77d06fdd560548546a83c36d45c239bb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

77d06fdd560548546a83c36d45c239bb_JaffaCakes118
Size

158KB
MD5

77d06fdd560548546a83c36d45c239bb
SHA1

4fe113a832f3c9587a3af39bc12090334d616ea4
SHA256

45e0386e5bf643a463783212555ff2b97eac33c314721ebfc9f4fb736e392404
SHA512

e185174e4c7df1bd3a929b309cb34e66ecb965322b9e3dfa440db8136f182b5070a38e9145d2b97b84de596a096d44a2cec1ebb501ca5d9126e18187ac2b6166
SSDEEP

3072:4LBBHyV6kk/lRtMlMAYZiAEwVUwOkQ4seSKJZ7bTljRTNe12Z:415yVg/R8YZFEwVUwbYKzhwu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
77d06fdd560548546a83c36d45c239bb_JaffaCakes118

Files

77d06fdd560548546a83c36d45c239bb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a9211a746c7b394face1b1a7f42b8163

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Device_Interface_List_ExW
SetupDiGetDeviceInfoListClass
SetupDiRemoveDeviceInterface
CM_Get_Next_Res_Des_Ex
SetupDefaultQueueCallbackA
CM_Set_HW_Prof_Flags_ExA
SetupDiGetDeviceInfoListDetailA
SetupRemoveFromSourceListW
SetupDiOpenDeviceInfoA
CM_Register_Device_InterfaceW
SetupFreeSourceListW
pSetupStringTableInitializeEx
pSetupOutOfMemory
SetupRemoveInstallSectionFromDiskSpaceListW
SetupDiGetDeviceInstanceIdW
SetupGetBackupInformationW
CM_Free_Log_Conf_Handle
CM_Delete_DevNode_Key
SetupDiGetDeviceInstanceIdA
SetupCloseLog
CM_Unregister_Device_InterfaceA
SetupDiClassNameFromGuidExW
SetupDiEnumDeviceInterfaces
ExtensionPropSheetPageProc
SetupDiOpenDeviceInfoW
SetupTermDefaultQueueCallback
CM_Enable_DevNode
SetupDiOpenClassRegKeyExW
SetupGetFileCompressionInfoA
SetupGetLineByIndexA
CM_Get_Device_ID_List_ExA
CM_Get_HW_Prof_FlagsW
SetupDiDestroyDeviceInfoList

ntdll

RtlInterlockedPopEntrySList
RtlDefaultNpAcl
NtContinue
RtlSetTimer
RtlCreateUnicodeStringFromAsciiz
NtAlertThread
NtNotifyChangeKey
NtSetInformationFile
NtQueryDefaultLocale
RtlGetDaclSecurityDescriptor
ZwCreateSymbolicLinkObject
NtMapViewOfSection
NtDuplicateToken
ZwAccessCheckByTypeAndAuditAlarm
RtlSetDaclSecurityDescriptor
RtlFindSetBits
log
ZwDebugActiveProcess
ZwQuerySymbolicLinkObject
NtCreateKey
RtlNewSecurityObject
NtSetBootEntryOrder
labs
NtMakeTemporaryObject
ZwSetDefaultUILanguage
DbgSetDebugFilterState
RtlSubAuthoritySid
RtlDeleteElementGenericTable
NtSetHighWaitLowEventPair
NtDeleteObjectAuditAlarm
RtlSetAttributesSecurityDescriptor
RtlAddAce
strrchr
NtCreateKeyedEvent
RtlSetSecurityObjectEx
ZwQueryEaFile
RtlAddVectoredExceptionHandler
RtlTimeToElapsedTimeFields
NtSetContextThread
ZwCreateThread
RtlSetGroupSecurityDescriptor
RtlDowncaseUnicodeString
RtlExtendedLargeIntegerDivide
ZwAdjustGroupsToken
RtlpWaitForCriticalSection
RtlSetHeapInformation
isdigit
RtlOpenCurrentUser
wcscspn
ZwSetBootOptions
NtAccessCheck
ZwCreateProcess
NtOpenEventPair
__iscsym
NtWriteVirtualMemory
NtEnumerateValueKey
RtlExitUserThread
RtlEqualString
ZwQueryDefaultUILanguage
CsrCaptureMessageString
DbgPrompt
ZwMapUserPhysicalPagesScatter
ZwUnloadKey
RtlGetNtGlobalFlags
ZwRequestWaitReplyPort
RtlComputeImportTableHash
atol
_i64toa
isprint
RtlInterlockedFlushSList
RtlSetCurrentEnvironment
RtlTraceDatabaseDestroy
RtlAbortRXact
ZwCreateMutant
RtlDeleteNoSplay
ZwReplyWaitReplyPort

