8423b78d57920f18b1b55e9f30e53fbb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8423b78d57920f18b1b55e9f30e53fbb_JaffaCakes118
Size

823KB
MD5

8423b78d57920f18b1b55e9f30e53fbb
SHA1

6ddaae945cbc3251b0bcfe24ef57cc6a5d15e65d
SHA256

44502eb800725ab168199dcf22f347dd9e3209bcdba3b9fd3184a683a02bbfb8
SHA512

a27483f2b0d4a91549144f6ed9c124ad1296a17f1968017064554b6ee8ab51518947b2b12b6868e6bdf1b268da4d55f0e2c1be0ef871c915bcaac203010ade49
SSDEEP

12288:IiaWxzGuy2FOyQVMB38oWTRhHzor5fiz9WPRnLGPXezpLedu2+gT/Dj1n5crwV:4WVy2FyM3p0jor56z4Lzp4hDT/Df

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8423b78d57920f18b1b55e9f30e53fbb_JaffaCakes118

Files

8423b78d57920f18b1b55e9f30e53fbb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

612865e7b7addb7416be63fbf0467c3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertGetCTLContextProperty
CertDuplicateCertificateContext
CertSerializeCRLStoreElement
CertFreeCertificateContext
CryptGetKeyIdentifierProperty
CertFindRDNAttr
I_CryptInstallAsn1Module
CryptGetDefaultOIDFunctionAddress
CertVerifySubjectCertificateContext
CryptSignAndEncodeCertificate
CryptMsgControl
CryptEncodeObject
CryptEncryptMessage
I_CryptCreateLruCache
CertDuplicateStore
CryptVerifyDetachedMessageHash
PFXExportCertStore
CryptMemRealloc
CertCloseStore
CryptAcquireCertificatePrivateKey
CertOIDToAlgId
CertAlgIdToOID
CryptMsgUpdate
CryptExportPKCS8
CertVerifyCRLRevocation
CryptQueryObject
CryptSignHashU

ntmarta

AccTreeResetNamedSecurityInfo
AccLookupAccountSid
AccProvGetAllRights
AccRewriteSetEntriesInAcl
EventGuidToName
AccProvHandleIsObjectAccessible
AccProvHandleGetAllRights
AccRewriteSetNamedRights
AccConvertAccessMaskToActrlAccess
AccSetEntriesInAList
AccRewriteGetHandleRights
AccProvHandleRevokeAuditRights
AccConvertSDToAccess
AccProvHandleGetTrusteesAccess
AccRewriteGetExplicitEntriesFromAcl
AccProvRevokeAuditRights
AccGetInheritanceSource
AccGetAccessForTrustee
AccProvCancelOperation
AccProvHandleRevokeAccessRights
AccProvGetCapabilities
AccConvertAccessToSecurityDescriptor
AccRewriteSetHandleRights
AccProvHandleSetAccessRights
AccConvertAclToAccess
AccRewriteGetNamedRights
AccFreeIndexArray
AccProvHandleIsAccessAudited
AccProvSetAccessRights
AccProvRevokeAccessRights
AccProvGetAccessInfoPerObjectType
AccProvGetOperationResults
AccProvGrantAccessRights
AccConvertAccessToSD
AccProvIsObjectAccessible
AccLookupAccountTrustee
AccProvIsAccessAudited
AccGetExplicitEntries
AccLookupAccountName

ufat

?QueryEaSetClusterNumber@EA_HEADER@@QBEGG@Z
Recover
??0EA_SET@@QAE@XZ
?IsValidCreationTime@FAT_DIRENT@@QBEEXZ
?QueryLongName@FATDIR@@QAEEJPAVWSTRING@@@Z
?FreeChain@FAT@@QAEXK@Z
??0FAT_SA@@QAE@XZ
??1REAL_FAT_SA@@UAE@XZ
?QueryCensusAndRelocate@FAT_SA@@QAEEPAU_CENSUS_REPORT@@PAVINTSTACK@@PAE@Z
?QueryLengthOfChain@FAT@@QBEKKPAK@Z
??0CLUSTER_CHAIN@@QAE@XZ
?Initialize@EA_HEADER@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?QueryNthCluster@FAT@@QBEKKK@Z
?AllocChain@FAT@@QAEKKPAK@Z
?QueryFreeSectors@REAL_FAT_SA@@QBEKXZ
??0EA_HEADER@@QAE@XZ
?Read@CLUSTER_CHAIN@@UAEEXZ
?IsValidLastAccessTime@FAT_DIRENT@@QBEEXZ
??1EA_SET@@UAE@XZ
??1FILEDIR@@UAE@XZ
?Read@REAL_FAT_SA@@UAEEPAVMESSAGE@@@Z
??0REAL_FAT_SA@@QAE@XZ
?QueryFileStartingCluster@FAT_SA@@QAEKPBVWSTRING@@PAVHMEM@@PAPAVFATDIR@@PAEPAVFAT_DIRENT@@@Z
??0FILEDIR@@QAE@XZ
?QueryName@FAT_DIRENT@@QBEEPAVWSTRING@@@Z
??1EA_HEADER@@UAE@XZ

