6effcccbd6d8e87dcc9167a11617dd49_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6effcccbd6d8e87dcc9167a11617dd49_JaffaCakes118
Size

136KB
MD5

6effcccbd6d8e87dcc9167a11617dd49
SHA1

9bcd8cbf4fe34b23b6df3350dea49dc418ac76a1
SHA256

e996ee5794092cdace6651584d90780335945b10613fde90895508b79b37a21f
SHA512

057489fa7864e52dfb7de5b5dab6a44004d6fd08d4bc2f01c1a7602f19168126edb480bdee0599128238e5e3f6811a3d87c19024efd37f5fd6ea4a28aad5cbe8
SSDEEP

3072:pNYxVl/fCerspVNUQbnsW6//03fy11Hl7EoHtCf5g+GX:p6RCeIpZZ634yDH1EI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6effcccbd6d8e87dcc9167a11617dd49_JaffaCakes118

Files

6effcccbd6d8e87dcc9167a11617dd49_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1fc429aeba4d1b1a025db436d0cf6d39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemPowerStatus
QueryDosDeviceW
GetStartupInfoA
FreeLibraryAndExitThread
RegisterWaitForInputIdle
GetCurrentThread
FindFirstFileA
WriteConsoleW
InterlockedPushEntrySList
LoadLibraryExW
GetSystemDirectoryW
GetConsoleKeyboardLayoutNameA
VerifyVersionInfoA
GetTapePosition
GetEnvironmentStringsW
SetLocaleInfoA
GetSystemWindowsDirectoryW
GetSystemTime
SuspendThread
VirtualAlloc
ReadConsoleW
SystemTimeToFileTime
LoadLibraryA
GetCurrentConsoleFont
CancelIo
HeapUnlock
WriteConsoleInputA
GetDefaultCommConfigA
GetConsoleCommandHistoryLengthW
GetProfileStringW
CreateMutexW
UnlockFile
GetThreadSelectorEntry
FindNextFileW
LZCloseFile
BaseDumpAppcompatCache
GlobalAlloc
EnumerateLocalComputerNamesW
InterlockedFlushSList
CreateDirectoryExW
WriteProfileSectionA
Process32NextW
HeapCompact

dhcpcsvc

DhcpOpenGlobalEvent
DhcpReleaseParameters
DhcpHandlePnPEvent
DhcpNotifyConfigChange
McastGenUID
DhcpRequestParams
McastReleaseAddress
DhcpDeRegisterOptions
McastApiCleanup
DhcpEnumClasses
DhcpStaticRefreshParams
DhcpReleaseIpAddressLease
DhcpPersistentRequestParams
DhcpCApiInitialize
DhcpAcquireParameters
DhcpRenewIpAddressLeaseEx
DhcpRegisterParamChange
McastRenewAddress
DhcpLeaseIpAddress
DhcpNotifyConfigChangeEx
McastApiStartup

ntdll

NtFlushKey
RtlCreateUserSecurityObject
RtlCreateSecurityDescriptor
RtlGetNtProductType
LdrQueryImageFileExecutionOptions
ZwRemoveProcessDebug
NtDeleteObjectAuditAlarm
RtlAppendStringToString
iswdigit
RtlAppendPathElement
RtlCaptureContext
NtTestAlert
RtlGetFullPathName_U
ZwQueryInstallUILanguage
ZwCancelIoFile
PfxInitialize
ZwQueryEvent
ZwQueueApcThread
vDbgPrintExWithPrefix
NtShutdownSystem
NtSignalAndWaitForSingleObject
RtlEmptyAtomTable
RtlTryEnterCriticalSection
RtlAddAuditAccessAce
RtlUpperString
NtAccessCheckByType
RtlGetSaclSecurityDescriptor
RtlTraceDatabaseDestroy
ZwSetInformationJobObject
RtlCompareUnicodeString
NtRaiseException
ZwQueryVolumeInformationFile
RtlRealPredecessor
RtlAddAttributeActionToRXact
RtlFindCharInUnicodeString
RtlFreeHandle
NtImpersonateAnonymousToken
DbgUiStopDebugging
ZwQueryIntervalProfile
RtlAddAccessAllowedAce

untfs

?SetVolumeFlag@NTFS_SA@@QAEEGPAE@Z
?ComputeFileNameSignature@NTFS_MFT_INFO@@CGXKPAU_FILE_NAME@@QAE@Z
Extend
?Initialize@NTFS_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@VBIG_INT@@2@Z
??1NTFS_BITMAP@@UAE@XZ
?IsDosName@NTFS_SA@@SGEPBU_FILE_NAME@@@Z
?IsAttributePresent@NTFS_FILE_RECORD_SEGMENT@@QAEEKPBVWSTRING@@E@Z
??0NTFS_LOG_FILE@@QAE@XZ
??0NTFS_INDEX_TREE@@QAE@XZ
?ReadList@NTFS_ATTRIBUTE_LIST@@QAEEXZ
?ResetIterator@NTFS_INDEX_TREE@@QAEXXZ
?Relocate@NTFS_CLUSTER_RUN@@QAEXVBIG_INT@@@Z
?GetNextAttributeRecord@NTFS_FRS_STRUCTURE@@QAEPAXPBXPAVMESSAGE@@PAE@Z
??0NTFS_ATTRIBUTE_LIST@@QAE@XZ
??0NTFS_BOOT_FILE@@QAE@XZ

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fc429aeba4d1b1a025db436d0cf6d39

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

dhcpcsvc

ntdll

untfs

Sections

.text Size: 37KB - Virtual size: 36KB

Size: 42KB - Virtual size: 42KB

.data Size: 52KB - Virtual size: 190KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 392B

.text
Size: 37KB - Virtual size: 36KB

.data
Size: 52KB - Virtual size: 190KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 392B