt40

cryptui

kernel32

gdi32

ntdll

Sections

.text Size: 224KB - Virtual size: 224KB

.rdata Size: 206KB - Virtual size: 206KB

.data Size: 436KB - Virtual size: 1.9MB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 224KB - Virtual size: 224KB

.rdata
Size: 206KB - Virtual size: 206KB

.data
Size: 436KB - Virtual size: 1.9MB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B