75157c8ac87a38c5253d0e62ca8c47d8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

75157c8ac87a38c5253d0e62ca8c47d8_JaffaCakes118
Size

378KB
MD5

75157c8ac87a38c5253d0e62ca8c47d8
SHA1

6781ac9f6926e4c30ca2c8eb07d421bb7830bfc2
SHA256

2c7c5c952c34474f119b93bb4f8268866219dcbf440a64936e545c472c298079
SHA512

300424d09e10fae2bda3decb8bf9a5f7e6c96a8c3312bca1db9bf1cfdd3eb190d33799e124521676e9f30205006450860cfed84ca430609635e1d7ca9c0f1b67
SSDEEP

6144:xqdKIBSG5Zv1Lad/+LySSRdzwpxROwyKkEisE+3WkffAn1MUvAdL3d1NxgUOpljT:xIKIUEcZnSbROJKkUWkc7vAdL3bsp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75157c8ac87a38c5253d0e62ca8c47d8_JaffaCakes118

Files

75157c8ac87a38c5253d0e62ca8c47d8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

db5aee1a5afc7312203f3e6689e06d0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

atmlib

ATMGetOutlineW
ATMEnumFontsW
ATMAddFontA
ATMGetFontInfoA
ATMXYShowTextW
ATMGetFontPathsW
ATMInstallSubstFontW
ATMFontSelected
ATMGetBuildStr
ATMBeginFontChange
ATMGetFontBBox
ATMGetPostScriptName
ATMFontStatus
ATMMakePSSA
ATMXYShowText
ATMGetPostScriptNameW
ATMRemoveSubstFontW
ATMForceFontChange
ATMFontAvailableW
ATMAddFontExA
ATMAddFontW
ATMInstallSubstFontA
ATMRemoveFont
ATMEnumMMFontsW
ATMAddFont
ATMFontStatusA
ATMEnumMMFonts
ATMAddFontExW
ATMGetFontInfo
ATMGetOutline
ATMGetGlyphListA
ATMEnumMMFontsA
ATMGetOutlineA
ATMGetGlyphList
ATMEndFontChange
ATMGetNtmFieldsW
ATMSelectObject
ATMFontAvailableA
ATMGetGlyphListW
ATMBBoxBaseXYShowText

kernel32

GetSystemDefaultLangID
GetSystemWindowsDirectoryW
GetVolumePathNameW
lstrcpyn
CreateFileW
VerLanguageNameA
GetACP
WTSGetActiveConsoleSessionId
GetCPInfoExA
QueryDosDeviceA
LZSeek
HeapReAlloc
GetVolumePathNamesForVolumeNameW
GetPrivateProfileSectionA
SetTimerQueueTimer
BeginUpdateResourceA
EnumResourceLanguagesW
TlsSetValue
GetExitCodeThread
FreeConsole
GetProcAddress
QueryDosDeviceW
GetTickCount
TerminateThread
GetProcessShutdownParameters
SetPriorityClass
GetProcessHeap
LoadLibraryA
WriteTapemark
IsBadHugeWritePtr
SetConsoleInputExeNameW
FindAtomA
ExpungeConsoleCommandHistoryW
InvalidateConsoleDIBits
SwitchToFiber
Heap32ListNext
ConvertDefaultLocale
BaseCleanupAppcompatCacheSupport
GetSystemWindowsDirectoryA
CreateWaitableTimerW
QueryMemoryResourceNotification
HeapWalk
GetComputerNameExW
CreateThread
GetUserDefaultLangID
GlobalAddAtomA
IsValidCodePage
GetConsoleInputExeNameA
GetComputerNameW
GetCommMask
SetFileTime
GetDefaultCommConfigW
GetConsoleAliasA
GlobalHandle
ReadFileEx
SetFileAttributesW
VirtualAlloc
LocalSize
GetAtomNameW
ResumeThread
GetTempPathW
GetCommConfig
SetFileAttributesA
SetMessageWaitingIndicator
SetCommConfig
BaseDumpAppcompatCache
TlsFree
TlsAlloc
CompareFileTime
SetupComm
GlobalCompact
VerifyConsoleIoHandle
InterlockedExchange
WriteProfileStringA
LocalAlloc
GetFileAttributesExW
SetComPlusPackageInstallStatus
CreateConsoleScreenBuffer
GetThreadPriorityBoost
GetGeoInfoW
SetCommMask
GetSystemTimeAsFileTime
AddAtomW
SetConsoleCursorPosition
IsValidLanguageGroup
CompareStringA
RemoveDirectoryA
GetConsoleFontSize
CreateMailslotW
SetSystemTime