shlwapi

StrRetToBufA
PathIsLFNFileSpecA
PathRemoveBackslashA
StrCmpW
PathSkipRootW
SHCopyKeyA
StrFormatKBSizeA
wvnsprintfW
StrStrIA
PathIsUNCW
SHRegCreateUSKeyA
StrIsIntlEqualA
PathParseIconLocationA
StrTrimA
PathIsPrefixW
UrlCombineA
SHQueryInfoKeyW
StrNCatA
StrToIntA
PathFindOnPathA
UrlIsA
PathGetCharTypeW
PathUndecorateA
StrCSpnIA
PathCompactPathA
UrlCombineW
StrCatBuffW
StrRetToBSTR
SHDeleteOrphanKeyW
UrlIsOpaqueW
PathIsSystemFolderA
PathCommonPrefixA
PathUndecorateW
SHRegisterValidateTemplate
PathCombineW
PathIsUNCA
SHCreateShellPalette
StrStrA
UrlCreateFromPathW
SHDeleteKeyW
UrlGetLocationA
PathIsNetworkPathA
StrSpnA

kernel32

SetLocaleInfoW
GetConsoleCursorInfo
FreeLibraryAndExitThread
FindNextVolumeMountPointA
lstrcpyn
GetSystemTimeAsFileTime
GetFirmwareEnvironmentVariableA
DebugBreakProcess
GetConsoleWindow
GetTapePosition
LoadLibraryA
ConvertDefaultLocale
CreateSemaphoreW
GetEnvironmentVariableW
GetVersionExW
GetVolumePathNameA
SetConsoleFont
GetTempPathW
CreateTimerQueue
ReadConsoleW
GetProfileIntA
ScrollConsoleScreenBufferW
SetupComm
lstrcmpiW
DeleteFiber
DnsHostnameToComputerNameA
GetPrivateProfileStructA
SetSystemTimeAdjustment
GetCurrentProcessId
FlushFileBuffers
SetFirmwareEnvironmentVariableW
IsValidLanguageGroup
TlsFree
SetProcessAffinityMask
CreateDirectoryA
PeekNamedPipe
OpenFileMappingA
WriteConsoleOutputW
SetLocalTime
VirtualAlloc
PostQueuedCompletionStatus
_lcreat
GlobalSize
GetThreadSelectorEntry
WriteConsoleOutputCharacterW
GetBinaryTypeA
ConvertThreadToFiber
BindIoCompletionCallback
SetFilePointer
OpenJobObjectA
SetEnvironmentVariableW
CopyLZFile
RtlZeroMemory
CreateThread
SetComputerNameA
RtlFillMemory
GetModuleHandleW
OpenSemaphoreW
IsBadHugeWritePtr
GetDefaultCommConfigA
_llseek
GetFileSizeEx
GetCommandLineA
GetPrivateProfileSectionNamesA
GetNamedPipeHandleStateW
TlsAlloc
FindFirstVolumeMountPointA
CreateEventA
EnumSystemGeoID
PeekConsoleInputA
IsBadStringPtrW
GetCalendarInfoW
GetModuleHandleExA

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 643KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

612865e7b7addb7416be63fbf0467c3d

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

ntmarta

ufat

shlwapi

kernel32

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 85KB - Virtual size: 85KB

.data Size: 643KB - Virtual size: 2.0MB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 348B

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 643KB - Virtual size: 2.0MB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 348B