msdart

?_Unlock@CSpinLock@@AAEXXZ
?_TryReadLockRecursive@CReaderWriterLock3@@AAE_NXZ
?ConvertSharedToExclusive@CSpinLock@@QAEXXZ
?IsUnlocked@CLockedDoubleList@@QBE_NXZ
?_ReadLockSpin@CReaderWriterLock2@@AAEXXZ
??4CLKRHashTableStats@@QAEAAV0@ABV0@@Z
?sm_llGlobalList@CLKRLinearHashTable@@0VCLockedDoubleList@@A
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock3@@SGNXZ
?ReadLock@CSpinLock@@QAEXXZ
?GetDefaultSpinAdjustmentFactor@CCritSec@@SGNXZ
?ConvertSharedToExclusive@CReaderWriterLock2@@QAEXXZ
?_WriteLockSpin@CReaderWriterLock2@@AAEXXZ
?HeadNode@CLockedDoubleList@@QBEQBVCListEntry@@XZ
?ReadLock@CCritSec@@QAEXXZ
MPInitializeCriticalSectionAndSpinCount
?sm_dblDfltSpinAdjFctr@CFakeLock@@1NA
?IsWin2k@CMdVersionInfo@@SAHXZ
?IsWriteLocked@CSpinLock@@QBE_NXZ
?ReadUnlock@CSpinLock@@QAEXXZ
mpFree
?TryReadLock@CFakeLock@@QAE_NXZ
?SetDefaultSpinCount@CCritSec@@SGXG@Z
?TryWriteLock@CReaderWriterLock@@QAE_NXZ
?sm_pfnTryEnterCriticalSection@CCriticalSection@@0P6GHPAU_RTL_CRITICAL_SECTION@@@ZA
?sm_wDefaultSpinCount@CReaderWriterLock2@@1GA
?IsUsable@CLKRHashTable@@QBE_NXZ
?Lock@CLockedDoubleList@@QAEXXZ
MpHeapValidate
?_ReadOrWriteLock@CLKRLinearHashTable@@ABE_NXZ
?s_aBucketSizes@?1??BucketSizes@CLKRHashTableStats@@SGPBJXZ@4QBJB
?_CalcKeyHash@CLKRLinearHashTable@@ABEKK@Z
?FindRecord@CLKRLinearHashTable@@QBE?AW4LK_RETCODE@@PBX@Z
??4CLockedDoubleList@@QAEAAV0@ABV0@@Z
?InitializeVersionInfo@CMdVersionInfo@@CAHXZ
?GetSpinCount@CReaderWriterLock@@QBEGXZ
?IsWriteLocked@CLKRLinearHashTable@@QBE_NXZ
?CreateHolder@@YGJPAUIGPDispenser@@HIPAPAUIGPHolder@@@Z
?TryReadLock@CReaderWriterLock3@@QAE_NXZ
MpHeapReAlloc
?WriteLock@CSpinLock@@QAEXXZ
?_CurrentThreadId@CReaderWriterLock3@@CGJXZ
??0CLockedDoubleList@@QAE@XZ
mpMalloc
??4CFakeLock@@QAEAAV0@ABV0@@Z

msvcp60

??4?$basic_iostream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
_FCosh
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0bad_alloc@std@@QAE@PBD@Z
?min@?$numeric_limits@N@std@@SANXZ
?epsilon@?$numeric_limits@G@std@@SAGXZ
??4?$numeric_limits@E@std@@QAEAAV01@ABV01@@Z
?grouping@?$numpunct@D@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??9std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
_FDenorm
??1money_base@std@@UAE@XZ
?pow@?$_Ctr@N@std@@SANNN@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHPBGH@Z
?_Getcat@?$collate@G@std@@SAIXZ
?_Getcat@?$moneypunct@D$00@std@@SAIXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
??1?$moneypunct@G$0A@@std@@UAE@XZ
??4?$numeric_limits@I@std@@QAEAAV01@ABV01@@Z
?_Getcat@?$numpunct@G@std@@SAIXZ
?min@?$numeric_limits@K@std@@SAKXZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
?pos_format@?$_Mpunct@D@std@@QBE?AUpattern@money_base@2@XZ
??_F?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4bad_exception@std@@QAEAAV01@ABV01@@Z
?_Addstd@ios_base@std@@IAEXXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
?neg_format@?$_Mpunct@G@std@@QBE?AUpattern@money_base@2@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?id@?$ctype@D@std@@2V0locale@2@A
?hash@?$collate@D@std@@QBEJPBD0@Z