msdart

?GetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGNXZ
?TryWriteLock@CReaderWriterLock@@QAE_NXZ
MpHeapDestroy
?_H0@CLKRLinearHashTable@@CGKKK@Z
?sm_dblDfltSpinAdjFctr@CFakeLock@@1NA
?sm_wDefaultSpinCount@CSmallSpinLock@@1GA
?_IsLocked@CSpinLock@@ABE_NXZ
MPCSInitialize
?ConvertSharedToExclusive@CReaderWriterLock3@@QAEXXZ
?IsReadUnlocked@CFakeLock@@QBE_NXZ
?TryReadLock@CReaderWriterLock@@QAE_NXZ
?_Expand@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?IsMillnm@CMdVersionInfo@@SAHXZ
?WriteUnlock@CSpinLock@@QAEXXZ
?sm_wDefaultSpinCount@CReaderWriterLock@@1GA
?IsWriteUnlocked@CCritSec@@QBE_NXZ
?Apply@CLKRHashTable@@QAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@@Z
?CheckTable@CLKRHashTable@@QBEHXZ
?_WriteLockSpin@CReaderWriterLock3@@AAEXXZ
?_ReadLockSpin@CReaderWriterLock@@AAEXXZ
?sm_wDefaultSpinCount@CCritSec@@1GA
MpHeapAlloc
MpHeapFree
?ReadLock@CCritSec@@QAEXXZ
?IsReadLocked@CSmallSpinLock@@QBE_NXZ
?RemoveTail@CDoubleList@@QAEQAVCListEntry@@XZ
?_AddRefRecord@CLKRLinearHashTable@@ABEXPBXH@Z
??1CSingleList@@QAE@XZ
?Lock@CLockedSingleList@@QAEXXZ
?_WriteLockSpin@CReaderWriterLock2@@AAEXXZ
??0CCritSec@@QAE@XZ
?ReadLock@CReaderWriterLock3@@QAEXXZ
?HeadNode@CDoubleList@@QBEQBVCListEntry@@XZ
?sm_wDefaultSpinCount@CSpinLock@@1GA
?WriteLock@CFakeLock@@QAEXXZ
?SetDefaultSpinCount@CReaderWriterLock2@@SGXG@Z
?TryReadLock@CFakeLock@@QAE_NXZ
?ReadUnlock@CCritSec@@QAEXXZ
?_InsertThisIntoGlobalList@CLKRLinearHashTable@@AAEXXZ
?IsWriteLocked@CLKRLinearHashTable@@QBE_NXZ
??4CFakeLock@@QAEAAV0@ABV0@@Z
?DeleteIf@CLKRHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1@Z
?_InsertThisIntoGlobalList@CLKRHashTable@@AAEXXZ
?ReadOrWriteLock@CReaderWriterLock3@@QAE_NXZ
?ConvertExclusiveToShared@CReaderWriterLock3@@QAEXXZ

certcli

CACountCertTypes
CASetCertTypePropertyEx
CADeleteLocalAutoEnrollmentObject
CAEnumNextCertType
CAGetCAExpiration
CAGetCAProperty
CASetCertTypeFlagsEx
CARemoveCACertificateType
CASetCAExpiration
CAOIDGetLdapURL
CAOIDAdd
CAFindByIssuerDN
CAFreeCAProperty
CAInstallDefaultCertType
CADeleteCA
CACertTypeRegisterQuery
CAGetCertTypeExtensions
CAEnumCertTypesEx
CASetCertTypeKeySpec
CACreateLocalAutoEnrollmentObject
CAFreeCertTypeProperty
CASetCertTypeProperty
CAGetCAFlags
CACertTypeAccessCheckEx
CAFreeCertTypeExtensions
CAGetCASecurity
CADeleteCertType
CASetCASecurity
CAGetCertTypeFlags
GetProxyDllInfo
CAUpdateCA
CAAccessCheckEx
CACertTypeGetSecurity
CACertTypeSetSecurity
CACreateAutoEnrollmentObjectEx
CAGetCACertificate
CAEnumCertTypesForCA
CAGetCertTypeExpiration
CACreateNewCA
CASetCAFlags

ntdll

ZwCompressKey
_itow
RtlDeactivateActivationContext
NtCreatePort
ZwSetHighEventPair
ZwResumeThread
PfxFindPrefix
RtlEqualSid
RtlDeleteResource
ZwAllocateUserPhysicalPages
NtSetSecurityObject
LdrVerifyImageMatchesChecksum
RtlNewSecurityGrantedAccess
RtlIpv6AddressToStringA
ZwSystemDebugControl
ZwSetValueKey
_fltused
RtlQueryRegistryValues
RtlImageNtHeader
NtRegisterThreadTerminatePort
ZwCreateProcess
RtlGetFrame
RtlEnumerateGenericTableWithoutSplaying
ZwQueryMultipleValueKey
ZwClearEvent
tolower
NtAllocateUserPhysicalPages
DbgPrintEx
RtlCreateTimerQueue
RtlPinAtomInAtomTable
NtFlushKey
NtListenPort
RtlLeaveCriticalSection
RtlValidSid

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 513KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db5aee1a5afc7312203f3e6689e06d0c

Headers

DLL Characteristics

File Characteristics

Imports

atmlib

kernel32

msdart

certcli

ntdll

Sections

.text Size: 134KB - Virtual size: 134KB

.rdata Size: 132KB - Virtual size: 132KB

.data Size: 94KB - Virtual size: 513KB

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 134KB - Virtual size: 134KB

.rdata
Size: 132KB - Virtual size: 132KB

.data
Size: 94KB - Virtual size: 513KB

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 1024B - Virtual size: 1024B