kernel32

SetLocaleInfoW
FlushViewOfFile
TlsSetValue
DeleteCriticalSection
LoadLibraryExW
GetOEMCP
SuspendThread
GetStringTypeW
GetNumberOfConsoleInputEvents
GetModuleHandleExA
ReplaceFile
GetCurrentDirectoryA
OpenEventA
UTUnRegister
GetPrivateProfileSectionA
GetNumberFormatW
AddRefActCtx
SetFileAttributesW
SetVolumeMountPointW
EnumLanguageGroupLocalesW
LocalCompact
EnterCriticalSection
CreateFiberEx
GetConsoleProcessList
GetBinaryType
ReadConsoleOutputCharacterW
GetVersion
VirtualAlloc
SetThreadContext
FreeConsole
LZRead
GetConsoleCursorMode
AddVectoredExceptionHandler
WriteProfileStringA
SearchPathA
SetCriticalSectionSpinCount
ResetWriteWatch
SetUnhandledExceptionFilter
QueryDepthSList
GetCPInfoExW
GetMailslotInfo
_lread
FlushConsoleInputBuffer
SetConsoleInputExeNameA
GetConsoleTitleA
GetSystemWow64DirectoryA
AddAtomW
CreateActCtxW
EnumerateLocalComputerNamesA
SetCommState
GetConsoleNlsMode
GetTempFileNameA
ConsoleMenuControl
GetConsoleCommandHistoryW
CallNamedPipeW
lstrcmpW
LeaveCriticalSection
LoadLibraryA
GetCalendarInfoW
WritePrivateProfileSectionW
SetCommBreak
SetConsoleTitleW
GetShortPathNameA
UnregisterConsoleIME
BeginUpdateResourceW
GlobalFindAtomA
EnumLanguageGroupLocalesA
GetDevicePowerState
WriteTapemark
ScrollConsoleScreenBufferW
GlobalReAlloc

iphlpapi

InternalGetTcpTable
GetIpErrorString
_PfBindInterfaceToIndex@16
NotifyAddrChange
InternalSetIpStats
SetIfEntry
IpReleaseAddress
GetUdpStatistics
IcmpSendEcho2
GetNetworkParams
GetAdapterIndex
SetIpForwardEntry
NhGetGuidFromInterfaceName
GetIfEntry
EnableRouter
GetIpNetTable
UnenableRouter
DeleteIpForwardEntry
GetIpStatistics
GetBestInterface
GetAdapterOrderMap
AllocateAndGetIpAddrTableFromStack
_PfCreateInterface@24
GetTcpTable
InternalSetIpNetEntry
InternalGetIpNetTable

msvcrt40

_wexeclpe
_mbscoll
_ismbbkprint
_ftime
_mbsnicmp
_mbsspnp
_tolower
fopen
_wputenv
strchr
_control87
strcmp
_strcmpi
_cwait
system
_ultow
_mbslwr
_pclose
_clearfp
_safe_fprem
?seekoff@filebuf@@UAEJJW4seek_dir@ios@@H@Z
?opfx@ostream@@QAEHXZ
_ismbcsymbol
_wcreat
??4fstream@@QAEAAV0@AAV0@@Z
?setmode@fstream@@QAEHH@Z
?put@ostream@@QAEAAV1@E@Z

msvcrt

exit

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9211a746c7b394face1b1a7f42b8163

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

ntdll

msdart

msvcp60

kernel32

iphlpapi

msvcrt40

msvcrt

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 55KB - Virtual size: 55KB

.data Size: 56KB - Virtual size: 188KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 55KB - Virtual size: 55KB

.data
Size: 56KB - Virtual size: 188KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB